Mozilla Home
Privacy
Cookies
Legal
Bugzilla
Browse
Advanced Search
New Bug
Reports
Documentation
Log In
Log In with GitHub
or
Remember me
Browse
Advanced Search
New Bug
Reports
Documentation
Attachment 807334 Details for
Bug 917571
[patch]
patch
patch (text/plain), 174.44 KB, created by
Adam Langley
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Adam Langley
Size:
174.44 KB
patch
obsolete
>diff -r b008c4b827be cmd/bltest/blapitest.c >--- a/cmd/bltest/blapitest.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/cmd/bltest/blapitest.c Thu Sep 19 14:30:56 2013 -0400 >@@ -622,20 +622,27 @@ > unsigned int inputLen); > > typedef SECStatus (* bltestPubKeyCipherFn)(void *key, > SECItem *output, > const SECItem *input); > > typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest, > const unsigned char *src, > PRUint32 src_length); > >+typedef SECStatus (* bltestAEADFn)(unsigned char *dest, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *src, size_t srcLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]); >+ > typedef enum { > bltestINVALID = -1, > bltestDES_ECB, /* Symmetric Key Ciphers */ > bltestDES_CBC, /* . */ > bltestDES_EDE_ECB, /* . */ > bltestDES_EDE_CBC, /* . */ > bltestRC2_ECB, /* . */ > bltestRC2_CBC, /* . */ > bltestRC4, /* . */ > #ifdef NSS_SOFTOKEN_DOES_RC5 >@@ -644,20 +651,21 @@ > #endif > bltestAES_ECB, /* . */ > bltestAES_CBC, /* . */ > bltestAES_CTS, /* . */ > bltestAES_CTR, /* . */ > bltestAES_GCM, /* . */ > bltestCAMELLIA_ECB, /* . */ > bltestCAMELLIA_CBC, /* . */ > bltestSEED_ECB, /* SEED algorithm */ > bltestSEED_CBC, /* SEED algorithm */ >+ bltestCHACHA20, /* ChaCha20 + Poly1305 */ > bltestRSA, /* Public Key Ciphers */ > #ifdef NSS_ENABLE_ECC > bltestECDSA, /* . (Public Key Sig.) */ > #endif > bltestDSA, /* . */ > bltestMD2, /* Hash algorithms */ > bltestMD5, /* . */ > bltestSHA1, /* . */ > bltestSHA224, /* . */ > bltestSHA256, /* . */ >@@ -681,20 +689,21 @@ > #endif > "aes_ecb", > "aes_cbc", > "aes_cts", > "aes_ctr", > "aes_gcm", > "camellia_ecb", > "camellia_cbc", > "seed_ecb", > "seed_cbc", >+ "chacha20_poly1305", > "rsa", > #ifdef NSS_ENABLE_ECC > "ecdsa", > #endif > /*"pqg",*/ > "dsa", > "md2", > "md5", > "sha1", > "sha224", >@@ -790,58 +799,78 @@ > bltestIO output; > /* Cipher-specific parameters */ > bltestParams params; > /* Cipher mode */ > bltestCipherMode mode; > /* Cipher function (encrypt/decrypt/sign/verify/hash) */ > union { > bltestSymmCipherFn symmkeyCipher; > bltestPubKeyCipherFn pubkeyCipher; > bltestHashCipherFn hashCipher; >+ bltestAEADFn aeadCipher; > } cipher; > /* performance testing */ > int repetitionsToPerfom; > int seconds; > int repetitions; > int cxreps; > double cxtime; > double optime; > }; > > PRBool > is_symmkeyCipher(bltestCipherMode mode) > { > /* change as needed! */ > if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC) > return PR_TRUE; > return PR_FALSE; > } > > PRBool >+is_aeadCipher(bltestCipherMode mode) >+{ >+ /* change as needed! */ >+ switch (mode) { >+ case bltestCHACHA20: >+ return PR_TRUE; >+ default: >+ return PR_FALSE; >+ } >+} >+ >+PRBool > is_authCipher(bltestCipherMode mode) > { > /* change as needed! */ >- if (mode == bltestAES_GCM) >- return PR_TRUE; >- return PR_FALSE; >+ switch (mode) { >+ case bltestAES_GCM: >+ case bltestCHACHA20: >+ return PR_TRUE; >+ default: >+ return PR_FALSE; >+ } > } > > > PRBool > is_singleShotCipher(bltestCipherMode mode) > { > /* change as needed! */ >- if (mode == bltestAES_GCM) >- return PR_TRUE; >- if (mode == bltestAES_CTS) >- return PR_TRUE; >- return PR_FALSE; >+ switch (mode) { >+ case bltestAES_GCM: >+ case bltestAES_CTS: >+ case bltestCHACHA20: >+ return PR_TRUE; >+ default: >+ return PR_FALSE; >+ } > } > > PRBool > is_pubkeyCipher(bltestCipherMode mode) > { > /* change as needed! */ > if (mode >= bltestRSA && mode <= bltestDSA) > return PR_TRUE; > return PR_FALSE; > } >@@ -865,30 +894,38 @@ > if (mode >= bltestDSA && mode <= bltestDSA) > #endif > return PR_TRUE; > return PR_FALSE; > } > > PRBool > cipher_requires_IV(bltestCipherMode mode) > { > /* change as needed! */ >- if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || >- mode == bltestRC2_CBC || >+ switch (mode) { >+ case bltestDES_CBC: >+ case bltestDES_EDE_CBC: >+ case bltestRC2_CBC: > #ifdef NSS_SOFTOKEN_DOES_RC5 >- mode == bltestRC5_CBC || >+ case bltestRC5_CBC: > #endif >- mode == bltestAES_CBC || mode == bltestAES_CTS || >- mode == bltestAES_CTR || mode == bltestAES_GCM || >- mode == bltestCAMELLIA_CBC || mode == bltestSEED_CBC) >- return PR_TRUE; >- return PR_FALSE; >+ case bltestAES_CBC: >+ case bltestAES_CTS: >+ case bltestAES_CTR: >+ case bltestAES_GCM: >+ case bltestCAMELLIA_CBC: >+ case bltestSEED_CBC: >+ case bltestCHACHA20: >+ return PR_TRUE; >+ default: >+ return PR_FALSE; >+ } > } > > SECStatus finishIO(bltestIO *output, PRFileDesc *file); > > SECStatus > setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file, > char *str, int numBytes) > { > SECStatus rv = SECSuccess; > SECItem fileData; >@@ -1480,20 +1517,30 @@ > } > if (encrypt) > cipherInfo->cipher.symmkeyCipher = seed_Encrypt; > else > cipherInfo->cipher.symmkeyCipher = seed_Decrypt; > > return SECSuccess; > } > > SECStatus >+bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt) >+{ >+ if (encrypt) >+ cipherInfo->cipher.aeadCipher = ChaCha20Poly1305_Seal; >+ else >+ cipherInfo->cipher.aeadCipher = ChaCha20Poly1305_Open; >+ return SECSuccess; >+} >+ >+SECStatus > bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) > { > int i; > RSAPrivateKey **dummyKey; > PRIntervalTime time1, time2; > bltestRSAParams *rsap = &cipherInfo->params.rsa; > /* RSA key gen was done during parameter setup */ > cipherInfo->cx = cipherInfo->params.rsa.rsakey; > /* For performance testing */ > if (cipherInfo->cxreps > 0) { >@@ -2102,20 +2149,25 @@ > SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, > cipherInfo->input.pBuf.len); > return bltest_camellia_init(cipherInfo, encrypt); > break; > case bltestSEED_ECB: > case bltestSEED_CBC: > SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, > cipherInfo->input.pBuf.len); > return bltest_seed_init(cipherInfo, encrypt); > break; >+ case bltestCHACHA20: >+ SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, >+ cipherInfo->input.pBuf.len + 16); >+ return bltest_chacha20_init(cipherInfo, encrypt); >+ break; > case bltestRSA: > SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, > cipherInfo->input.pBuf.len); > return bltest_rsa_init(cipherInfo, encrypt); > break; > case bltestDSA: > SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, > DSA_MAX_SIGNATURE_LEN); > return bltest_dsa_init(cipherInfo, encrypt); > break; >@@ -2490,20 +2542,68 @@ > for (;j < opsBetweenChecks;j++) { > (*cipherInfo->cipher.symmkeyCipher)( > cipherInfo->cx, dummyOut, &len, maxLen, > cipherInfo->input.pBuf.data, > cipherInfo->input.pBuf.len); > } > cipherInfo->repetitions += j; > } > } > TIMEFINISH(cipherInfo->optime, 1.0); >+ } else if (is_aeadCipher(cipherInfo->mode)) { >+ const unsigned char *input = cipherInfo->input.pBuf.data; >+ unsigned int inputLen = cipherInfo->input.pBuf.len; >+ unsigned char *output = cipherInfo->output.pBuf.data; >+ unsigned int outputLen = maxLen; >+ bltestSymmKeyParams *sk = &cipherInfo->params.sk; >+ const unsigned int tagLen = 16; /* same for all AEADs, so far. */ >+ >+ TIMESTART(); >+ rv = (*cipherInfo->cipher.aeadCipher)( >+ output, NULL /* no additional data */, 0, >+ input, inputLen, >+ tagLen, >+ sk->key.buf.data, >+ sk->iv.buf.data); >+ CHECKERROR(rv, __LINE__); >+ TIMEFINISH(cipherInfo->optime, 1.0); >+ >+ cipherInfo->repetitions = 0; >+ if (cipherInfo->repetitionsToPerfom != 0) { >+ TIMESTART(); >+ for (i=0; i<cipherInfo->repetitionsToPerfom; i++, >+ cipherInfo->repetitions++) { >+ rv = (*cipherInfo->cipher.aeadCipher)( >+ output, NULL /* no additional data */, 0, >+ input, inputLen, >+ tagLen, >+ sk->key.buf.data, >+ sk->iv.buf.data); >+ CHECKERROR(rv, __LINE__); >+ } >+ } else { >+ int opsBetweenChecks = 0; >+ TIMEMARK(cipherInfo->seconds); >+ while (! (TIMETOFINISH())) { >+ int j = 0; >+ for (;j < opsBetweenChecks;j++) { >+ (*cipherInfo->cipher.aeadCipher)( >+ output, NULL /* no additional data */, 0, >+ input, inputLen, >+ tagLen, >+ sk->key.buf.data, >+ sk->iv.buf.data); >+ } >+ cipherInfo->repetitions += j; >+ } >+ } >+ TIMEFINISH(cipherInfo->optime, 1.0); > } else if (is_pubkeyCipher(cipherInfo->mode)) { > TIMESTART(); > rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, > &cipherInfo->output.pBuf, > &cipherInfo->input.pBuf); > TIMEFINISH(cipherInfo->optime, 1.0); > CHECKERROR(rv, __LINE__); > cipherInfo->repetitions = 0; > if (cipherInfo->repetitionsToPerfom != 0) { > TIMESTART(); >@@ -3862,21 +3962,22 @@ > if (!arena) { > fprintf(stderr, "%s: Can not allocate memory.\n", progName); > goto exit_point; > } > cipherInfo->arena = arena; > params = &cipherInfo->params; > > /* Set up an encryption key. */ > keysize = 0; > file = NULL; >- if (is_symmkeyCipher(cipherInfo->mode)) { >+ if (is_symmkeyCipher(cipherInfo->mode) || >+ is_aeadCipher(cipherInfo->mode)) { > char *keystr = NULL; /* if key is on command line */ > if (bltest.options[opt_Key].activated) { > if (bltest.options[opt_CmdLine].activated) { > keystr = bltest.options[opt_Key].arg; > } else { > file = PR_Open(bltest.options[opt_Key].arg, > PR_RDONLY, 00660); > } > } else { > if (bltest.options[opt_KeySize].activated) >diff -r b008c4b827be cmd/pk11gcmtest/pk11gcmtest.c >--- a/cmd/pk11gcmtest/pk11gcmtest.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/cmd/pk11gcmtest/pk11gcmtest.c Thu Sep 19 14:30:56 2013 -0400 >@@ -27,167 +27,169 @@ > offset = c2[i] - 'A'; > *byteval |= (offset + 10) << 4*(1-i); > } else { > return SECFailure; > } > } > return SECSuccess; > } > > static SECStatus >-aes_encrypt_buf( >+encrypt_buf( >+ CK_MECHANISM_TYPE mechanism, > const unsigned char *key, unsigned int keysize, > const unsigned char *iv, unsigned int ivsize, > unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen, > const unsigned char *input, unsigned int inputlen, > const unsigned char *aad, unsigned int aadlen, unsigned int tagsize) > { > SECStatus rv = SECFailure; > SECItem key_item; > PK11SlotInfo* slot = NULL; > PK11SymKey *symKey = NULL; > CK_GCM_PARAMS gcm_params; > SECItem param; > > /* Import key into NSS. */ > key_item.type = siBuffer; > key_item.data = (unsigned char *) key; /* const cast */ > key_item.len = keysize; > slot = PK11_GetInternalSlot(); >- symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap, >+ symKey = PK11_ImportSymKey(slot, mechanism, PK11_OriginUnwrap, > CKA_ENCRYPT, &key_item, NULL); > PK11_FreeSlot(slot); > slot = NULL; > if (!symKey) { > fprintf(stderr, "PK11_ImportSymKey failed\n"); > goto loser; > } > > gcm_params.pIv = (unsigned char *) iv; /* const cast */ > gcm_params.ulIvLen = ivsize; > gcm_params.pAAD = (unsigned char *) aad; /* const cast */ > gcm_params.ulAADLen = aadlen; > gcm_params.ulTagBits = tagsize * 8; > > param.type = siBuffer; > param.data = (unsigned char *) &gcm_params; > param.len = sizeof(gcm_params); > >- if (PK11_Encrypt(symKey, CKM_AES_GCM, ¶m, >+ if (PK11_Encrypt(symKey, mechanism, ¶m, > output, outputlen, maxoutputlen, > input, inputlen) != SECSuccess) { > fprintf(stderr, "PK11_Encrypt failed\n"); > goto loser; > } > > rv = SECSuccess; > > loser: > if (symKey != NULL) { > PK11_FreeSymKey(symKey); > } > return rv; > } > > static SECStatus >-aes_decrypt_buf( >+decrypt_buf( >+ CK_MECHANISM_TYPE mechanism, > const unsigned char *key, unsigned int keysize, > const unsigned char *iv, unsigned int ivsize, > unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen, > const unsigned char *input, unsigned int inputlen, > const unsigned char *aad, unsigned int aadlen, > const unsigned char *tag, unsigned int tagsize) > { > SECStatus rv = SECFailure; > unsigned char concatenated[11*16]; /* 1 to 11 blocks */ > SECItem key_item; > PK11SlotInfo *slot = NULL; > PK11SymKey *symKey = NULL; > CK_GCM_PARAMS gcm_params; > SECItem param; > > if (inputlen + tagsize > sizeof(concatenated)) { >- fprintf(stderr, "aes_decrypt_buf: local buffer too small\n"); >+ fprintf(stderr, "decrypt_buf: local buffer too small\n"); > goto loser; > } > memcpy(concatenated, input, inputlen); > memcpy(concatenated + inputlen, tag, tagsize); > > /* Import key into NSS. */ > key_item.type = siBuffer; > key_item.data = (unsigned char *) key; /* const cast */ > key_item.len = keysize; > slot = PK11_GetInternalSlot(); >- symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap, >+ symKey = PK11_ImportSymKey(slot, mechanism, PK11_OriginUnwrap, > CKA_DECRYPT, &key_item, NULL); > PK11_FreeSlot(slot); > slot = NULL; > if (!symKey) { > fprintf(stderr, "PK11_ImportSymKey failed\n"); > goto loser; > } > > gcm_params.pIv = (unsigned char *) iv; > gcm_params.ulIvLen = ivsize; > gcm_params.pAAD = (unsigned char *) aad; > gcm_params.ulAADLen = aadlen; > gcm_params.ulTagBits = tagsize * 8; > > param.type = siBuffer; > param.data = (unsigned char *) &gcm_params; > param.len = sizeof(gcm_params); > >- if (PK11_Decrypt(symKey, CKM_AES_GCM, ¶m, >+ if (PK11_Decrypt(symKey, mechanism, ¶m, > output, outputlen, maxoutputlen, > concatenated, inputlen + tagsize) != SECSuccess) { > goto loser; > } > > rv = SECSuccess; > > loser: > if (symKey != NULL) { > PK11_FreeSymKey(symKey); > } > return rv; > } > > /* > * Perform the AES Known Answer Test (KAT) in Galois Counter Mode (GCM). > * > * respfn is the pathname of the RESPONSE file. > */ > static void >-aes_gcm_kat(const char *respfn) >+kat(CK_MECHANISM_TYPE mechanism, const char *respfn) > { >- char buf[512]; /* holds one line from the input REQUEST file. >+ char buf[600]; /* holds one line from the input REQUEST file. > * needs to be large enough to hold the longest >- * line "CIPHERTEXT = <320 hex digits>\n". >+ * line "AAD = <590 hex digits>\n". > */ > FILE *aesresp; /* input stream from the RESPONSE file */ > int i, j; > unsigned int test_group = 0; > unsigned int num_tests; > PRBool is_encrypt; > unsigned char key[32]; /* 128, 192, or 256 bits */ > unsigned int keysize; > unsigned char iv[10*16]; /* 1 to 10 blocks */ > unsigned int ivsize; >- unsigned char plaintext[10*16]; /* 1 to 10 blocks */ >+ unsigned char plaintext[512]; > unsigned int plaintextlen = 0; >- unsigned char aad[10*16]; /* 1 to 10 blocks */ >+ unsigned char aad[512]; > unsigned int aadlen = 0; >- unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ >+ unsigned char ciphertext[512]; > unsigned int ciphertextlen; > unsigned char tag[16]; > unsigned int tagsize; >- unsigned char output[10*16]; /* 1 to 10 blocks */ >+ unsigned char output[512]; > unsigned int outputlen; > > unsigned int expected_keylen = 0; > unsigned int expected_ivlen = 0; > unsigned int expected_ptlen = 0; > unsigned int expected_aadlen = 0; > unsigned int expected_taglen = 0; > SECStatus rv; > > if (strstr(respfn, "Encrypt") != NULL) { >@@ -309,52 +311,52 @@ > hex_to_byteval(&buf[i], &plaintext[j]); > } > plaintextlen = j; > if (plaintextlen != expected_ptlen) { > fprintf(stderr, "Unexpected PT length: %u vs. %u\n", > plaintextlen, expected_ptlen); > exit(1); > } > > if (!is_encrypt) { >- rv = aes_decrypt_buf(key, keysize, iv, ivsize, >+ rv = decrypt_buf(mechanism, key, keysize, iv, ivsize, > output, &outputlen, sizeof output, > ciphertext, ciphertextlen, aad, aadlen, tag, tagsize); > if (rv != SECSuccess) { >- fprintf(stderr, "aes_decrypt_buf failed\n"); >+ fprintf(stderr, "decrypt_buf failed\n"); > goto loser; > } > if (outputlen != plaintextlen) { >- fprintf(stderr, "aes_decrypt_buf: wrong output size\n"); >+ fprintf(stderr, "decrypt_buf: wrong output size\n"); > goto loser; > } > if (memcmp(output, plaintext, plaintextlen) != 0) { >- fprintf(stderr, "aes_decrypt_buf: wrong plaintext\n"); >+ fprintf(stderr, "decrypt_buf: wrong plaintext\n"); > goto loser; > } > } > continue; > } > /* FAIL */ > if (strncmp(buf, "FAIL", 4) == 0) { > plaintextlen = 0; > > PORT_Assert(!is_encrypt); >- rv = aes_decrypt_buf(key, keysize, iv, ivsize, >+ rv = decrypt_buf(mechanism, key, keysize, iv, ivsize, > output, &outputlen, sizeof output, > ciphertext, ciphertextlen, aad, aadlen, tag, tagsize); > if (rv != SECFailure) { >- fprintf(stderr, "aes_decrypt_buf succeeded unexpectedly\n"); >+ fprintf(stderr, "decrypt_buf succeeded unexpectedly\n"); > goto loser; > } > if (PORT_GetError() != SEC_ERROR_BAD_DATA) { >- fprintf(stderr, "aes_decrypt_buf failed with incorrect " >+ fprintf(stderr, "decrypt_buf failed with incorrect " > "error code\n"); > goto loser; > } > continue; > } > /* AAD = ... */ > if (strncmp(buf, "AAD", 3) == 0) { > i = 3; > while (isspace(buf[i]) || buf[i] == '=') { > i++; >@@ -397,37 +399,37 @@ > hex_to_byteval(&buf[i], &tag[j]); > } > tagsize = j; > if (tagsize != expected_taglen) { > fprintf(stderr, "Unexpected tag length: %u vs. %u\n", > tagsize, expected_taglen); > exit(1); > } > > if (is_encrypt) { >- rv = aes_encrypt_buf(key, keysize, iv, ivsize, >+ rv = encrypt_buf(mechanism, key, keysize, iv, ivsize, > output, &outputlen, sizeof output, > plaintext, plaintextlen, aad, aadlen, tagsize); > if (rv != SECSuccess) { >- fprintf(stderr, "aes_encrypt_buf failed\n"); >+ fprintf(stderr, "encrypt_buf failed\n"); > goto loser; > } > if (outputlen != plaintextlen + tagsize) { >- fprintf(stderr, "aes_encrypt_buf: wrong output size\n"); >+ fprintf(stderr, "encrypt_buf: wrong output size\n"); > goto loser; > } > if (memcmp(output, ciphertext, plaintextlen) != 0) { >- fprintf(stderr, "aes_encrypt_buf: wrong ciphertext\n"); >+ fprintf(stderr, "encrypt_buf: wrong ciphertext\n"); > goto loser; > } > if (memcmp(output + plaintextlen, tag, tagsize) != 0) { >- fprintf(stderr, "aes_encrypt_buf: wrong tag\n"); >+ fprintf(stderr, "encrypt_buf: wrong tag\n"); > goto loser; > } > } > continue; > } > } > /* Report num_tests for the last test group. */ > printf("%u tests\n", num_tests); > printf("%u test groups\n", test_group); > printf("PASS\n"); >@@ -441,17 +443,21 @@ > > NSS_NoDB_Init(NULL); > > /*************/ > /* AES */ > /*************/ > if (strcmp(argv[1], "aes") == 0) { > /* argv[2]=kat argv[3]=gcm argv[4]=<test name>.rsp */ > if (strcmp(argv[2], "kat") == 0) { > /* Known Answer Test (KAT) */ >- aes_gcm_kat(argv[4]); >+ kat(CKM_AES_GCM, argv[4]); > } >+ } else if (strcmp(argv[1], "chacha20") == 0 && >+ strcmp(argv[2], "kat") == 0 && >+ strcmp(argv[3], "poly1305") == 0) { >+ kat(CKM_NSS_CHACHA20_POLY1305, argv[4]); > } > > NSS_Shutdown(); > return 0; > } >diff -r b008c4b827be cmd/pk11gcmtest/tests/ChaCha20Poly1305Encrypt.rsp >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/cmd/pk11gcmtest/tests/ChaCha20Poly1305Encrypt.rsp Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,839 @@ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 0] >+[AADlen = 0] >+[Taglen = 128] >+ >+Count = 0 >+Key = acb9542c48f9440ba770fdb641fe265bb0923e6e802091fedf894fc211970acf >+IV = 3f8ff04b06f7035b >+PT = >+AAD = >+CT = >+Tag = 0f45ae49a614abb78964888a12c0516c >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 40] >+[AADlen = 40] >+[Taglen = 128] >+ >+Count = 0 >+Key = 9aece8866d4f1f0535ef1aad1f2f26b4611df292926434ec96c75b6033f58c05 >+IV = debd9a9873df139b >+PT = 9aca25acad >+AAD = 65aa6d3a3a >+CT = 0a89d44c30 >+Tag = c2d5a4cb2d45eed952134d29c42613a1 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 80] >+[AADlen = 80] >+[Taglen = 128] >+ >+Count = 0 >+Key = c0331401b64665930ebeedbe37eeb33ac66bb14df46f32ccba0f59f6a32bab86 >+IV = b01d0327b191359e >+PT = 1162b59c9c3dec3ee5e1 >+AAD = 1d02137be712e6f65854 >+CT = 9af52ef31e680054a9b5 >+Tag = c9484db4edc114b5ae9a9f3489079c61 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 120] >+[AADlen = 120] >+[Taglen = 128] >+ >+Count = 0 >+Key = 013df6e8a6fdda219e43f3f662b573969fa85fa0a6c630ab5bba90211d5d3fa2 >+IV = 6feb239dbd75d66d >+PT = 8175ac7aafb11edfd3bbfcc1b43c62 >+AAD = d719fcfb8c6bb133d528cc01185307 >+CT = d57e75ed7c866db4eccefe2e013e50 >+Tag = e981bd65b87c837e8dc39ed946f3669f >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 160] >+[AADlen = 160] >+[Taglen = 128] >+ >+Count = 0 >+Key = 6e98722d1b799198ecf0458730d981e9ba480093ba903357bcdcface743f7c13 >+IV = 5cbe692211797302 >+PT = 6ad959852f1fcfb036fc4e3705c3ce8daf28e9b4 >+AAD = ff5c762db19d3d95a533e284aa7857d8610a4146 >+CT = a9987890b54f5afa41abc48a51d18e8731a3d96a >+Tag = 5035eee605ed71f77511de78cd32034f >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 200] >+[AADlen = 200] >+[Taglen = 128] >+ >+Count = 0 >+Key = b2168e518f7c677b0137e883d747dbc5bfe3ffef5abab58631cbb2825f29eac2 >+IV = f6309cd77a945cd0 >+PT = 189ed3b66982814efc4c7cb10d4b229ceca4deb0172b5f4281 >+AAD = b188fd19e7f2baa0416b48a99faa21c3ef4a2a7749700ad43b >+CT = 6f6994ea9e95d1f300c7e887470bb87280bc4dcf92c7682be9 >+Tag = b9530a7ef1121a107a9edcfe1c12af8e >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 240] >+[AADlen = 240] >+[Taglen = 128] >+ >+Count = 0 >+Key = 09d7812c8e0f5a8e4aadaef3e0e35d9c8d2f00ca29f43b33c133f5d989703dd4 >+IV = f6ff57275ae07a20 >+PT = 8479c01db1d9835717ca9adbf7fc1b97c9eaf889e4af6748df6261696cc1 >+AAD = 7ce2a78fb1ad61d9a2f37abac8b74d65bd6dddb00e10a5033e67247a9e5a >+CT = d2ddfd7822cc4c2b3c9c4fceef9f5bea68d42327daf16d5d23e620465109 >+Tag = 321842d6ebd01c248a0399b55614a345 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 280] >+[AADlen = 280] >+[Taglen = 128] >+ >+Count = 0 >+Key = b710a43cf01623b56efd33aca4ce3b8ff4cead3c49eca17b0afaabde3a3868c3 >+IV = 547a8f8be034245a >+PT = 58f1f7965aa510fd3332b1b533d4cb5015db848091642f96a35a5536056b5a23749d23 >+AAD = b91e33144a8920fcb9a833d26026d9cbbc4772c1c03fc0a5a8d318cc6c6bb1ff4006f0 >+CT = 19cb4db09293dab283db25fdadbb45ea00115748168b581472c2e12c83571d4867d6ad >+Tag = 7cc67a82533b2b554b3faf50f945d696 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 320] >+[AADlen = 320] >+[Taglen = 128] >+ >+Count = 0 >+Key = ca1c0968e023d98f7ba26f851821b48805d9902879b84d294fe1499f3c8403f8 >+IV = d3d2ed44b783f0d3 >+PT = d76319600341e5f07605978300801368a3d01562553775a0277a1f94eeed9d3c2ee82ea747825d6c >+AAD = 055ae645da59eda7416782bde3bb30fd9212a81f12f4c1052de9eefc9426800f294a44227ff7569b >+CT = c4627d0111197da1da76d3141a8ca31950e2a25b3d91cdfaea519bc3693e639649da8fc3e2fb7939 >+Tag = ae4a0fd5f89ceb235178c654ada61dd2 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 360] >+[AADlen = 360] >+[Taglen = 128] >+ >+Count = 0 >+Key = 019ad29afe77668800051ddfb358ad878116fe2f8175475274769777dd1bf396 >+IV = eaf5e46bd04b9194 >+PT = 601f07a2874c8c2a28e71f0a17af591730bb9dac4562964b01c0a7167ee94d3630be87faeb5196c55262d5e59a >+AAD = 2b19efbc7431bce5f634547390ce7fd84798b3d8e84759a978d8dc7269b8842b0a22266b9bc9f600c1457caea1 >+CT = d933f2265532f40313b1d7304befc55708818070fc52ee2b4cfd4c7ee9106423b49c0df291712a21fb98e55b7f >+Tag = d12c2abbc0c43ee4d1abe497dbf00d4e >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 400] >+[AADlen = 400] >+[Taglen = 128] >+ >+Count = 0 >+Key = 858bd461c8151e95b9e4830c68b7d90d4360258e5aa471aef380c4ccacf28dbb >+IV = 01d9069175ef947c >+PT = 6700697e1fd1201f0eb825a1b5454ab8d8fd5beb61a7210acaf00b6c9c71e5c08fc69ff9db0cef9bbe0b9f2253a4856ab03b >+AAD = a15f6e9aacb999410ad202126f9f72590019ad7a5f9997d9b9c649e2ccc8f9b2714796e6feff82da32973fb8202c4ff41953 >+CT = 5206888704bbd6c6787fb31245df2c9e7f1e5c0543ac029218bde43d23cca264662473a92840f242ec94c1355be1d47f2986 >+Tag = a03d57a5ebf948cdae32c1641225b186 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 440] >+[AADlen = 440] >+[Taglen = 128] >+ >+Count = 0 >+Key = d096115d4a3902728aef3f1bcfb2eca46af7621f6a922b60c1039789ac35e55f >+IV = e18888104b3fceb8 >+PT = 617a6c6cca378f2768031a0b4ad9d1c1be60557e8f90564a57867862d5f5310005eeb4fe3536d21aa5979173861afce8f49d58a4c3527b >+AAD = 31ce84fe8ed80c65b10664b3deda81b0720e8e47de6591e08f7ddc03bf9b191a2dd5c59cd6a4a82f1da9da6df02ba023dbcc816c531616 >+CT = 296458e52dcd29634b1972112772e7df5457ebfdda7c8d29b895be832cc16941373a4e59344bac287059a940d43f41ae283306eeeb016b >+Tag = 5009566bc722d0115d8c6b46bdd85604 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 480] >+[AADlen = 480] >+[Taglen = 128] >+ >+Count = 0 >+Key = 17202821a27c9e182fa529252b7b3ea124b5f1cc5a6a461cf4379a0d810038c6 >+IV = dc617c1c7b102efa >+PT = bddeb18c5efc3ce468ec6901ae47327ba9e831cf97f80cd7722659176801659250f10d300be9fda257cbddfdc0c9572f90561e178460dba635b91724 >+AAD = fb6f98fa491ca5738f88306ccf2599575cb8bd0b06f0e824735a1d462b8aef0cc75217d1ac750fabdf60fe039a9141e6e545ed7bbc8b44d4468cd616 >+CT = 402ab648b865f8dbf30ad42fd33a5deb2f28fc35e772b2699449517d9a1b3a69816748a67d38bbabce5279c8427712c622a514c2121325dca3c07169 >+Tag = 91cb8960f15941cae9090dae1f6958e2 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 520] >+[AADlen = 520] >+[Taglen = 128] >+ >+Count = 0 >+Key = 72f2073a96682a5b0baf348476f91ced0b64f0bfba918a6324cddb05bd42576c >+IV = 5fd0e4ab8a8588b8 >+PT = eee959bbc560d7faac7fe0ee242ef6c2a3605eebd71488dad0d534f18e7c292bb32315e2fe303a06fde7e19a675d5faff2e0b1dbd37cb7111aec66c02914d83a5b >+AAD = 3fe677a6ff11384995087ee1ffed662102fc2810299ad9729baba4d5c21233ecab59e4e78c5c1d4e333a161fb362341f4a943623973271ffc50b3d25cff69f7484 >+CT = 1b603c686cdbc9e0609ea09b96bf4bc66bf8a17530e9a0fdfe7f5807d8c8e5e197b1d2572fe3b86e284933de0435bfe1ae9c9f0e437a110c44d7dc668988efc371 >+Tag = 8e6ea351b795d8aac1cf1aeabf8064f0 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 560] >+[AADlen = 560] >+[Taglen = 128] >+ >+Count = 0 >+Key = 55e39f388bae28387975a062ba81b44d0a2f2045a22ddc174f4c01fca6660c27 >+IV = 8d4af671bf17674e >+PT = 55c1f88069f3e26f4a0e276960847ea24613670ab506bc2eec35589d5f98d399aa9ab8edd63876e2eaef4554bbaff8487ec0db47910667f45f25a5847f78132b65e0597725f8 >+AAD = 97becc866e58ed0aa35bae0e80337fe8e4b2ced199f09e0b4032c7ee12116ab279cc5b3cb8f4907de15725f3636e27b80b21dc50ef7f7a245d9dbe3a7264c1d71f8535d2e34a >+CT = 1b1145ca1188b3443c822d094b168a68382ea84d3fcf2d65c3d40bd3b66b37791aa20cf311615c23aa5c73fe6bea25ec5b2310cb103005e7fa792a55f3462b971e979ee312ce >+Tag = 96c7cef81ce0b897a0dd63e1e13d6eec >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 600] >+[AADlen = 600] >+[Taglen = 128] >+ >+Count = 0 >+Key = 881ecd1007638703eeed79253aa9d71d4afd941bebcdadf63cc91c2ff4616113 >+IV = a01eef6ab2cf916f >+PT = 454029b615c3233afd73fd0304ee7a090dddbee78b0cb0b32b866712debe205e23c373d83bef12ca94a45ff9168242602429813d3cdb8bbe7d2ff1d4f26d98dff33376c175d9eee0044c59 >+AAD = 7f3965d1468caddd921651a79985b125a978dd8558d3a6375e25bdebac0f71d3a62082bde2aeb0c55c6a46399297f055f7c44d49b0127db914bffb7b7f43545e1779134739880fdde894f7 >+CT = b1509848adfb148180d69ad8e073c8797f8de2937324390e2127124c22b4e81e10a8caf09a77a42cde9d75866fc228ff5df856fb4d35db023beed5f8e39233bb5b15bd5ed17e38eccb53df >+Tag = 655a5a2169bc9f9e2a8fb6c6d46ba4b9 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 640] >+[AADlen = 640] >+[Taglen = 128] >+ >+Count = 0 >+Key = 29df456181f0a8e87dd268ba90f8ff6077e735d04aab82b7c3febdf0449d534d >+IV = 3580a85237899b4e >+PT = 979f78d41981cc98a42a6e64786fc701f26eac72b941ce657d61eeff95260f4b08e08c07179f0be49f7ec5ffaf8d2d43475174436996ab43120480f71659a1132640fcfa8c893670d04bc384c07d0603 >+AAD = 736a7ac39054ceb09dda0f5cee75cdf4889804e1e78d77ab9d9aaef7a0a1a7dfb8c24022641521ad50303458ba47ad10030bc59438ef1c713bc6085b274e1a0aed55e36e537c54f55897d56d698595a0 >+CT = 285461e9e74df697b33fc48f45f080c5877331539eb844a8e5f1d5bf61209f8dbc4d8c009b237e73fe71708bf11fd36058101dc327093714e80e46217f6fdf68342a9fb01051e37fd464da3d8dabc140 >+Tag = 7bd8f6f4cbe873a35cb1a4cbf3b9fcfe >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 680] >+[AADlen = 680] >+[Taglen = 128] >+ >+Count = 0 >+Key = ad020c7f3041afeaa243715a86ef0af97ab5c791c28396d7b0b9c611f1514d05 >+IV = d9f1571cfda97d48 >+PT = e491580cc3c51bf8da83b57aec10cca94ed346e5a3a0809ea700c8f66adc4f6a9f8cc6ff4f1b6a2d2b61475322aff77838c66ee3a67eeedfa208a69fc5c5bca2305047b3c83dcfbf1a3d8ae721d2c30750cce8b463 >+AAD = 0753b4bb11d64a593f78fde2f5124224e44cd8d77c33bc79e155dd2b6c7bd732a32e2c9e14de83590d86cc92f3a1e75e537b620fc358f6d8c6e82102c410b566466c5abd4354f21412ee873baad438e2b4e632c652 >+CT = df70d9f65c530cfbbd0e13bb739a4f67db0879b3914009b60198b5b74bf81cf953a0841c8ad10c0fb6afdb704b92a34d99201b7a2cc1cc2cf3a22bd7e71e1207e730bdaeb09f186a766a806c998235f57686676012 >+Tag = 0f2ff8ea5b2757da65229d9ba0c73d87 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 720] >+[AADlen = 720] >+[Taglen = 128] >+ >+Count = 0 >+Key = 92239a4d8ace355bf209d773ff7887bcad3dbfd0499b750ebab82c326de82e6d >+IV = 1f651c9aa0d45fbd >+PT = 53e949b8d51a9235192af1c9ee4bb108bf67caf6a0caf7a1a38d34b2695a3a4c1f1fcdc8ce309145bceda7b0cfdb5cbc47a52e57d3d48f96af93f3865bb5912b581d79ac80fe4b5bdbecf7ce3a557d44f6bde52036fdf2f3219b >+AAD = 9c83e5b6b7ba667492dc365c0a338ee65b7985236053c9ea26f2d1abb5484dde771d3bb6f99fff831a46efe3583cd5ac8823134217cfea02b73ec4739652bdbd73487990853377d319724befdefa2c06fef7fdb0c1d71937f6bd >+CT = bc4f0327af71cacb27cad3a5136b70c7e2b6e43d33809331a314c77caeff0edb8a65d84c7506862568530c348b8e489f3276eb1d9f41d983255897cb2abef26b161efa6f32907beef22af8b45a6eeb736d67f23b26610a911cb1 >+Tag = 78378314f64019caddeb72bf12d5ce40 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 760] >+[AADlen = 760] >+[Taglen = 128] >+ >+Count = 0 >+Key = 3c3fd6917c2824ca1929ad5955e40192e4e7f2bb008c32eba0e54b5035a8b5b7 >+IV = 47675c24217bf49e >+PT = 487d60257b53d284ee77a1b0c967cf8218aa858f5061e0229e5d856d15c70f08895cf9d235f7afcac68667a2644553844ea15ca9866957c6f36fdd896be7026a22f9b7d03f6b904f144932b625e246dea76abf2175778a5cede7c8a340e75c >+AAD = 28a00e27dd38b73fd57f51a33a8f191ff7bfe8157050911326ad6f1274ca3132a3cc55fecf37bb62158dcff53f48a1737d57a4e4c4e22492901f9e07c0535f9a5634b1d35c0524ee0dd23a1427da18ed32b5061c7e02cf66846fac90686c3f >+CT = ea7f9fcffc9932dc1fec9313edc0b61a52090f831a06214ac00930d082c92ac66bd49c9a34d673134bf522cfdbc183a4e1f4b3bd2c9af54e2db67f1c94728173f651da5f94b9f5fe1e480af1802e6b9432ba2224f74978b5e974c9a3ba141d >+Tag = cd0dce76bc2c80e324fb39b50632f3dd >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 800] >+[AADlen = 800] >+[Taglen = 128] >+ >+Count = 0 >+Key = fed7d6aad4b925fb0ccb697e63467227814789f7679990eec217bec5b556248f >+IV = 8a27945c42eecdbe >+PT = 397e1de526056f2991819b99918713056914650ec36e85ea10098ad8ce65303f2d1544102170cc874208b98c017c58e80d502485a39c1d57811732c1484d2abf5f2d503fb3de3747225a3c964569d7dcaea74c5eeb213d3ebea704995eb5f9e2d47955ac >+AAD = 8f53f98812bea4219788195ccb750f99800096de7bc3c3ffc37ea3a716c39635aa3aa2a195a4184d376fdec7b60ae392f633d147fb9b148ccdd116b49171ebb072423b361a710590de1c68bc86cbf61a25f1e1a593828815530da7d3ff95faab8b9a815b >+CT = 4b183ffacd59f991fd1691d19c8aa668302d05a4b89f9932184ccd9c4fd1efc82815f5dcef0bf3a0341bb36bd8712cc31841a7c1a63eb312df67fb5967b5fa5740b3850ad5cbe83137446b7810fee3c921f8f31d394949f769941b97cac71bddb3ff95a5 >+Tag = 05cd716a84c260c02f8ec9b94225e080 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 840] >+[AADlen = 840] >+[Taglen = 128] >+ >+Count = 0 >+Key = 3c38b3efc2edfafe68b92dcb8ce176b41527d5bf6abce78c90e979013c5efdc7 >+IV = 4ba30308966a6b76 >+PT = d767456148f01f1b916c440b0c60d93a4282d6d72e31b1cca928e1dd7a0c267d0b6dd4c66a98fa32d41653c1ed371cb67ba64b0a400651ef866185aa925c895a9123f70842831154987012e83b0dafd84d22330c3806dde28ead9cdcac3000cc965e8a04f413e5f8d2 >+AAD = 95a1cfb7eefc03594c2f36e66b568d3101dee1e25dec606bd9a039b447cc592cfff50e10f42dad4bc5187fad601ccee2474d27b94daceec353352dd14bf5b035b2f5ba1e8ba9153974a53d3d34f72a3420fa8998e2172679449e9af90f6c1ab4bef87d3695ff28cf44 >+CT = 2e97da3a5c6799a3397fcb78851be05680d11f03c3dfbb284cd9364beadbf1fa23674b701df5504f994eee7d908c239d737bb31da1646097b20a5814c4a50187f11160f496b8391e1984c64e28fae9246fbf12e38ceec6f793fee50ba4f3dfb6113d8ec2e998310331 >+Tag = 29ba7c760057452ef91dc6b886c5a9e4 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 880] >+[AADlen = 880] >+[Taglen = 128] >+ >+Count = 0 >+Key = 5906fed532a234eff911786b5a0d7ff8a2129fa3eccfb00036a8e29398f46659 >+IV = ea9f7dc7fb934672 >+PT = 4a2ca4ee5d2f424738549f1b5298a84abd068a3b5117f715294e94ceb41b4dd3335024f634a9161a66251fdbf11d25dd023edbd0766c93f9aa4c782d996d2f68b6e52504a199fcae0e0813f397e8b9bf5dad1d91033c040ab08388b54c636f9f8ba0146f742b5a6a3c8102699469 >+AAD = b8b158c189b4914b19aa6321f3b7ed726d38f49cd0535069176c18f9681a9c0640cc83e407de158c887437f91ca276c138f8a161da35ddcc5faf2a00ef14dcf343379b0410c7b28e0f03a33e6aba25db433937db98bd003f57e26b2c6f9b35e74f1bddf0e536318e4b3dc2c4eec7 >+CT = db494f3532769e78940acbdb363b9c0eb9698eb95538acb279b8acee6ae6238f09b67da51ba5b97a450a3f05661b572f84be59b8dbeb22a0199c1aef791c14b825b3251877a0263f57fc098dd383c0976f3a855f3c7eabafcbca4a67455d0839fc0831daf52c6ada3df0c5438961 >+Tag = de066b22403fc8d29a017102027e43ce >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 920] >+[AADlen = 920] >+[Taglen = 128] >+ >+Count = 0 >+Key = 68f75db286d982c0c9e2696c60596cb45efccee30b0138d516194f88c81526c2 >+IV = df4811090add6ca9 >+PT = 91f27214d856627ddbe1c3b6876395ba99c92d8995d58aa071bd2c47310263e5afd3f2fd542847bc46f630b0f6da50c67eed94a89078b3e278245a00c8d96ab50b97feff7ec6ee57e6c93b5e74c116b0ad603deb5ae964c4c8d8d57dbe24576feb5e9e7702a56efc5a04c8dd5f478934c608f6 >+AAD = 831724f060e99e57a8eb955101dd0aa097a0529da5ad831e99ce15f292d1b16c28dd340df55c9533e035ce1227faa26c027ef0c036db57f8f9e06850805a84609dcac9377e3e176d7e85484c18b5971346640fa545bb8499b82129d03f176c304e9aa0107a32b157456a64b8523bb00a84a2e1 >+CT = b6256ee0349b884663690f2c32a38fa4bc9dd17d80a09c123eadd7abe7b188ca657711b84799e4cf11902f512120d61b1c06a73283c6204187dc704f7b8a930f8d60d9e33794e5ef6abbcef5a2bf25dc0dd42f3b9f372260446732fb905a2a0947100c250c5cb157a22ca7064eecc92d9188e6 >+Tag = eb748092ef84511d55383aed71d578ec >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 960] >+[AADlen = 960] >+[Taglen = 128] >+ >+Count = 0 >+Key = 196e79092eed77ad2ebf33a2aa1be46b902a714012122eab7e3b3d1effc74995 >+IV = fa9fa5afb142d2e6 >+PT = e23e4a6fc452830f591bbc81134aca40de9209c096049de5350381b9d2edcc8e570aa7a159aaac001c94a09cfcd3b064a17f21565e6f21f99e090a1941d4d06d84c8bdec3b860536960e4e3f24d0379a5dd9b789beffcbd7dcb4d11a6e52ea59060b3e5d8c00bd686e8b9b201189998668a1d4368569d4f8 >+AAD = 55ab7de715d313583e19e7fd5c21c9835c071ed1077574f0ed1773e2a87af8b7271e4e4a0e8322886e0d65e493a96bbcfd1a021443497499d4a61e5b105849b53f9830d854f5abab85dacc8e1849e51f8705c587cd0c3793d451b3fd1a193a470866e06bdef658e198c4f554abfaace2aaea90e8eed7abd8 >+CT = 462e85a8330d6072081e5ed8c481ab5a9cee171eadbb8efff92dbe58707ef3f2ce1fa10197f18799aa982b4a445a89f4133e0c1349c7f446238cf6df0619e8acc3ddd89c471e2285ef549757f8626aff7a589788a5acaaf209b9a82699428975cd2600d44501c101dcc0d19059d8678cabf9034b05bb5734 >+Tag = 3064e2dedcb9b80c1f5e45009fa24b3c >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1000] >+[AADlen = 1000] >+[Taglen = 128] >+ >+Count = 0 >+Key = 8af439b58da1c018d5357243c9d6732b1c94d021b15ac6db3c5e13ccb3861f1f >+IV = 58eea71c01b49572 >+PT = 2c80268be4f4658d4e64e982b1ad1e6614b79f0108256d30b1d2a1cc054012db44d34f778cc07ef2632689167e7715bdef74e962a79fece9cacda2c34b48609d685f93ad05ed84e491e7d704e6432d16aea5c0776f93ad79cddf4248041a7acdad4bb65ba21051e3fb677964289d81f5c40712b120b3784cb142134969 >+AAD = 2360d791f021a4a41701399c95e503a82cfb1f971bce1508da3654bb4dee300b59d87d7e4869eef5813141e2eec37dc5fc9ddf95137151decb4db7732f7ae938cac5b68fb62ac4e6b0d71ef616c42280e33c453038f5244cc4d5778dc0e5033380a77dd3ecfa5bde749af88543b9ec6059a9e1f724c0e10e507d6e5233 >+CT = e914a05de4a32ef2a08fe3471af287edf99aac1db92d4199a3f8a4ec2b5ac079a176076dd408d4ff6fda7dc3ac39535d2238bc6886252c6b59c01f5085b6a6afbbc10f15ae55813d7d5a5673c235f281cdf92e2da0b8a2a0d3c8f782a36b4724be62196f8a4482b08e49db33250ad4cf83756a9a807f374e3cad11470f >+Tag = 57b049c0ccb71ce03b7ff5c1dfcfdd1b >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1040] >+[AADlen = 1040] >+[Taglen = 128] >+ >+Count = 0 >+Key = 063aed0038aa81407f76a6e385005ec8faf1c6880c298ef5ed907265dde7b342 >+IV = 8b665989856e53f5 >+PT = 7ee15935f87ecb0c949342e82f7c0582d830e126a2bb2bf764d964cf4ceec91e4cf78f3253ccacb9c32e7c35d616d41db2a9862f634c9046df0ccab7b65ecb02ded5e20a288c66b204c48baba30f2e400fd2e36a6d259497b0b6aeddc61b55e26931e9e34ba7d35d7c8c94ed461ca6013d6b23d8b1bd59a0ee8aac3b08b31dce94de >+AAD = d4588cca06e04d9a5843153f8a849fab51136332436804016af15f40da0d501c17d9da04dbf8530538f19210e7bc1ebb12f0ee4b660e0f2c96cb11e817c1590ea9f5f7cc06d6329530c0fd978bf894c4100a0fe1b8b96cfe2513057614e476ceae80f76c05160aa822e10a85659be6841c498b8ac9900a0d321455adcf533e691941 >+CT = ebc0f14a3e5e259c95c3e697b5b6e043309cc94c66734d4b899e4a97375c0403597f6fbe11cc62ef62303dc39ffea86c54ff32be0d9e6b3054e6b32c799e604565bd2921b59e4fd4ecc89e242df1e3be158db474efedceb0ab9829e6914ac4d65743600d5cfb0c82c339039e5b1fc28243f2f8872f9bd332657204aa7bf2a6fb77d6 >+Tag = 34f2d2df05a69c5baf949115a27fa39c >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1080] >+[AADlen = 1080] >+[Taglen = 128] >+ >+Count = 0 >+Key = 8d4a9863e4640fc20adf8ef259d81003f3b635101f83f701cb2115b343f8abd2 >+IV = 636b537f53d8e775 >+PT = f26506e161e1ea70e56e7cdf36e468c2617df39200ed32a927b1bf71d964bb5e7c90ef3db77df3ef413b9de6ac2a71f3cde8ef177c607652ab9b196b8c424857ad89e20ceb858b033d92b7dd56313ba0bf2a222a10f4b757ae6ad8ea49f558c3f8a707a0fe92fb8aaa5a9f89340077285a84e477266d8aaf9f66ba6926d66d3d61a81398a2a2f9 >+AAD = 65c867f69dba8d91caa0327302379781e38ccdf4c31b70f6534b399d4e1d29b548931aa930dd452653e9cb8a43cb117d4b4bb038a72592e6710a505d520d8ad4c7171b574b6915b10cc4c1b4edec34b21a8e7beeceff80aa161c664c05f0c52ece2118636383761432c9ac7faa136ceff378c93c9f74a4e7cfae6db6dc047a528607ae058f87c4 >+CT = f4c0843bb0df9680a279be71123871e57d4e4cf0f4c558a09e44cac7a26d864ee48431d9ccff6bb65a5a98158392192de2bec0fbc3eb154d175a8ed012c054294988cf04aaec48a3072f9ff0b59587da6b26572002e582993aaeec8bb945993cf2363cb3b2d8a805985604e8b06376e070ad58a48f2482ef82758f1d74376aee35da2b00fe4797 >+Tag = a9aa76d5828adb71d769ba9c8a3208ce >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1120] >+[AADlen = 1120] >+[Taglen = 128] >+ >+Count = 0 >+Key = 48ea5147dd2a79e6a22d0226f44ba4c38d7748d518dc01413517c86565438fea >+IV = 10adabe0403988da >+PT = 3f3bd35e13fdc221f4638cfc4c5d6d0de773b489aef70a4e6548fc158f11c5d14ec6d23ab7b2ae586830733addafc08c2146401491b11abf32e0ed229b97a216a8540a6b3cbd7241ccda647c1246bf3a4199126835bb5d76fb54d9daa18747c477816d414a1c98d15bfe4ac36aab2a0a09a33a47d4c9a026032c09fabeb749d10b713238ec7abc55f0afa4e5 >+AAD = b7c65431dc00cbff4ea96b72824b9b39159f79ffbeb3d1922b6f84f52c9b9ddc544cced74832fc668cd8353bbe2de96e6362145ef2404f625ed271918c24cb25f937337378d6fefef9815d251b66746a695c4266ee8cb5d17ed7a90e69a4feb9452cde62ccdea704b7d8fc118339c2c1e3c2a95f0f1be2203f3fc1838bab205cf2c5d185ef0eb87a56b4cd7d >+CT = 47c123e5c0c5a1773adc022f9aab02c0b34ebd246fd40f472ecb6f7519985ba56fdccdc8fa1fbb4f40011dad83614973fce75c23bb674b1e37fb709567b0938d3adde4304b1b17650954b54614ddb1de4766385277dea693552a6f1b9fdfab004818a581bc7eb6a4447a16a3b6b9438242ea839e479ff44268efd0b87245f4553fdd838289e8ac5b3e63bc1a >+Tag = d092b09d05947d20328709b5957ec3a5 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1160] >+[AADlen = 1160] >+[Taglen = 128] >+ >+Count = 0 >+Key = 11632bdeb0542adb1a83d76c56f53d4b4402f7273f6b5083061219b971e98a71 >+IV = 3993f59d18c47670 >+PT = a71c6e7d8388f5933a8b1ff9d97a99b3f48e664b57af4812d7e90e5f3aa5b83265d2ca8cc1b7509d7e76ae4585367d420f24d51616307317c62b060a9c9d965d6045f5079e0ad33421922da20b5224581f119b438190a0677cea32ed519052cdc0ab58af36c793ab9c9a4faac1f5f7fa63ac166d412ebdabb538b15b1b4b45d7421d71484fed52284f8e77027a5afeea2b >+AAD = cf9493bd953aef5d3cd4a16c1bb6cc8214e009d4b134412c59032bcef50c919c4aba296f1eb5a972ed615499d349d3e4491636a611bca7d1a42c3e5f2f6e9783aaa41e1286ac9be8292d5578a8cde61279b9f0a1bc8471f175afd4fe81a65385dc8801976cadcdcb263bb751d8893953df0d345e7f548fb0a7dafdcde60e3708ffe7cd29be89d723a2f8c465c31a6bea63 >+CT = 2767d209e675ca161100705eadfef0b97d26ec68f4a03980610c06d2055e37fd12c738a63628f15245db56c5294ca3a43d233be7c761b9e4839d24e3d92769432e81279d53d43b4dde9f3b26dd5c0ccf2c3733755129f3a62b7abffd34fc29041c641d3b6ccb5a103f6d67f2ba0604c2bcce9524b55c794214e8f6d3fbe3995fab1dee9ccfe8415599d3ca96c0a9b8af87 >+Tag = 99a2f803e5f57bc8ed17666330340a5f >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1200] >+[AADlen = 1200] >+[Taglen = 128] >+ >+Count = 0 >+Key = 77f342c1f48ae42c6cae530271e1feb371b66b67d207ded136236243a14b918d >+IV = e3876e770d036332 >+PT = e9a2a7eaa627573811112d887c6bb4748cab23d1a105537bdf053ccd865b3465c6eea2a824921527a4f3ab71582d95d259261131cf9a9ec9c7130d8e17620a3315ae3258dd49d0c8033eed61e9798a68202abe7fa3f86edc25f49461d71684acccbb17c2e40620b4551c6d5ad2b8b66f29be8af7d882d6bf79fac64d9cefeb8c3832cc1a9cccaff94c209e7c4e3219f19aa8b66f9610 >+AAD = a6bf94e0d7530642fcf6802001fde153220e86bc56aaad3c21e5d5d64521471bbae27d962f1b4b752aa31ddc4f7c9bf87215e70eb6561372024a821fcff03f9290e6e7876c15de4ee17b610b740216b32fa75680904e22c914edde6d3d705bcc0429a3f0ce6d6c29732fa3b29cd1d810d413b2d78667c083509b6871d5b89b3176b6d720f819915344f00272343cd01f96686ed2e200 >+CT = 8ff6c259ff25c75aed4529bf9c8b04c7e80f8caf337f3be45839212c9d690e7ab4cb475acb8690ac98590da21b95195708d05e31b0481e0991902c94a068739f2d039421d626320672adabb081f33c4b7c7137924d47485eb8cb5f7d400b57f5600d4772a1afd8cafdb4ecf959ef031ec30bbdc1b0c223f02fe7d306321f1ce2a6988c4414a34656429b42c9f4727f309a9c91d95abf >+Tag = b9e175906e6f0abbe2b9ba060bc3e792 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1240] >+[AADlen = 1240] >+[Taglen = 128] >+ >+Count = 0 >+Key = 92918664a6d08fac85a120a34effb424ff69a2d46551bc41fff4235263d0d9c7 >+IV = 9ea836f003b450f2 >+PT = f729f86c5c4f3a0184ddef2b51b0443f944240c7bd36e04c5d9d30a75a5ec09e2a91d80816cfdc63376b86a274cd015d11d8934b0ebb0d93a128da48e0de0e8a6c8f893623630f26fa212fef6b18bd1150fe409c56a4e139e7c11f76ff25c76e33b2d2e5407d89c78ec305039fb9472b863e598bf58675d34829c6bd38c01cb46bbc85bd4189da485d8d7d2401a61eb2eeb512f22b9e613a00d78e >+AAD = e84c2a017a8be7455288383d713a8c6405c785d7e2b2040237029d1adbe7fbbdb0dd0909e6c9bff60053d59c6a996d9fac5f2be7ab1461310f21552134713909eda9dd630fa05c6cadcde1c9d88418259a895944090afb6c1bb0222f614eab073be07f7e4ecf2b2647b63a71e47561874f4f3ec447f2d815f456ecc921505d7428980b39ea533a7f5dee8ac6cfbb0c432c63cbb897cad82809bfce >+CT = 4c4ce164f7717c32761641cbdf26a73410f15c77eaced3156382a612f3858ced93fcf977fcba2248249c70d8fd1647f66c49ed740d9d776bce8e7abbed173c44d9b60925fe462cb2421484b837a863157b1c317d8ac96eb3b78e09084a1d43522b892afd2017b70cde0a4bbc8871236073306324cfa9c5da3b9c2c9b2a6a5e606434fc7c58892336d603f82fe48b4dc5dc78b13965c3349522eae1 >+Tag = b9479044553068eebe04f3352fd10990 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1280] >+[AADlen = 1280] >+[Taglen = 128] >+ >+Count = 0 >+Key = 84a7deced81e822674d4635f7b70dc422bf3bb00c8ec4a28819365efcd3c763f >+IV = b36e408585d89f30 >+PT = b841d8b5d125387ddcab2ba279d551bcb5f606343067b3450cf4fa8b0669b67fb5d7712916e6e4f51c68525ed91a760902e0cabda1fdc6f656b0d3318561c68d163e998513f92d07a7daf8d145196369fbcd31882e258c2d6685024bca87f6d238af02940f1686cff28400b672e55014dd0f2a4b067a9d36380a134757bf0badabf8d7370f8f775218f73adfd813e9878970ecaa3f70b36f3f558f243c25a210 >+AAD = 7638d8c95d5c2a0ee9d86cc6a484650fc98afc616b52a5d7aefb9c3d7cf4aa32538a2144eac57cf5032be27e44efe0b97788a98a4c052573dd3a83a2e7a8d10303cb2c662b96e02d5d576c2abc7a35c747eb66b27aaa1f0edc893328ab9f0b1224daea3f8e49ce5086de4cc2ba12ee6acd30ce5ec2ba3517b875b2bb4af5dad9e76e0de6c6c8e4cf838c2c6d069b77b71fb88bac91babeba24f3e7caa93e8c55 >+CT = 5bb76eee0fe2c8f08cc47d73d4e59661bb259698c694eb182903c481b82cf923db2e167259c4335fdca380902c2bc95c860fcbe32c0059c68f7368f747dc5862f97d157717cbd21e10d92189c507d8b6eb422fe3276369a35529a58c44ce63c4e0bbceee047e69336b18f47b85192baaacce3631d18242c2cdeadddedcd8b9ecc75fd27878e1fa92731dd778d8fa903dcb1c226b85c0e090bd5fbc97c041e8b6 >+Tag = 3c72cf2155c67d5b9184fd48d43c730c >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1320] >+[AADlen = 1320] >+[Taglen = 128] >+ >+Count = 0 >+Key = b7595beb31b0410a3327a9bfff8966ac87eea69fb164782361636e7444bbe30c >+IV = 7e371328efebca54 >+PT = ee7a8a425551c2069a9e40bb0922fc6f0183d5035461b0eddfa552c4dbb9b6e5bde4e0f87796f14069bc7603e4cfa379fc1d0d93bb1101ce2e2cb3efd9a652cc022104f653e816ea3089b9d0ba69c67d91040aab40b1d156a3d8b8e92855a2df662f159696f237106ae9ca354dd8199485964b125ddf3ef89159e61944a11b9dcadea849f2916c7c7fb84a3266f620422f4bd3d5718f4c5ce5327e1e0f002ec358c492febd >+AAD = fb9fc17421bb85f2c4bdfe2fe86a4b4d5b770b17a384cef0d8cf616f84a090b3879c6983337c4123c2953587f08938b3aa2865d477a0a134e208620cba660abb7e1a659f21c58b24902e67edb2fc8b58af3de8abf1514ae4a4640b77323338e94b6fde78c910f70939992dd0b09bf67964fc2248c138b6b4fd6070dd4a1a3624dc556a71c80b704601c16fe18153fce59432f2c28b02b7a91516e8cb5647be8b51a4587d69 >+CT = eda454eecf7407ce4328fb3da39a90b20308f066908f2b444406d5dbb48efa63b6ef1a615efcc625922c8732c946858d3865843e8988e2acbcfcdf3bfed125078552d6f88dc604f0950544e5aa21538d2144238459aa01f68229aa93f8ad071525d9a27dbd30fa66cb3189eac10676db7e2c82df4b90cd2e052afadc06c9e9b87001f6b895dd3319fe6bb1a976e68cc2843014fbb8f75d73fdedca07fb45a7cd391dee458b >+Tag = e3004480be77556d391611d723cfa950 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1360] >+[AADlen = 1360] >+[Taglen = 128] >+ >+Count = 0 >+Key = 0502ad3c9e5d36f3e5f417d16b0ec9d5b5d6dede0ac6ddcae86f952c24d24e4c >+IV = 49a4c1c702c0fc1e >+PT = b5eff0529ef723542bb9b38db9c1eb7c0c65e57afeb42a7d6d508918182f21ae0ddb73238c6bc2c71ab7ea2a754f1bb80e612be2854e21bdce58750497cfab178e90d36e79c579581f81c36624b098e2fd6cdd337ed70439a89e82db2cae10c725858452aac5d6c08b8cbbbd7c5bc4044c965e515bc069861309038939199828a93cad55d54ece49aede27413856a3603f66539e10021ae88a6ae6e9f041b7dac3a95dbd4caaf2b93161 >+AAD = 3dcd362f3337766d9a3369c8ff2e92b1dc39d33047dfbf51f9485031a45251b3e595798a798e549bfc106df40fd6bed4bd1f74f20bbce137a965b22b28c4b0b047314555fddd8b4fdb12646b7c5113adf6e76ecb0d3e5955bc2ecafd823deb9e1501dfa138519240f7225a1b01d645fdb1995ffad6abfdd428a09e678c681dc3bd46d4f121e2bbb3d161c11574008da56aedd88b930de3d2805e593b76947a67580fbffabf1394ea13d9 >+CT = 00ee81c39270b2e7590dc01251b6b970788d209828a779bf047a4d87b2a98c2980a4194bb7c233be841e73dfef074633942ef0c8016a50437aebd9cf14e053272ab155d12581b16c0843acdfda00f83f82cbc569207eb9d532238da3d328923badc0e8a888ba460ee4243c8bccd7a12bd56338c57200ff93d716ab1ceba552a4253b28261ddd150475577b2e05abe70e9be4021f8d3ede0daa863a0fa9702154756860f785b3964f4f11 >+Tag = 5e451d987df461459829a63e8e7c4e45 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1400] >+[AADlen = 1400] >+[Taglen = 128] >+ >+Count = 0 >+Key = 80fdf5321e46c5994d354c57a7beae92afe72f8f111467a22eacdaa83584df31 >+IV = 1a4ad1f67e9eb51b >+PT = a3ee446e26f4bafb37273809aed8463bd9bb688ae60a267c60ed648fb1742c54c9e5832f25a81fafe4049e5a6f9d45d2373d2d33bb7a3c7d1436c672da114f622f758e800dcf9b6cdb2607cd050d5c93ff7eb51c80d4791da1de354cfb7be84d9f4efbfe416d78eabba59cfae9c648ff4a8708df69270ecc6c4b210d8d3627fe5adb38ebda1735a802e22bed80c79811c71b933f740bb6312adb28e60f5580649cbd61e9a964c4c9c3950615629598 >+AAD = 967ecf29d2d6e1bd5d504379b92a357cf994ed29108d2c932218cabf783b19941248b5b2c3f5e629fc237b0ab477efbc8d72f5ff90217e9c88a15b707a1af410f4c892934c4c880497fef780f43b4c30d9cd00c189ba3486ec9d86f453454ea846b58e81da65c2d54338b58e2ecbdf6cbf0cf60a7075213b7ec45fd12789baa3c6eaf98d3d2e9ac6a8d1c3df6aa603c8b12d01ad2568d9ee5b76912a3cf8ca0fd69fb407b5d2ae35eb5afa12de33b4 >+CT = 2953bf6b7e5667e1cb863377717dd93968a549fa5316c360004c759821c82b8281db50b2cb830cf538125976fe65908ef03d58f254f7178e178d44c6c0f11e30266f860ab21ad81041719a338c074872eb3cbd02e4e6dc207c53f3d8c5e1fbf4c49fb3ccb97888c99c7a3af40015a8935123ef6be62f8cc1461c989589671ee18b0bd9e61bb27170d1568c0a25838c9eade1c12e310c25515c6a113157b8730df6a08cbd18b876735548fd2f9dc5a9 >+Tag = 8c9db940a999f0f3179ff54709894cb0 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1440] >+[AADlen = 1440] >+[Taglen = 128] >+ >+Count = 0 >+Key = eeacb258c978a914a59702d59542352a3d162843951fa166f0131728d9e0d997 >+IV = 5e099e960cc82293 >+PT = 00067b4e3ef4240744e9a056ab9972607c1bba021310ef37cf40fb1b717e259ce74830efe62e578abe27b8983f841c97e08f3a296780ebd514e0316cafd55199ef92fcca4c60796e6c96a7872ceacfcbdaaf7080e51ced94aec1f72371885f53ca7f2e61bf5034b1ac99188017d478c6fbfcad2a7af666d9b4e4d56960cdbb1c1dbb881835a0fc4229a3b75577ee6bb4c9e6ffbb8c0c93f4a7e42df2e11d1b09a7687d567119a6618f20948357a8c71ee47a297d >+AAD = cda5e6ea55a75f0667cd821035bac9ba9eb8c5aadf263945f46d1f1e8f91fadb09bc45ae361d1aab954452d04652a9b68c32f29cc872f4f3d503f2da8094e10e54d3de9a8f5ca0d870574fc1f1ea6cc702c1c69d321eccc3e3b2a1fab68006bd33bca5e9484715e42319e26659c2aae119666812aa6f7b4af501bcf944c3b3dba9c5c990f72e135940689581ac6881862f48161800f26c0c161cf462c219fd4dda294f2ceb65cf1b9bc1ba55d2e8e60a64bcb2dd >+CT = 889d17dae16c768ebec22678a5353eee3dff9bb65539a73fb595ad19ba9eb7c8bef7a5cb363f94dc81dd618b3c43763491b117595012944c67e023b86f0ee9c5ac13bf0827ca6756e5eeef02237b50f8d367c2ec9611511cde4d6eefb586072cecb7140d6e6f7be7cb3818180e95ee2c360c30c056eac9bb994713082cfc513c63a8f9abe633f468f30e94440e7df454437bf246557b75706f7d53171fbc13e0b608e8916afc70a309c94320ec6e8c376f4bf5fa >+Tag = 6a8d14d8d843110d58819b1e7a7328bd >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1480] >+[AADlen = 1480] >+[Taglen = 128] >+ >+Count = 0 >+Key = 8436589b2b65e9930492025608978258c5ea334abe6d48621d956d5065bdc5b1 >+IV = e093a1c75a4c5b24 >+PT = f3a6fddc2bd13090e6dbcce56c7d20e8359d324964cafa1b5fcceae0924fdd674764e4b36c8ff1f34a2473f5be0666f90e97c43a890aafe8196350ea71aa9d2eef6cc240e06e7bd38d960ebec43227b3f87ce4dcfbd34efd812ea000f36dc724364756c55a2d38faf84b0ce2f1338d90559b76644449f16beacd2729036277a49e09afb3c38261e61c9fb01198c68776fb3f68c91f088970eca3f8ab8711693339d0dbbf1222faa3d577c229e6ade14d77b0fddde6c554223e >+AAD = 6b719c80f4b249800e27f87ca12fad80cec5fca5c88007ffbfc1f31720c091ee0501f2816d3864b50385743a6bb0f1ddd08ef4ea4abf29003796ead8d684f0126c7b1339a9a9e8acd681d24060fc048269769ec8108f334de13ce49b029477ed421a5c2eb5ed1754c08237191ac6175e445e1a7f484eb58fc89fcdff894e2b90f67e5868913afd3543ba615c8ea0e79f3d3e9ac49342bf1e0ab86fc892e885e36e454ff84c6110610aa059e86ec090fb6ae8174fda067bb629 >+CT = a43fa3d4645a4d86ada353d8d7f65e4d7269e257585ff0d1a547139a08a71b697780727abbb4e169bcabb4571bb2a2880d4af531520e4de1d6b6a57bbd124bb435fe519524f327dd3d4dc77effdbf477f89cd62c9d2a206e16e4cb45621cd5cc2068560840306aede54c27ac3a09b07b527a268d091268f8d6e7a8422c200289c26321de7cc6fa70d49b17719f61dbf6c48a08378a6898d2ed0c1e1a3a6432c3b0dbb3ab79436db28a98331029a44a263b40e684e6fff9d45e >+Tag = b9f924316c2ffb87ff7f89304af4cf20 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1520] >+[AADlen = 1520] >+[Taglen = 128] >+ >+Count = 0 >+Key = a90b3928dc5399ea14dfc9df57e0031f3fa9457da065380bc33bd85127ec2970 >+IV = e49def15365e8aa6 >+PT = 9a3283884261ffe63d4e879a76ff7aed549b38f9b35c7240cfa6c24ffd01d9068e1d95fe0fccb8d06933629aed2fb31144b7ce39a977851760ea6c1be17726846e2a3a4782ef29ff478b77327be70ff0b5f87ff3b175d3dd561ef057a8ab3a7c401bc3efd80403fd9811093ab09e0068ccb1b73ba28c65692476e8497858fabebb9f00a24c2615b89db11199a6b12cc9805f70abea85cb8a9db7064d30613f497c4fe5a9691c6cd3bdea0b7a3d5e9664c4ef21af877fd8211462c0633a10 >+AAD = 87296d957ed44e81495c62d67f4e8536af5adac233e14ee7f00f13f0819b9d62a6cff84a10603de810c8f948a3e93b25c641167e72fe97c9d48ffd5fc5efda38babc20c0bec7066919a477b7527695125432a8933b1e7ef29ff5b8036d6181090f54d451b338ffe7bfdccc7fe80401006a3df68e3207e4a3a052add3a41f9b09bf0af125003d5da42823a90773706d175d4abc6add4482e6de379d8baca80e9281ddd3fc18afc783941ab844ddb6515a754ef286427438c344170fac62d7 >+CT = bc6c391e451097c03ceafbc5759ea77fe466eadb6b837dde51aced9e85ffb8bdf56e7754ec9e2b38b5a9bc341147da970b4c68462ef1c1baa7999c4e825a0eb2f770638ea2db8f0c4e4473e47e244a227eac1aa064eedc15739b9a4ffcedfcc2c59e3aed1bbf2d60d9bba50ee56ac862a88bfd0c11cb3481c67c0d8ad48c2c4f597d271263d2cb1046d590be1de50204919ddb185665f3355e659f864e05fce6b718d14f2a5d9e2724406a6dba31c5e3c53b6f39040b55e927dab800121b >+Tag = 437602cda5ce1e4e0ae372f6899cf6ac >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1560] >+[AADlen = 1560] >+[Taglen = 128] >+ >+Count = 0 >+Key = 5ccf00ba06a0c91f9c7d72eb10c8023c6947a11de573953152cabe7c9f66b5c9 >+IV = 7018289d58f6019e >+PT = a69a14fd1d1e4309fd9f671321776d8fe538d6e4e552b2589b4e31f7d191aa38271d8458c3e4b0e27330fd8d6392eaab3dce2b9bd1daee25179ad9b10451e4d5e45b13702cdc1eee9edd8626bbca8a11e4033759a3d67c3a3b1459c4c2349d2d17f06c19da043113c15c84a44cdee9c2bb0191af02bc35c61787e2aab82e74b5d559edb391383d015b4531d8c2fe8d6545565d87fa10d887e42429e01c4ba05bb79362c5a148e13e033b6a1702fc4d95d737c8dfb18a82a227308f53048f97966e5f04 >+AAD = 589ea0e8ab76ebe95bcd5d4c1ee4594ce58879c2cc51d2242b0f81e06f8bac33eed346bfee6d928844cd785eb27d8f69f044abd8ec34fbb12faaa6d64d13ad16d533a8b318e12acf3eaea4e10c74aff8502aa8a8790e6535965bb3e3c89ff58653a7100135cf8ca5094c1f4e67c00774ffc83eb89a9b5ecd209ea30159038679203b9fe61428eb30226b10bed4e9a9fc84972108e2aa90dca3c8873669a6b6206250b39842a46058cc7326895079f90064dec7329f3a52890ee1724a072278c12ea492 >+CT = 87eae3220aacea4f583eceef1d8388d76b081f21d4672a4eb49671499091d8c2f5c278157a63538a2826f1c110663f10147703bd9f7bd8939b3b7a3c1977d3acd23682a9de618e8f5d2d2fc7f602b2ebecc7c26e06e2bd3414e0f42e775eba564130e2bf65694c87469f27be90477a207e99bbd6b0c767fbebd1ffb54e123119edd5219e41f8652059c52627263b7aa718fc5b7d4f4083c49dd32d69c5e4230d4867bb21dcf8c2c297d9df0998df59ccc0e2919c906524057f611a41d2797b49358ea8 >+Tag = 51c065dcf4b0ca22ee8edb6012c69eba >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1600] >+[AADlen = 1600] >+[Taglen = 128] >+ >+Count = 0 >+Key = 588c683d77cf144d564a5db3d6bde3bddac330a3461d3a73c3fc91d65304d118 >+IV = 031cd3c18b1f3862 >+PT = d2953ee77279a02b73e6819ebd0bad4fe5873ee934b94f9e833df67004ddb332d86d7d6c63c6801fa31a99732ac5e0cf0d21f9f52bb405944e42b47ff89ee9222cac34321e17d0593f0c73542a6a9209e9fec56976f0e1ac4f63581c65a678a400c19ac4a80e1a34c93069a3554c3557762076826c99ac9dc7e32f0eb3a6261d91daed5921dd8ea566013785f1063c8a1bc3b0f562b0523bf818bff692d358543cb66fee596c544f5de246c48bc4dbb52974cf900019f1b375b5fb6a2fe8fc898c8794c0e35ffc64 >+AAD = b3e1d414c76d0d49dcceae876c8970b5927a3aa08df56d3cbeb6541e4dc6b7369f0965b9cb8ec18bafb655e217767377c56c0bf68fce4206fcd81e6b6d0496c1f8a59a64de9a2264e92b0944587839cce92587fe0d7bf97d253d0637e28332a6f88ee602fce6ac38350823fe4304a329e1706f75f798f65e9adb429937b5516e04e65affc53ed32bf87e0b1efdd696ebdf4c63b0f6231ae757ac0787a408cd7a6562b56cb1c4a28400454c00422b7538ccdfd7b5b9ba20102bad1d810e12c17c6bbdab41d9076767 >+CT = 8d18e859977faad466665b5323060a86f54048b3a6b40a5fa676c0561c27a059d45152c99dd01f482f7ef9075439cb5705e3c572caee26fad4e1b1a2a96ebec34f39b96ab6244657fbedba45d7310cc77481326f628e9e0172fd1dea2bb9734e90a947edc4d361b1f3401dd6b7278a023ce6ab44555a06dbbb0ee24a31433e2d04c3d36691c847035a5cbe7857753d242a79e77933613ab60e3782edecb826eaa3bfd1f462bef33e89a347699d5ee704c7c2b37501b7e1d9dc90ddd607137202b9f9795f507ff4d4 >+Tag = 976da3b323533f8b57afe9416ec0ca1e >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1640] >+[AADlen = 1640] >+[Taglen = 128] >+ >+Count = 0 >+Key = 642603232bb2bfb68cddf3a93f07097ce65dbb63d36d170b1f24e74547fbf1be >+IV = d4ecc1a6073f3983 >+PT = 932b7f75bc3ce09bcfc3ef29d27a99c927bbc0e395a4bb3cc982371ff7ec8e04113b52b91c7db3b0a3970d5f3ca6b1806d7c4285ee45d8c1da1bde87fea9dde6db182623f98860d8b09775cb928a19a5e286fead5f72ee5e4b2a931359cacff3707f6d81332cf2b4c22f1ab05bcc8db160456e13971c8cc87bec523ac09c4ee828471731aec8e6b781fd40baf0bc735cc59bb779468a00162ba03caa572faea40f47090da82b51b5aca62dc20215dab847dea5a9ed23344f34f1efae08fa8848f5fe7377dcd0c3bcf41fe15bf6 >+AAD = 1f9f4c63f384b443260b796c6b9f0d5ebcca37c71e07cab265368f16bb9f5d6540006c0404fde563b1682c9e79e348230d5d6ced913d3d9e77b5e5a2f146871e11aa0f4e3f0e0579b03f7cb802fe34b90b854308d4652ca3b69082cc1bcea0a9e4aba8024674274f290fd9fbf4db41c850f6fe25881287a8a8d696e7bfaf1ec8fb062bcb7b96b7832f5ce64182e6a243d1fac7c42618ccadfcbabb7a2b3debc3a701b9dd912a72239143786f00661e2fba673a40980c7cd6329b386307cca48ba0e678400d7a924f8708dbc105 >+CT = 346e737f81679ee8ffe91b814a31e688840722464e825bdfafc65fbc9ec1786909a89b019a8e05b1e38bac2f1796eaaf99752acae7abd39e9c97684963d37aac5be4a1b306fafe0e6d2af0a33403bbd6938d7a5cc13dbb09750beabc0ba148777442b21375d5a12c5aeb10f8917ffcb7733a0b9e63637f1c8bcb7ad45b0523945bbf9d22a74c3162c6b993103f9344ba290994f09b8913a3a76bdfc07280e52ba1dd61b070b448f9c867f38d9730ffeba3a4ce91752f4437a990904e3bd6bdb43530f9ff907bacd0348af6c2a0 >+Tag = dea034b6694eacccd5af9aaf242ef5fd >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1680] >+[AADlen = 1680] >+[Taglen = 128] >+ >+Count = 0 >+Key = b968c06538a07e747e43a3615f558d0932db9d599294cea4f143a3848c0ed051 >+IV = a0a1aa452063fe09 >+PT = 0cd92cf2ba7e5cc0e64f896bfc7ea702bfcc97eb930e3643725035db33f61a6610c9ef7b241629886b2641f93a1d626e9ff6685107507c37bd5e0578bc9a70dc808a0b3e231655a2cc6a54afa211d81ea4473fb16768426edb1d960e7b92a695a016b500a9f37d280942ac85c33566345353d47081209288e449b75328b03c543bf74d2dad812ba0e33750f535c2b78308fe4d0a84ded50f7ffaa7abd50de30adc0cff9c05fbc5483d5e7f7408ea8d16cf92b50daf75a36c763d737dd25e7c71f46950248291c49b6186d0f65267291be750 >+AAD = 34524d311dee96b1ca17678952fe130ce1e1f52a7246c3ec7094edb38493f9258366de1a16165da65ac8324117ab50ba81b6f4dbfd335e14a6c09d31bfb84a63918a8ab1bb6b3021a0c2115532a0b37c7944ccc335cca28cec0788051df428d6112e2b812419bd9dbd86b3d41c62ade56739a502ee7f1a744bf8e8df77b4c7239436742c26d141438db030f6c0217c166d32bb014b928da3ea394352fa085f2a9d794aad02c176f65e380c7e756348114512b15c59dbacd7983f69105095731b1243c752f0b7424cf3977633297d24e4819e >+CT = 01ec19e470cc6f273fa74f2098dda65cc1d169b599cab9c6e65059b0d6f3d1735a5b742bcb9ba87016b117d4339473ee50b69fff191b3c55454215373d69a466dbc835671ebddff26e487287d886dd9be12ddcf0efb9a727d3caa7087b97e156299622345e1dd2851d8692bffc987574190a60e25323afdaccb9adb25a966fe248966d6c8a4d22b321724c2af6a2f8dff50108a0c817ed43a7777de06212ab24e0c6e757489f24a1ced2921e2358fd5f28a5fc3d3b049b73869509b1a7dcaf18b4c61973bd4268e34d1b6a724b1a070820b5 >+Tag = 4eaea6244cf697c8143e3ad58139fb48 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1720] >+[AADlen = 1720] >+[Taglen = 128] >+ >+Count = 0 >+Key = 2f0b94fcc95c98d788494cf14ec3edf3fc02d91f357d1aa2260007b29442a9c7 >+IV = d71703771cec7c3a >+PT = 49159438356b44899ba959d5c70f2b99ae7823c06057d883710aebfce18df04bfa5650792af630c4bc39db86d489b15566dafcd599a0c65ae96d431e0b10514a0e342842f86251490728c2a5807c3bdfce63bc71c06a9c3ae8943c897de5360d91b53cd7f094f594b4895017e6993ce161fe2a321cfa07bedfaf45728b7068eb52ec527e64534d6a5c1c1848cf49628fc5e1b358a5ef92255ba6935372049c7fb2e4be2609d77c68c801c4f22c834152bf9439c77a79dab5b89692b9c73e26aa9afec8a419601ae00179dddd6f7ec413915915a3d472ec >+AAD = 1bdb4944ddd59286e776f8f6ca1ec21bac35adc0d90f28b76298d166e2d9f2c1655bc3b7727e2ba1751456ff76084f2c3c5ee527a00e360ae060993493d80ed8de7baad8c8c75b11b8e6a81aa787dd4bc7d9bd984125c4057a8ab0f8cf4434207e66c3dd807eaa3c81f2eb798cbf75cc445de5c46ccb4a3bb9a8b83b812df39dd03ee23a66e36924627aabb030260df22358e874de1bcfb641fa9026bdaab6304eac6a208259f9297b220da7a3444dbaf5ed75b98d87906e4181c990e4a42c44e1bbac22620960a377f9040e4387e1e254b29738b596a4 >+CT = aa63c0cbd034d39cd3498f1b8391fbd5887f07e8c8fabc6b67006ceb5d10eb374ae35739e31251abefad0423ae555cc5f3e25d764aae2ca40228bb1514fad320432406dcdc407f4e50e9f4a11d57115cf0d5af6e5aa9884f4befcb61e44eca0554e88a010a5db17e70d796997c28eadf24b01a61ec50954681348d729a370053f65ccb62caf1df8f219b346736214d178719baa7e4c99ba7ec350ea351f0f1d9bc3e5effbb5fdf951a6e66eaa13bfa40b16e3c91d7059add4947e28cdf4ccbc8cff439a37fb02475922201f36d853cc49ef782774dfe20 >+Tag = 807e3dca3c745cfd0d3868bb000742bb >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1760] >+[AADlen = 1760] >+[Taglen = 128] >+ >+Count = 0 >+Key = be480ca21763de5487f622c1e3061d4c08fe941af0f36303089ab3633a3ae744 >+IV = c47ee8317eb2b62b >+PT = e4a65a978981a9da63f3c5e3ddc58d24e141056d58fcb3f7dbde0ced6317325797ee9c00784cf204fea4e9fc284cddb288c07b58fc468601a7b4b0918efcce16b8cfc894ca464a5a773dc61e4e1ae533bd0a0841fc1683c6437fa4f75581d42a16adeb43cff8ce148d9503462e9d95ff9a504a594bfb9adcf1b4337a02d494e2b53aea83aa6d002a6f4ea47439c021b6b93b9a71b715676c4f87f1f5c1449562febfb05a861ee2c8f49ad64c0ffd1d5e63881770ea6cc759ff93640d9d92a042526f8ace19afb70c429d34643724b8eafbeb929e6b025e9558f614f5 >+AAD = fa736361959a7a7c34f9d7a7c9c6d72c331f4717c0f911a85cdc02e234009e2901402b5d49d9d86c01a777e64f298e900829035497d885347cc31d4d9d95e1691e364d04c15106fa3457965358b628cd4c9679c567239e548b10ab076587d623d7b611888c32cc92596589eff25c80f53122d0b107cf1733df0fe9c2d70401fd24a22020b1433acc7a0ff88cad5f23c6546a8bc668a3fef0b600c4459fae525232dad184e785e47ed964bbde9b499b4c3bf1225b9aad15788e891c61e2d1e58aa858637a9cae2faa911db5360943259a25ec14e3bf8d74082c63be08 >+CT = ca88c7cb402ceed3a4b5c0cf5ac69c30876756ade17f10c1aa8e0cdf3d8bd468f1de8e12f05aac1b1e0413cbf202fc5a71642faea41609ad28251e64d5f0033cb44dc15bfafc9b5b8555e7e23b018d75a2df7500be2ef75b6ad42b455eab9b8bda5cc0232d34f7d605854ea360ca8b194a52fe1cd1fefd0a1e520015068c93275be9b401377014f71979ca963b315a4d2511ca1b6967c7d5410e579c8ba4c8199ef05ff9fd3c0b805974ece2a26852c10136e2ea695c677544b1349b389447286ac0886b80afe11e56f561d51d6a248a0191141a1723449e0aa491e8 >+Tag = 4fa94b519b21c1f31bf0b02c3a2f82aa >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1800] >+[AADlen = 1800] >+[Taglen = 128] >+ >+Count = 0 >+Key = 25eccf340ed47ec149e8d81f461be9121423f48d0d825d090d7cf82a4a698f12 >+IV = 9d468ac312becd10 >+PT = 624291d64399703672650169325b5f8633672677a2511a88f75d9b02e2b492842ef06eeefe1d99ccb870c0e4875a7d4feb0f59d2bff57548a4004a84bbcf4e508157ccd67c19233a8d200bbdf805521f07a83cd301c783d8e440d1bffb1a953c7b54687a4321c049d60dc88ffed3d3aa7fa4f6d8636cd85dbc71a5fd41e98ed9d191cf51f8028c81c9d1f8fe8db93a0c889b03b8eb0944ebf7b15c1ed6bcc76c99562c42cde52f8b18fc4bfb1fada027f12aefbee9d7b858e0cb94f9d6d13aae9b4fc1c65c2fc2d1c26b0daf47b73bfbed7bb4774df618a0235bfe77f3c939677f >+AAD = 82d1e304e564d4b699a946a99b4af35095d3d46503b93820b244e1e429d986be7796e1b91956b8654d1b21f85a31ef7ef352d731424f0f0d245e731d713d51046e40dd92784dc7a35cc0fe0c750dd30414f7255c490688d1c54ffe3bc9abcddb4f7f4052afd384f6ee83d2c2f56f45e1964f5a6c285dd4c75312b3bb7fe9787abd5a331cd2c878f81799fef7d340b5946c6733e6bc3e79770fac1176a2c354c8a277dfd54eaeca462adc16d5f9711336c7f9a59212380f57ccea003b25584d1c88f0df5008bde7e341190d36c98f4a56967e75968cf2c698c204b3edaef495492a >+CT = 22c745adeb7ed0de377de8f0b31a51436820d3b3f8a34db18ee4292f8316f90065007bc1a7bedbc8dcf5b23f5777ade58a12f320bc632a144c5768353f6577bac4b718edca244763054bb33f7d23a519acecaed0d31562dd0e4db215d3e32c4060a40502159253f7e79e0d50f98de317c0419bd4133a03dbc104f4ab2bc7eef3a23e4c9cb9b08f97647085295f9073e5ff6c7fdada021704716eeb12c3a0582141e1a1f20f8fac639eb4b513b5eb66738885b537171919e7adbf37a235b92c58e52be1c9acafb54e97099bd51342650c2f1e595be36d25e7cdc92996b3e9595e17 >+Tag = 1ee3254758750099c6f08c877904136f >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1840] >+[AADlen = 1840] >+[Taglen = 128] >+ >+Count = 0 >+Key = a4808dde82ed8cec58d3efa8fc4d20624618f984e61d3dd799a020c62927126f >+IV = fc3c87d629ef9c53 >+PT = 01b59bb55083371c1c6356bcaa69ca9929ace25a4d4152dfe488ed917835f50b3931bcdfae7d2468cb500883bd8521f15f0114a17d66008531e1f6bfbeb189dee34b24654b281fa8d7f1c667b0ca8456f14e523d5dccb379353f99b9d2c1b85b9264eeeef77a0640d4ee878a0b04135e1b1a97aa7fa4e8f3158a7d278c8781bfb2c6d962ab21aa5a898cd792dc07749acbeca65ccfdf2e306c57b81701f031e1e9f2b3f1cd39b5f2f977a83c12eea28654b600c21f1955594cf5120777a2a43012f470fef617b7df9e0f468fadb4f0f844bdd1b46525d9a92334de8ed8eec217fe9e67f9bbfd >+AAD = f68bc6e008ad80a96de94fa8d3d6915752251f3060ae4329ddc68308c4ca3aa72d21b7dabb6790707b8296cdc46cf5c18a61013305b519dcc2cc654c29b426a9b985f665365a7419a6edb240ccc5877f48c9f22ba9d1e6ce3cd1dcc3ec01e0b5d19edabe900a478ebeaaa85848e675eab3c7c64566a0f71f57f7545381469f2a20b77e0527673c3973113545af14540204bb9e77589854925b54072b342a9592e374f91d872aadefcf00e2e896682b156dddadb8c3a38eb87ddad78e78d543bee2f2a2450179faf1991c1fab33d094d4bc6a2b49ba27eb40e7a785306acff88aa2b0813ce29f >+CT = 92dc167715ec0f1c6285f11ffc5eceb23c8a85c101224b19b93a7c2fa448e0bd8ae362cecfb3349c0bf31eb0005306566e6ce89487abb286b48b04f456479e431d6710bb6bd9ad72b6e886f140b3b4e0d3acf7bf54b310ead637e4e475a179c035a831a68838d54993a4223615389a5d986013d64054501ad8ee74047d33969dd7a202ee3107621d6303a5e24243cc5fbac5e8570ec7cb9c7d3394aabae5ca554ad3767bcb13cbbffc1e9e0c076b1fb09d6e171ef6aa5fa61c7cadd9fcf6f7e38bb062c1e6c1b10d3353c3096b64c6870d50e0da3133333c4b6baa81a0049f7bc7a602f8e611 >+Tag = 12c1cf240c9f1099244ab4fcc8e155ab >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1880] >+[AADlen = 1880] >+[Taglen = 128] >+ >+Count = 0 >+Key = 15f7db2aff739b70ecfae196019995585912586a54f9dc600b12d541dc0b84cc >+IV = 88371b281cc8f954 >+PT = 86d4de986f725357f0f9e8ff10ca11306a4573d250b71ce1a6a410167385eadd82aa5291d6471ee9583eb14be5682044c228b0a47965fdda7221a0d770dc705d1a83fa54004d3f310f73881baacfbcee6d3106f11f74ca31e01644c70bc31a87d72272bb3e56e2b76fe5bbe5c863ad303cd70d68cbe0cf47c297a3025d16bfa1af7c08a1f4607226e3ba997b361683b3b9d930f1611e6fe4964653ccfdd0c4bff9ca584c8c079e4a65b21d3ea745417895a478865f103b0d85cb15d4021f8389250e0d76dc7e509b5e419ea52ee6c45f9b2de25acec227dce42408aa98f71da98b4e5ebe89babd3f13c29e >+AAD = 10ae3a20752be26d823b5a69a2e85d7186a5125a29f9e3ddd5d805bec1f3e982e78cd31ae4764fd2da9bf8cef303735f72728f6174ca4aa8e5dec1646ca9ba60f90ef44c2df93acd645473786ad67a285690efff836cb60850129924d7372b739316da9cc0758d9d4242ce83aec98f48fd97529575d758aea261cdc6f00d197f140517dba07d64649c6028bce0b3cb782e7c0e562026b02a1b66329b093fc22b50bcaadd20edc79eede3a246dec9e98b37aca16b80b1c3f9f27871dffd0d8ee426e0aa630ef2e3d4d8d6209d44930b2e7568308deeabdfa6ad420f3887715502cb91e04294a4d42286155c >+CT = c583c6e5ccf6645301dfc711e4f8d3408f52a65a0324fda699fc4e4cc96a782c824f6ebd9b6471114c4b8524470cfa6a73d3454a5ce27ceac6ed541f4254db3e8d80135c78996307c10fb8cbdca8b92b04e1d749243a9fa77b45e84fb2e23e61a59f78609e6a0e0e85b01f70fddf45490fff040b460f6ad2a018d78d303f8b1fa9b445ea41da8cf99d8ff359d28ad17ce424dafd8e9a35d60a9c717c47d32710d0f50240755bac827353dc1b95ff3ebc95495b20e6905293c3be26928d08f0caa6263f251ae7e7a923f78a2e1e22e672bbeecc1dabbd3f32b7787e7bf30f2db5640bc61067d2e8d3137324 >+Tag = 7f6eb4d23c7e8454732e85eb67677866 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1920] >+[AADlen = 1920] >+[Taglen = 128] >+ >+Count = 0 >+Key = ea30a719a649ea235f34620d4118b7c6bc09ac09e66f9cb15757591a3aa4c265 >+IV = 0e28a7a60e4c734a >+PT = 7c68bd93ce2864717e7dd2920bca980ba371797f2b0c4ad3e1ec582604ee07c58ca0e9b221c9e53645202ab41815712e72819528ae299307d141f9294a0240ea05ddc787706c54edf47ffa8e40d7f011f70f0a68b0d8ee2bd982b7f38c95c2439d91b8502b27f779bba078493345a55dd00860d2b4e5266b62ad3be9db3436d85e06162c5501ba16a269b9ebaa64aaf3b7e8bbe105305fea0e5e21561dac76306b1986e3d294e78ad66614ddec0197f7ad4e4d74e5efc197235b0aa4ca21c1adfb98f3ba479d34157ab806a8dfec1877ebec7d720a78a294e4033de3b38d23d351609cbf3db641888c8f5c6788a97640 >+AAD = a7c9f242f1ddc51b57e2e36cc098c0887a192c20939ab3aead166b6959c0c8a026592e092302f94adac49093f48b5808d734a694639cb4f2d3d559cb9183eb97291f83398f1721384955e0e092b7821f69d3773a851682e739dd977a75441203baaed70b340cb102b35ac426ca14ba750c10ac4cba9068ea0d60b6cf7ea15edfc737c50405d0bed3a013b8dbe663da1a5bf740d321ae7bd5112176ae5e0345fe2d224499a6de4cfa320f6e06a0870cb429b47a6458d6ac8af31ce3d315113c575288a96b982da3b318b3c1294e6a2e04940924114944bc0fd3baa9d902e6e167273c2644ae678186beebf6cd877bbfea >+CT = 104a31d12e03be0b4f04e10cf22c4659c3967dd925dbe5279f6445646ec6b109d20572c3c6e748f412ec4c4bb48db539c54217ad81f48e863caf436f44d1f576eed2d27abc5ff0ac506aa31a5136b3edf60950f2e83fa634208d717798003b6ed3897b919e89d1dbf00b26afb41dd05b8f547f83bfd45e923a5ef461729f1af4af6034c78244276c23356ffd1300d3a0e976533b678e39b098d7d8ff741d77bb139e9182e94f5cf1c4f0d7e9ac24e9d8016012216e57b56f64012c3f94ca986dba4fe6126f148efc46e851bf64dd8e72d46b739852c5d7d42205cabbb8a86495d9ff69b4db1777e7584c664d8e662bcd >+Tag = f602111fb518f3df114ea8d7c3a7264d >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 1960] >+[AADlen = 1960] >+[Taglen = 128] >+ >+Count = 0 >+Key = cbf60711fcf730fff0a6ff27bd8532604257853af47bdd83b176a267c82991c7 >+IV = e41013b662f14f82 >+PT = 5887d627b13284bdd11193636b08fd4c3e77086a4fe0ffbc14e1659e8bd708d247c2dfaacfd11442abb0f3d24b57866a34857a17a2b2b23d1e3c2ba1bef7085eac7cb8c8ed05fe7e24f608052b74d20513b28af8cd98751d25189a403e7663f15c84e68f767dc6371bb8ab367e5d06c5d052fafb0f77b762dd076b6a2c2482de4877f6afe8f268bea0af8942fd41f60befd9cd93b42fff3728ce0765f14228ebaea1b98c3655e931317668efbba77ced0afa3cb72dbc2526a440cec7156ce0eb755b3cd2717d4422ce9b6fac87c559caa4fb75dda15508ff564a6e77a29bd4f0382e0a006c623acd025a77f81d64a84a283cfc5335 >+AAD = e4d401862817e3620ab05dfe0fef4744fb3f218a8e50ae2b400e2f198e33bb8db79cb7656d3e7be536c0767030b6a41b4776b473bf7d9b632cd23e36336055f01592d2fbb047147fd311e60d66ba2dd6c09ef00146991d6d29d70f1edcc3e75dacd6f69b2ac8ad43e7dd296c925f99e29b71ef37bff096445c3c048f21ab6b8664495a1f4946e2ce44cbf3acdf49c486e4298b5563c7721fd23b342ec9070fe77066aa62fc184217c31187ceb76a10522dd335fce556538b4bcfacefab265b3893ed9e690d82dc3f21934815abbc4923ff5bf7272edb3a9b6177a13a0df6f51851bb7962462ea3b8693bf28b108e9cdeba4425a6f4 >+CT = 2d694d9633844f1db70d17884af7dd6ff07b8ca191a861598263af55193afa5709996e4caaf3c76597f092311fd91cd574844c3ec769198aee6efbb4a75d27c374fed8351e03cc6452f6d0df70dbfc61b6a4d19e8e642cbf4e54bbfa302a7bce3a9ea5c8ae25a49eadfbc3caffc2a97ffeec6adc991ec6a8408fdab391febf32156a390ba08f36bf580c8cb7f154ad63624911a08a74c93d76caf37b9acb2ff3cf63a289ab4330313df1644e0325f1748ed9e729192ed097c34ca79db9ed524759abc8ce86b3fedc2dfaffd3616fff19b2919823afd69a9ef6a236680efb58dff3122080bfc652ba26556afba9aa319b545bb32099 >+Tag = 2a82623980188907a21401646366852d >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2000] >+[AADlen = 2000] >+[Taglen = 128] >+ >+Count = 0 >+Key = aae3c4ba69469762149939fc53cf05e2914796f6d1d1dc2ad9f76887343a67e4 >+IV = fcce99fa94123c89 >+PT = 0a5aaa90a6004cd6428fab09f85e404d139973cb3f7b4aed314f3627a066c6ca667276af9cdd16d35fbe1c32a649f181e15019d45a42eeac2532e8d9e2b76cb507386f82215e07258e42ed6b3157816855ad9d1f13098973537bd0a732f92bf8de4df4b17737089b5e1bd7dc8c9f9645c2e81502b39c9d3c0a07021dd73eee2bf35fe28519b8bd6acc32451d1a7d72cd6eb7ac927de5ab55024ed827f06ae3458a5a9636a66afb4312ed85b0ca4142e59c692e2299c46849aab3ca167736e4e26e1fd21777a1e4ca88454feb8ecfe69c617650bae64f27ccbbae94637401a9bb7f0f4b707037c68ce15c121b729a8a06d0b8b6dbd74ae0eca4dd >+AAD = 6708e2f52ad2c1ad24facee289eed3a343f5a68d52f155f46daedd343129fd39c4e7598e2e63a04a0a251c579759eb3ee6f1f4a39f8a2c059c592573039c602b73d756e6f57d2c9ebd9f1507b55f528ca54f0b95a467771bbfccd2d35dbfb8dc490ea1bfb2c62aec9f4f5efc6d608d26d25e7469c6bd47f36feeba450c211e2efa3266f18b8c0a21a9bd32742939701a12debdb92ee49448ae7ad362f0c3b42103e26843a73d54c626cc19da078547a328bba750be7cb0881b268b58059ab4e70673be63dd6626e0e9d1b881214a7d0c8513b353f23fa380d828fb04355d365c3a9efa98afd3c96bdeb5d02787aeb63eda439da086990d51394f >+CT = c2295634bf63bf3a28b018d2d809f8c01423ed4217933005a0204be572e9f28f49f636dd10e1466444e271e1bf0bb9a3c874a2d5535cbdc77ed178fd398b25d753fd01b1f0b224d50614d88fce5887f4b17c9f3119b06eae0ca000a63f907a5a6cd328e962f07b213794d13a3ed303275ca0ec622fdeb76d08d83c981d6c178189e246f355ced2a46596c5d09c81cac4c5a2a2244758e3d8bf95bafcfc07e546db12b293487418599e5e615943f6afa648551d0ab45e81d2b565067681977e3435c5d034f973f4db9f4eace95ee630b6421f37a5590bfd2a9d9380c9da793ee441aa1edbe65824683e15b6b217012d50d937ba84055b7c61d148 >+Tag = 9fb68bc132294a8cf6dc5830e04f1061 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2040] >+[AADlen = 2040] >+[Taglen = 128] >+ >+Count = 0 >+Key = 736e1f8f96035aed0e8624a510c606c7a5b9a20b906c23a9fa971e14eb7362a5 >+IV = 19d4577a77b663af >+PT = 0979a923dae45f2e1013c9e13a672838ea90b4b7083b4ff44e727b94b0a72311986beb28ba1b2f070e084ff0618dbfe41c077e5ce1d7ff7053b09b98d974d3b3f689fa3894313a2534dcf4defb8b5c4d5cd4e0225e6867deca785b886492a185b9f8fc95ccce1e26c0d6e4eddfd6696fe17e147e56ba788da3d14aff73bc34d2e54057fc8db662c69654d2d26ced608049fd43f6ee7abbb2a4f7c3b7f97493ed9a39649818124e7de294798f1f1692ccea0c2e6d0e382589582abc72408831e89a9ece4536b07772210e0e539b6df23ad14b1d7f08c9a4fd9c50887f824eb575e04bfa16055855d8a77c43721cab680d8dac4b734b8f43e5f1e53343adcd0f >+AAD = b5309e5f760d867478a51f31ee3705d5a0c97156e7849472d5dcbc4aeab8175d352a6df223fae34c5ea615ce85af43c099ee5caaf1b3aee003fc64ed3cae58887b056f0a93f9b6e3f7fba31ad59311db84b6257a2a89be875bb085040ead911406837a77836be92ed56c7e4e2662ccd8609e78d5c55f195fec8e26b0e1738c2433ee9011487ada619aad469f58fbd4767f919823f4eac99d6255a32f2da9e572cafdb6af53a0b3585e67bf5271074f89a01f6edcf061130468692d76c0e48144ac638bf836cd48bb7e06388f9b76f4e52a497215e66eb60ae493e4de6c2619a8e589f4fdce60b7df1d72f1e2efa62ef4ce491610a82635d562d7a5e091055f >+CT = 5a2eaec9aa17c89dcfa115e39a464b9302e7f1099d15e9efdac5159a647512c4078cb8de307f2ea44586c4db04db4a7646c67bbdf177a9ba971060a47780604c733bd3815a457d9f812699515be5ef958edcb13951be047fce51266747b65079f0fe6fcf59b5636d1885a94160319c74fa35eeff7bc6c6e62279a785a8caa30ef8f269f0ced3a2df72a22af8718c56de41eba7a6ef46fad56c09050e3a737afcb465a1f05d82a2e0c41dc493dfc070c7fa54ea8a54e8cefa1e7a536b611100b2b4903c064d18f9e9f2235ca7c7be3be260a5c97e2641e5e1f5b2f096a0cfd712a2f2c0ac22bb8e891f4c089e9e023d1045efa39355a819306dc424af3d1bd3 >+Tag = 26efafa0c682e056b1e91c8566dfa00b >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2080] >+[AADlen = 2080] >+[Taglen = 128] >+ >+Count = 0 >+Key = 6064e5b50a7990875a0584b678cb0e0f6c3079d15b34a42ff89cea53abbb76e2 >+IV = 124a2b16b4ca93ca >+PT = 8f3b7821c368e4d5a20dd438bee99c3336daa8401c75144a4ddb17f027a3032fd9501ef6362179575c9c17b83911b34c28057a8becdebe1c20dbfa6908135ef0c92d3c8be717035129bbb71d10845abb08b4eb256fe8f0ce459c0f0fdec43d77078e53fc5c23c664b68e3a00d3f94eb3ab008943e235a5cbea3c4698fee058082a934b5a811bfc08cba8003461a62907daba4320f6de1b30c8b696cf552f524e935261dbd9b60cbefad3467276a925446b224c4ed4a40bbfd0814b6b6c843f4c1404d42df0edefdeac3a773f32c21f97e4a94af0cb7855d0d589968e5c452b6c8c7a61fa18a343a61045a64fbc0c3bad0d448e9d5f166ffffe55cd9d460d3751b4b857c5 >+AAD = 72174da3464bf0484bfccd3c2457b388feb71f985e223a20147354435b8b4819f25b6df2ec5153f878fbb6ebfdb08f162885238632c5ac6ed312e50bf98efe3bfaa1d069c929a9fddcda76be321de8cb3621d0f00470cb04956f421d23e5e36025f3ac0ff4a0b0680f9ab47f0fa3320bed0e5e221b1f4b3a024ec7763d2ed76c42b8ee77ed52f8f308e8256fc3de09edda31dbdc03da12978fb017ab4f7064e3026b7115b24f405695ecf54efa26680f0076c37cfae2572171b42eb933bd405f61b0bf9db5ff1cfb0d9486538c51b7d3c2375fc5674658fd953b063b1a468ec7325e8a0df7d82b22e5754c81229783960d9866edc3ef0d3259d1932d767a234949f81664 >+CT = 451b1dfd6863fb67b4d9c2bca7bb018159516b93b15c78a0b6f7119fe7691ea7016964592587225b8fe60f1ee349148204e629e1784301a659a82712528661f63e1677daad544d544c7f5055a9bc7da5b52746cdee52acdc37e4373a196cb53782255e4598897a94ff24afba690a7dedfc2c9e7bd903ee131ad3cc8cc61575202b0a85bd1d3fa701af2c63b18be7e6e9dc5a7dfe61757a82a4c7064c4b78f4e6c5f3c89a731b886581f4822be510d5699b097f52fd839d4f0df49cbd81a623e1291a4254c85e1ce7cb2742cad0a07ddd30d08efa4119190f0f64b65ab189fce9a6dc907bfde29877a70f1aa6cd68665d7c0675b934cfd5c37297d4ee1e0274b1f7a72f61 >+Tag = 9c68fe1709bb42fe2d78f703812995e6 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2120] >+[AADlen = 2120] >+[Taglen = 128] >+ >+Count = 0 >+Key = 99e1a9639b3626e5f8f5f62653634289c5af5db5be09b0ecf4a4a64f26923b06 >+IV = e3437d4ed2bd88eb >+PT = f069442e6419c6bdd9d9f8dce7c8720ac7103f5c03007dab4d72869828199a704040381406ad88d0ef5b8bba7fed1835f79484fe9ec74be893b5be82a6fa82aa674f0f6974e1859294eaed815e035683064d5e69b4bbbe59ec5a241bf38b5bb87a63d9e17183bae6da95978298b6e8d5072b7ed42d899f7f78b9f94907b72535f9ed870ff70972a830ae0023088e8b914c1d14916b9fef8beeba9d35ec1933a51522a9d0f51ce159ab0b24b1239659499ea418eada5d94becb44dcc3f87a6ce6a31bda01850f693381aab4ddb5a74ff6a1e3b59e71ce4367a56e55ad1e9f47aeeb4c31b073e2f36e4fa3a1bc29e74d15fff9a4c919af174e8c9fad2fe6fc1b8574a4715e2f23928b75 >+AAD = 1470acbb2a3ee86c7059b4ffcd4fe8f30b762f2f213de0c0acf85635641b2aeef82b959a76f5afc5c026d7d3fb46a213c715717db626cd042f3fdc832c6dfe5dfddce7b60f2e3cf23491508ab1a93fdd69b377a86cd84d5f8d4ad6a1f4f0b25b3fc1b4496388dd577075878e197b97bcb2bd3a9663a56d6dcf64700d6f14b99a2b4f79a3d968445daea348f1c7b487b3c09d6db0907c93dd3776b60b24a9c29b2b5bc780c76e407b41c616bd6e81ddee81d2b7c973ca88c817a8c6d090a51055f89de55648a0aca99823142ca704cd651812efdef01b1ab1960c1e315d237e5817b66b0bf3d1c8de481c50fe181462a0435d128e7393ee054173b8f95566874ccd69811319e035f566 >+CT = 6e039109bf9628798bcf0a8af125f0a14ed3e674aede2f9c6bb87ed0de4ff27c0e80dc79ef34c46e8bc80543de84b4a15a06d44f74a8633c13d3c86efdf6acfc90461754a0a8379aa943390b1fd3716ea8366da8b55e5c5711ba1cf81cb3e98c70983fc3f118157b6c7152b19c5eda175497fbc0a82baafd97377825a87a645794e68c256d97072e92e087252c8c3c00970bbe2299d1fa151ce655fabed48ab321293f29347d02b55de6fb8de3b19df52dca95f26dc32afd8a892e559be0999fcc4a04c2dcb314423289808ac4d29880951295d334ede505cd2a541337a38012924b77fe08dbc59d2bf7513d656663ffb91a1f21681181094342d50029924bb2deac2bc91638a287cd >+Tag = 6d3267c36f51f1d7a9f423856e634fd5 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2160] >+[AADlen = 2160] >+[Taglen = 128] >+ >+Count = 0 >+Key = 4bd065e24e18e751e842d317e3d334cab0ca51adafd936925e669b1457731a4d >+IV = 8e2ca638f2749e1a >+PT = 56a78816003a1bdf6850234eab5f5f015cd6a37f9fe241af3ffb657190bbdfefd1d3c988332b9b6fa649d0635b2a0a0353302d34400ae23ff0f5bad322d4cdf9e974ce6b491478edd87beb3cb632272f2a9ca10827b6a751c43a789edab22e8d786d5da76bcaf607a0760ba98ae4a599dcea7b1ebd9944920d6c6a399b0904aef9c7e1e47580e4a2c66002763cbe9fbde1cb9e6dc951021d80d9629cea62a370c3a23a6b2fd532cb6e81acfe34a3392ffc77c53c9e35761fae4ecec0c5f99a0a2e315662b965a8a91829b4eb7c251600d2744cfdeb9b20900f686f9e4a781a81b2377a0752b49f0dfe629381bcde74699e00b93ce966cc437a8e88ab726866f90c53dbd6d277035fbd613fd90c60 >+AAD = 6bbe4c575420c00c9cbdc4c19e109388407813fbb085c6cc861483bbb2f27c2582099fc7bc4af9b3049e224a3b3ff90035f4e0d877f8964826efa6ff24f3d8a4bb4f2434049c2806c221a90a40fb081b40721aee37e299c8b0b2ac129ebd2c5faea4af413054fbb792bfd66a3f43827c6bcd0463bff2d6c10cb4049d7dca6fcf79a7d943bec0d67d47059a0ad914325c55c117fa458a68f276516f145a9732d373501a9a7b63e9eb2357538c7437ff2cee829230ae080d6fa78b34fdc9c1ec10cb07cc14aa46bb6a221647533d4276693cc4a2706f3b9d97bc3100bfb8b69f4f1181942159ee6afa81f1c48675cc10a55898f9c0d13a6f1578b1a7bae2c30050e63b221c8fc649a6e6e5abe3f821 >+CT = ef208bea34340d70dd07ed99e99cbf954161776209c0c4fb8e8926cac4e151c22c1ba656c653dcbacd599b467c07d497a475cc1dcadab3e33f9d3e97f6c081352f1ff48855b0c5b6a689ec7cc311e1557647962e49626fe37c89944148cfcb0d2241e0103a456732a6a93f8db661ae985deb5594551389461557e0694929537a4e0bcc15683005cb5e1fb4fb0bdabd3d5b026b3e993d37d330b407a5f87596f1ce040cfea233383401e62cd39a0efda5261988e89dead8bb6fd39a9a2c13133f0c419bad3714ea8c024a5e8b96baea7ef10a068832329c614c02014d85f174bc2ddcaa74ee6b4fad59e9f64f445e100a0f9e99dd8aa003741466ce4a57ca9408557e5deacf9cc69653160e6714f8 >+Tag = 678295fb59c8fad6b870a9aabba786e8 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2200] >+[AADlen = 2200] >+[Taglen = 128] >+ >+Count = 0 >+Key = 22c030ebadfb16204b4e2532cb66d9e0662b209332c4c2f1204508c91aac6b69 >+IV = b986e30379be9dcc >+PT = 6423e080e33fbe81ea3178487616946540680daa26fa51b75cf7be6fdd0bdf975233955a2542d66760cec4550ba8d8263ccbf84cab43fd05a72c4b5b3e4766ad9a257a78c96ce36cbfe7a15952822ebc842b22ee2d90ed99c86d6dcfd8ec78269fadceb82a07034bc56a959277116712c69f6d40da560d908252c72042e4d54f7f059981e2ceabdc9a13edd017744d0e0622ed5361d1832346b729e80bcc97c40d07267cb894aa74e1c14778c6f7684b328a0cd2eb877134db4083bd1f504a6f095cd0b8341a81bfa38b55179aaf118e2958e402ef3a607cca0b4e20b31c99cb671a17fa24b3173284c0aa8cbe3a417e2d5fe812348852eb14bd4c5b7fe512cf58ec85b930ad7f299dad89b3962384d462fdcc >+AAD = 538821f4530e83d66c6e53d07313720ffae47e8320c79db2a24b2851ba856410e70fa074cb93d86a6a8989e09429bb6045b151a19022cf54091f62bed8a7850e3a6a401aa471a70cde7cbd69c88056e15ba277e0b95d53c6cf37bef594170f3a426cb54de3823582eca80a4758718664b85a299bfaf3d839872231ddb82c13da5e0aea13e46b5c8da9eb7760765d0821e8f1d33abfb3b00799f0acaa388b0be0d00ec4bdd5edb1dfb1ee3ec155444ed1322078d71f7fb9b1acb6867080dfcd8eefeb4abb6b62874647e615207a78892c5b890d721f7fd925564c5a84dbcb284a9cd1b8f47c08d5cb6943d9c7d61b17df81c22bb4502ea51199aa12428826acc29c5a20415c958b759414f51cc9615e84fd363b >+CT = 6375c8c3d3321e65b1fc5e5bfef7d2974e741c6a7e6910f50a431b941c399694ae5cad89cae96d6b7665854de4cc21f223acd4d48f99b9b06fdecb602a7d544a2dc9f77398634ef7cd6a7dfd12e9f387121bd28b327adf8a2b11446873ff8dc8af016ce41cf1fcd7bca10c7d85f8659b2a574d110b7e376b9574f64a1c228375f6918e22c9aef5d6448b2837a8b34b37dd60e0b87b085f753499bcb9772dec971c2d521bc43b1b63dda5aca10208f5ae98856ab4912baefdb1efef9979365b86c84619c603fff9eac35cd3b9e5c93df248fb72d6a011c38e7e8ffdfa47860cfaa618596fee31b3992dd3c0acae5d5ed872deab4ced96b9e2597fbacb6b1f28278151e639279109a1bd78008fea7ed5454d5f74 >+Tag = 3f1a03b0f58eb4c32cbee3edce18c21a >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2240] >+[AADlen = 2240] >+[Taglen = 128] >+ >+Count = 0 >+Key = 8876199cd5c7707901a79287194e7860e47f81e515e5ec1c8a76201e027c9ea5 >+IV = 14e3cf7a591aa2bf >+PT = 900fab6ddd06a4195c4205bcebd8b39686d625e67f42cc5097885eca3b2d32508566d876f49e17d42b6f6cc7d7e3fba84c89a32751d776ddc8a00ad8c3386d2cb3c0f6240a1d1fb56041c69e04ff93c1c0c69c788d2239a6bce4ab881d0fceaec13c004d944d0ee80174e584ffbb4484ab0c721c1eb4ce7eae6bac72fcebb70b229ef294ac954792f376321d2a8657ccb525905fa12fc5654316a7a02d99dec314157231a5768ab5c748c380bf05ff664a0d7880f45932a5287a514cc331bf65aff612fa7379aa2e653c0871c336589485fca04d0575ec80ea52967da8dc71b52ab9ea35d474fe5d62e1c1ce37b2aa39bfb88ffa28150c2c905d88e1056057866b0f00130826a5d90d954068299537c5bde62e88dc341615 >+AAD = 1a273764d5fbb3441a632f80feb498e9f2d0c63c63a28b30be48bbb968f390981d20e7d5e88988a2c31564668da51c9c4d30d67cbce334a1fc911a2ebb767a08f8f6eade76666b7618f115bd8b4441b38e2b827b5b098624abbe0eda8e78a93400e2d50fc73d38fff4149636168b67772f09c9d483ba5b945efa431e48d12b8dc5b8410558873be274e9016f36a4f3361bef08e5f360d194e2f38b5baa388274df0efe196606d41d8f3751b9d3c386a2ed760d08bcf02f8c0afafbd1854f9f14a173929ad20dd584a04c43b8510f5f54fb6414635efdcffe8d6c331396dffc7f90f112b03978288affc51839d802902c0a2e4b29393c5959a7395a0f9570e502d1daf3a91ad3124ba988426a5cca61930e3d312d70258148 >+CT = 734f9985909ed850d02891c92368c176647bcf0a2da714d277961d903d979a19e15557ddf8726ee1ba7ee26bb7877661dd9b970420776c473d6c9e6bf9aca4256a3a2da9b589d50900c9fdd09002a97e8c75fa00e7adc73de7f9da10da4f95cd791e690420ab5487c880ca7d3f7b1a25e73ac517e60a3265d1121ab264745bb02e24c1f525682071cffe984a154413357132f579289550a37c6ed813ad7ceca0060fbc48b16d0cd0c7fdfb0fc51d9c6732713303601507ba035472e23e8b624eeb2d4e5fcafe635fec6e5ae72febd8c8bb762e0bcf2623ae7b1739a7f2c736e4af5a15af48e0b09617b44d1449472fcf8462ba123437eefef0c774de8286338932b5b46217c41faa9ac3d483b2246ed503b403b5d210fef8 >+Tag = 5a02f4adba7e95acf0b333ec12691401 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2280] >+[AADlen = 2280] >+[Taglen = 128] >+ >+Count = 0 >+Key = d53f1524214176ada62d1458b6ec6d4a8b2becc0508c85a1d34661ed57f7365f >+IV = d7b59117d5b2a330 >+PT = 21ab914ef645305b01495feed5e1718f5eebfc8b7f2b91b45e610255a7285bf0b215c543661bb34ef22b33cc05b2e5b8e5304cb29bebb294fd65f3be9422b0fb8a0198f50f32fdaf0445a1ce727b65c7479252bb47672cdb020205bc1769eaa3f475f14d73952f554de3a1ad15ce23a7fb6f690a814318a9e692cfeea8b92d0e05f694939b3346fd2dc961d56787a75a4eedddb4940d9ad5efcc1ef7e2438bb34ee71dc1cc97abbb338a0eb83a96fd2cfc26217cbd31348d6d3974b71223009050b79ffee93bedd6d203d3aed918d9eb2aca1ea9265e9f746f55823ac5595ac398e7108cda0da8051a0a54efdb48a267038ce12147d345b15de766e373f01f304fab4f9d9d69a1f9a55026daca6d45ae29724c6c26ab4871abd6797c69 >+AAD = 3f659d9c4da694c597dcd810b67ee5389f3db6e82fb1896f6933d0431ed5bf0f53113ae09db96322d088b8da4636bfddef591884bc6ccb8bc450a8c1f691169b54591fe4c7d704b3678b2c497c2383887aa323e642af61eafd6f018ebc6b4f1963a2d074f3a1232e531feb453903dd66346ca8f6566b50243a19130bc4038a30a22a80460a085eed1cba10e844a18875fa65f356f1fe28565b886c8fd4305dfc8478953e6fabc2f3fb1b89acbb936c26083bdb02849e5d31b09d858fc1d0f7a4b62d987349a159666f9eca0ff48668da16ae688e7045b8b3fc08cd41f1fff250f1734df2062221aa213c09c6dd91dd3d188f58befcf1682882e64b150debd9fd2a91a02d6e919e980e5dfec2c19a41cd4fd646144ad2952fdddb7b246b >+CT = 76bd3e37b32eabbb03e9b97b3864be2f2d7fc0b4543e6a304f6724f6430655b0256593b885a0bd123139aa3f226727141707d2ceeb805fe6f67c34864e6516a20b4a0803e18201bd08e97f8079cc90a430264f3e656929e9e71fc94e43643efa67bec81fbcfb0b073906095f952202b4c85c8ff396a2d718a71bb1845f080c67bdfca084128416d57785a2cb015c3e5a0320c2396cd4fd6744ef77488bdbfef340c067a0308360c90a8fbcd1a01f747c03b5091e979e3defbcf19bf3e6213b51c87dd6361b175abe18f24588b8d1d431739910d5bd0b260fc1252034a079ace76074e564167f2b3b08d7844ffc5b7fb63b3f559c21e33f9b2e6c8b7c50f5cdaa847018045b6492a08ee948edbf406f59777d47fb9c3073f881bc9e64b9 >+Tag = 7a97892913581838dd6e6393a3eaeca5 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2320] >+[AADlen = 2320] >+[Taglen = 128] >+ >+Count = 0 >+Key = f40e58ee410baa009e648055e6a37ce198656a6f3b82d3f75af06696c5cd2f92 >+IV = 1b5c4cab3624fb45 >+PT = 5aa6c5de58eb1fd8701aca01dcb0590126de91e64febd75ce05f689dd3f6e96be6e5f313d4e4655f1fd8aff1ef587f001e010d53929fd3d379b1fd69d8be8c3d26b241962ea8cef18d15e71d01ab56a652d82861892e3ccb7d67c57cd118bde39381539690c9cf37406d4b2e2977296a3f87b221a38dc57afeb8dfb19d0dbeb16b5e0dff00c17132384bd80e26e2bc91d76653146f14e30139fd0a7c0746082578b5bbe9c1945bca4b5f377a7a48d9bdde3b5ae81c2dcc0ce9fc5e5c2feaff550c72f9c9b880dffc72dd6c0daab92e01edd9cc20d2d17db8104151073799f3502e65dd1fa81e56382a05ed18d64bfa642e93e981274ed605f5b2e902089ac1c90bc168e0b9a1e128c01e08372dcdad2c502ee079dde8a6c30850dd926955f7b797e4 >+AAD = d3d4b2caef984621b8579304526c97e14822a790badd513129b4143e625abfa5a1c72d0a814d9b1a7a519fc58e2d068cb22c7db6c2d62989b6198c8bb117a6323d4b061d548a026e2932da40a3ce115b9d146cfe7f2f405c2aca7610ff685c493ad7abdfb50e2a111786080524ba6306aab24acd8e0f6f624d72d8a44b5f21a7676cd29381267987e54b46d9c660180348588691e3fc9fd01ef43ed05b57dad3189c17b10595a413a4259b3dde4dc20051be455e65a1cfc69c063c2f2f54d822c2d7cd05c5faa57b814d15a0228aa694e8e104e0d83be85e8bd9c206cc372354f1562d002f24c042027a113278e1c91e1ac4833d654fe5a9e376967ac7135e2e55300bc2814bc706799645f7a283540d31421448653444eb3423f43d6e5b3521a99d >+CT = 99a5557f85430c60f372cb252205adb1101dd8225447284833fcbf7e6e8320c81a74f29cbacde17a9c67888b9ee639711227854e2e1943cc835f83b35590adcee9119d654e77ff76affd7bee5b456ac50989c2fb33cfbe06074fa4396859b241e4ceabb5bdce9344920d61a64516f93dcb2224359829e8d9801f4a0d844f062683476bf244178136a1b5c929e38bfcff0556b1678850c64a7f667f3df739b16dd81118707ff5418c85b3bcfa15d71c9d9e9c2e9072f131d3eaed376180537310b0324548cb0ed1da7c0bc6413bb091ac493ced521133359061731bb0df35771b426fef5e85193692321b25b4ad86d5fed601437aa04f783648e27ab8f45e4d23449678eed27ac0d6b8675fa8cded156d023682798a9bb136ac7d102cb1f18874e827 >+Tag = 4b2d05d49f2f876cc1ec2da3fa60a8c9 >+ >+[Keylen = 256] >+[IVlen = 64] >+[PTlen = 2360] >+[AADlen = 2360] >+[Taglen = 128] >+ >+Count = 0 >+Key = ceb97d728c570400f716d337de694844acd7ff3aa0f5e94266af2b2ee10b53c9 >+IV = f61499b314005833 >+PT = 7f1ae738a51397b632e3ddcd06fe1cabfda4a1781472d1c53894f4f30b889c316d8c4c665935b329d2eb59092f75f9714be9d9fbb1f3f561f16be07c9614e7846781e868a42e5760d41435e292b8e3459b6f986618b86d330881a5077570fef39d4a5fed405edb99cde3ca70bede5d72728a385f671c82251b753d2dcde19ff8bb52ebfbe9c87e7b27a1585cbd96e529d4515c7a936654c45c90881d648a514f4a3fcad098c1d5e54b7b8007d0bea6ed33cc2fee4822cc271608b2ec2ff0ccc4a62ad9504d9ce2610191e296d763764b8fcb6777bd9a73b8d7595a7fedcb6a06d7fc3415b733b6b4f1e56ea1561e139f234673eea615e9c182b9d2611246a006b2a316a3db5bb6fbaad5debd2792696fc682eb15d55e2ad067ef165ec3028401c6205363abb96f >+AAD = 538c61a50eab770a8a4dc86896039f1b7ee0b2e10b8057132a836dae5fbd54c1c812596cf746ad326a2bb3bf21c7cd04c9bb636777ea2a6e9712f9660fe5b7551a88c07f1825e9ecdaff840d591f7c0084bb1a8cce9f13e4b04fb0e92bfa391498430fa0f72e2c3ac15531543a5acb769ee203879721a54109fbff37dba6f4156a78b7a395015f3f9f75aa27d9d122a17330116e4c3fe46f595319aaf74a075feca0008aa0b6365349a1a7e2297a4ada98b37992727dc056adc54e4947b2c24c41708a4a759dca3bf863b2f0f46221f8497ed578e55a15a9282e92c753ebbc64706497af1e0211b84edcd15ce8368b4c1fc38f76606aba821ac7c3b307e3ff2ea53651356ebc5fa153971fe1a8e0bb84f60d6c4c3051647ac3645dd28ae5d5699153feb6c46211 >+CT = e442147ebfdf91e8b08c2ff3185ed10f352de4c5b2e59ed89a7d5413312da2ba29d1f0784424eea08be4203443af8802f540bcf0b7891400fc695511042a68000eae0cb8e637b1763d2fd913d77e0c88b32be1dbf8bbadbbac4f6f28bc3b37f416af4a55c683321077bbc3ae30c303b47486a46b20225697726fa0e98d842c2ee07389144d11c2f3bc4b2964e3825954ecd440a6b4a659577277e6ea0505867f1b9d78d0d298a7ed30f8bf3a013379ee9b6d650a292166e3d31b35b0d86a83bf183112f658ce1867a985cdccd4d938a016c5e4e35d365d64b6d28188f15608f9e51471d219693104642c60fe7d75f62b01a2b5ff7a3d2dcf9f9448510bada82dc4a3109cf66aca0cc4941d9838b117c8d8c9381faf31a092149b66bff9aca7afd22755688523e5 >+Tag = 128c73fb9e8ee5d4a5269a9d23b177f1 >diff -r b008c4b827be lib/freebl/Makefile >--- a/lib/freebl/Makefile Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/freebl/Makefile Thu Sep 19 14:30:56 2013 -0400 >@@ -451,20 +451,28 @@ > > ifdef NSS_ENABLE_ECC > ifdef ECL_USE_FP > #enable floating point ECC code > DEFINES += -DECL_USE_FP > ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c > ECL_HDRS += ecp_fp.h > endif > endif # NSS_ENABLE_ECC > >+ifeq ($(CPU_ARCH),x86_64) >+ EXTRA_SRCS += poly1305/poly1305-donna-x64-sse2-incremental-source.c >+ EXTRA_SRCS += chacha20/chacha20_vec.c >+else >+ EXTRA_SRCS += poly1305/poly1305.c >+ EXTRA_SRCS += chacha20/chacha20.c >+endif # x86_64 >+ > ####################################################################### > # (5) Execute "global" rules. (OPTIONAL) # > ####################################################################### > > include $(CORE_DEPTH)/coreconf/rules.mk > > ####################################################################### > # (6) Execute "component" rules. (OPTIONAL) # > ####################################################################### > >diff -r b008c4b827be lib/freebl/blapi.h >--- a/lib/freebl/blapi.h Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/freebl/blapi.h Thu Sep 19 14:30:56 2013 -0400 >@@ -811,20 +811,40 @@ > ** "maxOutputLen" the maximum amount of data that can ever be > ** stored in "output" > ** "input" the input data > ** "inputLen" the amount of input data > */ > extern SECStatus > Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, > unsigned int *outputLen, unsigned int maxOutputLen, > const unsigned char *input, unsigned int inputLen); > >+/******************************************/ >+/* >+** ChaCha20+Poly1305 AEAD >+*/ >+ >+extern SECStatus ChaCha20Poly1305_Seal( >+ unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *plaintext, size_t plaintextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]); >+ >+extern SECStatus ChaCha20Poly1305_Open( >+ unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *ciphertext, size_t ciphertextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]); > > /******************************************/ > /* > ** MD5 secure hash function > */ > > /* > ** Hash a null terminated string "src" into "dest" using MD5 > */ > extern SECStatus MD5_Hash(unsigned char *dest, const char *src); >diff -r b008c4b827be lib/freebl/chacha20/chacha20.c >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/chacha20/chacha20.c Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,108 @@ >+/* This Source Code Form is subject to the terms of the Mozilla Public >+ * License, v. 2.0. If a copy of the MPL was not distributed with this >+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ >+ >+/* Adopted from the public domain code in NaCl by djb. */ >+ >+#include <prtypes.h> >+#include <string.h> >+ >+#include <stdio.h> >+ >+#define ROTL32(v, n) (((v) << (n)) | ((v) >> (32 - (n)))) >+#define ROTATE(v, c) (ROTL32(v, c)) >+#define XOR(v, w) ((v) ^ (w)) >+#define PLUS(x, y) ((x) + (y)) >+#define PLUSONE(v) (PLUS((v), 1)) >+ >+#define U32TO8_LITTLE(p, v) \ >+ { (p)[0] = (v >> 0) & 0xff; (p)[1] = (v >> 8) & 0xff; \ >+ (p)[2] = (v >> 16) & 0xff; (p)[3] = (v >> 24) & 0xff; } >+#define U8TO32_LITTLE(p) \ >+ (((PRUint32)((p)[0]) ) | ((PRUint32)((p)[1]) << 8) | \ >+ ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24) ) >+ >+#define QUARTERROUND(a,b,c,d) \ >+ x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \ >+ x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \ >+ x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \ >+ x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7); >+ >+static void ChaChaCore(unsigned char output[64], const PRUint32 input[16], >+ int num_rounds) { >+ PRUint32 x[16]; >+ int i; >+ >+ memcpy(x, input, sizeof(PRUint32) * 16); >+ for (i = 20; i > 0; i -= 2) { >+ QUARTERROUND( 0, 4, 8,12) >+ QUARTERROUND( 1, 5, 9,13) >+ QUARTERROUND( 2, 6,10,14) >+ QUARTERROUND( 3, 7,11,15) >+ QUARTERROUND( 0, 5,10,15) >+ QUARTERROUND( 1, 6,11,12) >+ QUARTERROUND( 2, 7, 8,13) >+ QUARTERROUND( 3, 4, 9,14) >+ } >+ >+ for (i = 0; i < 16; ++i) { >+ x[i] = PLUS(x[i], input[i]); >+ } >+ for (i = 0; i < 16; ++i) { >+ U32TO8_LITTLE(output + 4 * i, x[i]); >+ } >+} >+ >+static const unsigned char sigma[16] = "expand 32-byte k"; >+ >+void ChaCha20XOR(unsigned char *out, const unsigned char *in, size_t inLen, >+ const unsigned char key[32], const unsigned char nonce[8], >+ size_t counter) { >+ unsigned char block[64]; >+ PRUint32 input[16]; >+ unsigned int u; >+ size_t i; >+ >+ input[4] = U8TO32_LITTLE(key + 0); >+ input[5] = U8TO32_LITTLE(key + 4); >+ input[6] = U8TO32_LITTLE(key + 8); >+ input[7] = U8TO32_LITTLE(key + 12); >+ >+ input[8] = U8TO32_LITTLE(key + 16); >+ input[9] = U8TO32_LITTLE(key + 20); >+ input[10] = U8TO32_LITTLE(key + 24); >+ input[11] = U8TO32_LITTLE(key + 28); >+ >+ input[0] = U8TO32_LITTLE(sigma + 0); >+ input[1] = U8TO32_LITTLE(sigma + 4); >+ input[2] = U8TO32_LITTLE(sigma + 8); >+ input[3] = U8TO32_LITTLE(sigma + 12); >+ >+ input[12] = counter; >+ input[13] = counter >> 32; >+ input[14] = U8TO32_LITTLE(nonce); >+ input[15] = U8TO32_LITTLE(nonce + 4); >+ >+ while (inLen >= 64) { >+ ChaChaCore(block, input, 20); >+ for (i = 0; i < 64; i++) { >+ out[i] = in[i] ^ block[i]; >+ } >+ >+ input[12]++; >+ if (input[12] == 0) { >+ input[13]++; >+ } >+ >+ inLen -= 64; >+ in += 64; >+ out += 64; >+ } >+ >+ if (inLen > 0) { >+ ChaChaCore(block, input, 20); >+ for (i = 0; i < inLen; i++) { >+ out[i] = in[i] ^ block[i]; >+ } >+ } >+} >diff -r b008c4b827be lib/freebl/chacha20/chacha20.h >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/chacha20/chacha20.h Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,20 @@ >+/* >+ * chacha20.h - header file for ChaCha20 implementation. >+ * >+ * This Source Code Form is subject to the terms of the Mozilla Public >+ * License, v. 2.0. If a copy of the MPL was not distributed with this >+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ >+ >+#ifndef FREEBL_CHACHA20_H_ >+#define FREEBL_CHACHA20_H_ >+ >+/* ChaCha20XOR encrypts |inLen| bytes from |in| with the given key and >+ * nonce and writes the result to |out|, which may be equal to |in|. The >+ * initial block counter is specified by |counter|. */ >+extern void ChaCha20XOR(unsigned char *out, >+ const unsigned char *in, size_t inLen, >+ const unsigned char key[8], >+ const unsigned char nonce[32], >+ size_t counter); >+ >+#endif /* FREEBL_POLY1305_H_ */ >diff -r b008c4b827be lib/freebl/chacha20/chacha20_vec.c >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/chacha20/chacha20_vec.c Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,285 @@ >+/* This Source Code Form is subject to the terms of the Mozilla Public >+ * License, v. 2.0. If a copy of the MPL was not distributed with this >+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ >+ >+/* This implementation is by Ted Krovetz and was submitted to SUPERCOP and >+ * marked as public domain. It was been altered to allow for non-aligned inputs >+ * and to allow the block counter to be passed in specifically. */ >+ >+#include <string.h> >+#include <stdint.h> >+ >+#include "chacha20.h" >+ >+#ifndef CHACHA_RNDS >+#define CHACHA_RNDS 20 /* 8 (high speed), 20 (conservative), 12 (middle) */ >+#endif >+ >+/* Architecture-neutral way to specify 16-byte vector of ints */ >+typedef unsigned vec __attribute__ ((vector_size (16))); >+ >+/* This implementation is designed for Neon, SSE and AltiVec machines. The >+ * following specify how to do certain vector operations efficiently on >+ * each architecture, using intrinsics. >+ * This implementation supports parallel processing of multiple blocks, >+ * including potentially using general-purpose registers. >+ */ >+#if __ARM_NEON__ >+#include <arm_neon.h> >+#define GPR_TOO 1 >+#define VBPI 2 >+#define ONE (vec)vsetq_lane_u32(1,vdupq_n_u32(0),0) >+#define LOAD(m) (vec)(*((vec*)(m))) >+#define STORE(m,r) (*((vec*)(m))) = (r) >+#define ROTV1(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,1) >+#define ROTV2(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,2) >+#define ROTV3(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,3) >+#define ROTW16(x) (vec)vrev32q_u16((uint16x8_t)x) >+#if __clang__ >+#define ROTW7(x) (x << ((vec){ 7, 7, 7, 7})) ^ (x >> ((vec){25,25,25,25})) >+#define ROTW8(x) (x << ((vec){ 8, 8, 8, 8})) ^ (x >> ((vec){24,24,24,24})) >+#define ROTW12(x) (x << ((vec){12,12,12,12})) ^ (x >> ((vec){20,20,20,20})) >+#else >+#define ROTW7(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,7),(uint32x4_t)x,25) >+#define ROTW8(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,8),(uint32x4_t)x,24) >+#define ROTW12(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,12),(uint32x4_t)x,20) >+#endif >+#elif __SSE2__ >+#include <emmintrin.h> >+#define GPR_TOO 0 >+#if __clang__ >+#define VBPI 4 >+#else >+#define VBPI 3 >+#endif >+#define ONE (vec)_mm_set_epi32(0,0,0,1) >+#define LOAD(m) (vec)_mm_loadu_si128((__m128i*)(m)) >+#define STORE(m,r) _mm_storeu_si128((__m128i*)(m), (__m128i) (r)) >+#define ROTV1(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(0,3,2,1)) >+#define ROTV2(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(1,0,3,2)) >+#define ROTV3(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(2,1,0,3)) >+#define ROTW7(x) (vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x,25)) >+#define ROTW12(x) (vec)(_mm_slli_epi32((__m128i)x,12) ^ _mm_srli_epi32((__m128i)x,20)) >+#if __SSSE3__ >+#include <tmmintrin.h> >+#define ROTW8(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(14,13,12,15,10,9,8,11,6,5,4,7,2,1,0,3)) >+#define ROTW16(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(13,12,15,14,9,8,11,10,5,4,7,6,1,0,3,2)) >+#else >+#define ROTW8(x) (vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x,24)) >+#define ROTW16(x) (vec)(_mm_slli_epi32((__m128i)x,16) ^ _mm_srli_epi32((__m128i)x,16)) >+#endif >+#else >+#error -- Implementation supports only machines with neon or SSE2 >+#endif >+ >+#ifndef REVV_BE >+#define REVV_BE(x) (x) >+#endif >+ >+#ifndef REVW_BE >+#define REVW_BE(x) (x) >+#endif >+ >+#define BPI (VBPI + GPR_TOO) /* Blocks computed per loop iteration */ >+ >+#define DQROUND_VECTORS(a,b,c,d) \ >+ a += b; d ^= a; d = ROTW16(d); \ >+ c += d; b ^= c; b = ROTW12(b); \ >+ a += b; d ^= a; d = ROTW8(d); \ >+ c += d; b ^= c; b = ROTW7(b); \ >+ b = ROTV1(b); c = ROTV2(c); d = ROTV3(d); \ >+ a += b; d ^= a; d = ROTW16(d); \ >+ c += d; b ^= c; b = ROTW12(b); \ >+ a += b; d ^= a; d = ROTW8(d); \ >+ c += d; b ^= c; b = ROTW7(b); \ >+ b = ROTV3(b); c = ROTV2(c); d = ROTV1(d); >+ >+#define QROUND_WORDS(a,b,c,d) \ >+ a = a+b; d ^= a; d = d<<16 | d>>16; \ >+ c = c+d; b ^= c; b = b<<12 | b>>20; \ >+ a = a+b; d ^= a; d = d<< 8 | d>>24; \ >+ c = c+d; b ^= c; b = b<< 7 | b>>25; >+ >+#define WRITE_XOR(in, op, d, v0, v1, v2, v3) \ >+ STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \ >+ STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \ >+ STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \ >+ STORE(op + d +12, LOAD(in + d +12) ^ REVV_BE(v3)); >+ >+void ChaCha20XOR( >+ unsigned char *out, >+ const unsigned char *in, >+ size_t inlen, >+ const unsigned char key[32], >+ const unsigned char nonce[8], >+ size_t counter) >+{ >+ unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp; >+#if defined(__ARM_NEON__) >+ unsigned *np; >+#endif >+ vec s0, s1, s2, s3; >+#if !defined(__ARM_NEON__) && !defined(__SSE2__) >+ __attribute__ ((aligned (16))) unsigned key[8], nonce[4]; >+#endif >+ __attribute__ ((aligned (16))) unsigned chacha_const[] = >+ {0x61707865,0x3320646E,0x79622D32,0x6B206574}; >+#if defined(__ARM_NEON__) || defined(__SSE2__) >+ kp = (unsigned *)key; >+#else >+ ((vec *)key)[0] = REVV_BE(((vec *)key)[0]); >+ ((vec *)key)[1] = REVV_BE(((vec *)key)[1]); >+ nonce[0] = REVW_BE(((unsigned *)nonce)[0]); >+ nonce[1] = REVW_BE(((unsigned *)nonce)[1]); >+ nonce[2] = REVW_BE(((unsigned *)nonce)[2]); >+ nonce[3] = REVW_BE(((unsigned *)nonce)[3]); >+ kp = (unsigned *)key; >+ np = (unsigned *)nonce; >+#endif >+#if defined(__ARM_NEON__) >+ np = (unsigned*) nonce; >+#endif >+ s0 = LOAD(chacha_const); >+ s1 = LOAD(&((vec*)kp)[0]); >+ s2 = LOAD(&((vec*)kp)[1]); >+ s3 = (vec) { >+ counter & 0xffffffff, >+#if __ARM_NEON__ >+ 0, /* can't right-shift 32 bits on a 32-bit system. */ >+#else >+ counter >> 32, >+#endif >+ ((uint32_t*)nonce)[0], >+ ((uint32_t*)nonce)[1] >+ }; >+ >+ for (iters = 0; iters < inlen/(BPI*64); iters++) { >+#if GPR_TOO >+ register unsigned x0, x1, x2, x3, x4, x5, x6, x7, x8, >+ x9, x10, x11, x12, x13, x14, x15; >+#endif >+#if VBPI > 2 >+ vec v8,v9,v10,v11; >+#endif >+#if VBPI > 3 >+ vec v12,v13,v14,v15; >+#endif >+ >+ vec v0,v1,v2,v3,v4,v5,v6,v7; >+ v4 = v0 = s0; v5 = v1 = s1; v6 = v2 = s2; v3 = s3; >+ v7 = v3 + ONE; >+#if VBPI > 2 >+ v8 = v4; v9 = v5; v10 = v6; >+ v11 = v7 + ONE; >+#endif >+#if VBPI > 3 >+ v12 = v8; v13 = v9; v14 = v10; >+ v15 = v11 + ONE; >+#endif >+#if GPR_TOO >+ x0 = chacha_const[0]; x1 = chacha_const[1]; >+ x2 = chacha_const[2]; x3 = chacha_const[3]; >+ x4 = kp[0]; x5 = kp[1]; x6 = kp[2]; x7 = kp[3]; >+ x8 = kp[4]; x9 = kp[5]; x10 = kp[6]; x11 = kp[7]; >+ x12 = counter+BPI*iters+(BPI-1); x13 = 0; x14 = np[0]; x15 = np[1]; >+#endif >+ for (i = CHACHA_RNDS/2; i; i--) { >+ DQROUND_VECTORS(v0,v1,v2,v3) >+ DQROUND_VECTORS(v4,v5,v6,v7) >+#if VBPI > 2 >+ DQROUND_VECTORS(v8,v9,v10,v11) >+#endif >+#if VBPI > 3 >+ DQROUND_VECTORS(v12,v13,v14,v15) >+#endif >+#if GPR_TOO >+ QROUND_WORDS( x0, x4, x8,x12) >+ QROUND_WORDS( x1, x5, x9,x13) >+ QROUND_WORDS( x2, x6,x10,x14) >+ QROUND_WORDS( x3, x7,x11,x15) >+ QROUND_WORDS( x0, x5,x10,x15) >+ QROUND_WORDS( x1, x6,x11,x12) >+ QROUND_WORDS( x2, x7, x8,x13) >+ QROUND_WORDS( x3, x4, x9,x14) >+#endif >+ } >+ >+ WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3) >+ s3 += ONE; >+ WRITE_XOR(ip, op, 16, v4+s0, v5+s1, v6+s2, v7+s3) >+ s3 += ONE; >+#if VBPI > 2 >+ WRITE_XOR(ip, op, 32, v8+s0, v9+s1, v10+s2, v11+s3) >+ s3 += ONE; >+#endif >+#if VBPI > 3 >+ WRITE_XOR(ip, op, 48, v12+s0, v13+s1, v14+s2, v15+s3) >+ s3 += ONE; >+#endif >+ ip += VBPI*16; >+ op += VBPI*16; >+#if GPR_TOO >+ op[0] = REVW_BE(REVW_BE(ip[0]) ^ (x0 + chacha_const[0])); >+ op[1] = REVW_BE(REVW_BE(ip[1]) ^ (x1 + chacha_const[1])); >+ op[2] = REVW_BE(REVW_BE(ip[2]) ^ (x2 + chacha_const[2])); >+ op[3] = REVW_BE(REVW_BE(ip[3]) ^ (x3 + chacha_const[3])); >+ op[4] = REVW_BE(REVW_BE(ip[4]) ^ (x4 + kp[0])); >+ op[5] = REVW_BE(REVW_BE(ip[5]) ^ (x5 + kp[1])); >+ op[6] = REVW_BE(REVW_BE(ip[6]) ^ (x6 + kp[2])); >+ op[7] = REVW_BE(REVW_BE(ip[7]) ^ (x7 + kp[3])); >+ op[8] = REVW_BE(REVW_BE(ip[8]) ^ (x8 + kp[4])); >+ op[9] = REVW_BE(REVW_BE(ip[9]) ^ (x9 + kp[5])); >+ op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6])); >+ op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7])); >+ op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + BPI*iters+(BPI-1))); >+ op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13)); >+ op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[0])); >+ op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[1])); >+ s3 += ONE; >+ ip += 16; >+ op += 16; >+#endif >+ } >+ >+ for (iters = inlen%(BPI*64)/64; iters != 0; iters--) { >+ vec v0 = s0, v1 = s1, v2 = s2, v3 = s3; >+ for (i = CHACHA_RNDS/2; i; i--) { >+ DQROUND_VECTORS(v0,v1,v2,v3); >+ } >+ WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3) >+ s3 += ONE; >+ ip += 16; >+ op += 16; >+ } >+ >+ inlen = inlen % 64; >+ if (inlen) { >+ __attribute__ ((aligned (16))) vec buf[4]; >+ vec v0,v1,v2,v3; >+ v0 = s0; v1 = s1; v2 = s2; v3 = s3; >+ for (i = CHACHA_RNDS/2; i; i--) { >+ DQROUND_VECTORS(v0,v1,v2,v3); >+ } >+ >+ if (inlen >= 16) { >+ STORE(op + 0, LOAD(ip + 0) ^ REVV_BE(v0 + s0)); >+ if (inlen >= 32) { >+ STORE(op + 4, LOAD(ip + 4) ^ REVV_BE(v1 + s1)); >+ if (inlen >= 48) { >+ STORE(op + 8, LOAD(ip + 8) ^ REVV_BE(v2 + s2)); >+ buf[3] = REVV_BE(v3 + s3); >+ } else { >+ buf[2] = REVV_BE(v2 + s2); >+ } >+ } else { >+ buf[1] = REVV_BE(v1 + s1); >+ } >+ } else { >+ buf[0] = REVV_BE(v0 + s0); >+ } >+ >+ for (i=inlen & ~15; i<inlen; i++) { >+ ((char *)op)[i] = ((char *)ip)[i] ^ ((char *)buf)[i]; >+ } >+ } >+} >diff -r b008c4b827be lib/freebl/chacha20poly1305.c >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/chacha20poly1305.c Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,102 @@ >+#include <string.h> >+#include <stdio.h> >+ >+#include "seccomon.h" >+#include "poly1305/poly1305.h" >+#include "chacha20/chacha20.h" >+ >+/* Poly1305Do writes the Poly1305 authenticator of the given additional data >+ * and ciphertext to |out|. */ >+static void Poly1305Do(unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *ciphertext, size_t ciphertextLen, >+ const unsigned char key[32]) >+{ >+ poly1305_state state; >+ size_t j; >+ unsigned char lengthBytes[8]; >+ unsigned int i; >+ >+ Poly1305Init(&state, key); >+ j = adLen; >+ for (i = 0; i < sizeof(lengthBytes); i++) { >+ lengthBytes[i] = j; >+ j >>= 8; >+ } >+ Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); >+ Poly1305Update(&state, ad, adLen); >+ j = ciphertextLen; >+ for (i = 0; i < sizeof(lengthBytes); i++) { >+ lengthBytes[i] = j; >+ j >>= 8; >+ } >+ Poly1305Update(&state, lengthBytes, sizeof(lengthBytes)); >+ Poly1305Update(&state, ciphertext, ciphertextLen); >+ Poly1305Finish(&state, out); >+} >+ >+SECStatus ChaCha20Poly1305_Seal( >+ unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *plaintext, size_t plaintextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]) >+{ >+ unsigned char block[64]; >+ unsigned char tag[16]; >+ >+ if (tagLen == 0 || tagLen > 16) { >+ return SECFailure; >+ } >+ >+ memset(block, 0, 64); >+ // Generate a block of keystream. The first 32 bytes will be the poly1305 >+ // key. The remainder of the block is discarded. >+ ChaCha20XOR(block, block, sizeof(block), key, nonce, 0); >+ ChaCha20XOR(out, plaintext, plaintextLen, key, nonce, 1); >+ >+ Poly1305Do(tag, ad, adLen, out, plaintextLen, block); >+ memcpy(out + plaintextLen, tag, tagLen); >+ >+ return SECSuccess; >+} >+ >+SECStatus ChaCha20Poly1305_Open( >+ unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *ciphertext, size_t ciphertextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]) >+{ >+ unsigned char block[64]; >+ unsigned int i; >+ unsigned char macBad; >+ unsigned char mac[16]; >+ >+ if (tagLen == 0 || tagLen > 16) { >+ return SECFailure; >+ } >+ >+ if (ciphertextLen < tagLen) { >+ return SECFailure; >+ } >+ >+ memset(block, 0, 64); >+ // Generate a block of keystream. The first 32 bytes will be the poly1305 >+ // key. The remainder is used to decrypt the first 32 bytes of plaintext. >+ ChaCha20XOR(block, block, sizeof(block), key, nonce, 0); >+ Poly1305Do(mac, ad, adLen, ciphertext, ciphertextLen - tagLen, block); >+ macBad = 0; >+ for (i = 0; i < tagLen; i++) { >+ macBad |= mac[i] ^ ciphertext[ciphertextLen - tagLen + i]; >+ } >+ if (macBad) { >+ return SECFailure; >+ } >+ >+ ChaCha20XOR(out, ciphertext, ciphertextLen, key, nonce, 1); >+ >+ return SECSuccess; >+} >diff -r b008c4b827be lib/freebl/ldvector.c >--- a/lib/freebl/ldvector.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/freebl/ldvector.c Thu Sep 19 14:30:56 2013 -0400 >@@ -256,23 +256,26 @@ > BLAPI_SHVerifyFile, > > /* End of Version 3.013 */ > > PQG_ParamGenV2, > PRNGTEST_RunHealthTests, > > /* End of Version 3.014 */ > > HMAC_ConstantTime, >- SSLv3_MAC_ConstantTime >+ SSLv3_MAC_ConstantTime, > > /* End of Version 3.015 */ >+ >+ ChaCha20Poly1305_Seal, >+ ChaCha20Poly1305_Open > }; > > const FREEBLVector * > FREEBL_GetVector(void) > { > extern const char __nss_freebl_rcsid[]; > extern const char __nss_freebl_sccsid[]; > > /* force a reference that won't get optimized away */ > volatile char c; >diff -r b008c4b827be lib/freebl/loader.c >--- a/lib/freebl/loader.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/freebl/loader.c Thu Sep 19 14:30:56 2013 -0400 >@@ -1899,10 +1899,34 @@ > { > if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) > return SECFailure; > return (vector->p_HMAC_ConstantTime)( > result, resultLen, maxResultLen, > hashObj, > secret, secretLen, > header, headerLen, > body, bodyLen, bodyTotalLen); > } >+ >+SECStatus ChaCha20Poly1305_Seal(unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *plaintext, size_t plaintextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]) { >+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) >+ return SECFailure; >+ return (vector->p_ChaCha20Poly1305_Seal)( >+ out, ad, adLen, plaintext, plaintextLen, tagLen, key, nonce); >+} >+ >+SECStatus ChaCha20Poly1305_Open(unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *ciphertext, size_t ciphertextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]) { >+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) >+ return SECFailure; >+ return (vector->p_ChaCha20Poly1305_Open)( >+ out, ad, adLen, ciphertext, ciphertextLen, tagLen, key, nonce); >+} >diff -r b008c4b827be lib/freebl/loader.h >--- a/lib/freebl/loader.h Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/freebl/loader.h Thu Sep 19 14:30:56 2013 -0400 >@@ -589,20 +589,37 @@ > const SECHashObject *hashObj, > const unsigned char *secret, > unsigned int secretLen, > const unsigned char *header, > unsigned int headerLen, > const unsigned char *body, > unsigned int bodyLen, > unsigned int bodyTotalLen); > > /* Version 3.015 came to here */ >+ >+ SECStatus (* p_ChaCha20Poly1305_Seal)( >+ unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *plaintext, size_t plaintextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]); >+ >+ SECStatus (* p_ChaCha20Poly1305_Open)( >+ unsigned char *out, >+ const unsigned char *ad, size_t adLen, >+ const unsigned char *plaintext, size_t plaintextLen, >+ size_t tagLen, >+ const unsigned char key[32], >+ const unsigned char nonce[8]); >+ > }; > > typedef struct FREEBLVectorStr FREEBLVector; > > SEC_BEGIN_PROTOS > > typedef const FREEBLVector * FREEBLGetVectorFn(void); > > extern FREEBLGetVectorFn FREEBL_GetVector; > >diff -r b008c4b827be lib/freebl/manifest.mn >--- a/lib/freebl/manifest.mn Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/freebl/manifest.mn Thu Sep 19 14:30:56 2013 -0400 >@@ -110,20 +110,21 @@ > camellia.c \ > dh.c \ > ec.c \ > pqg.c \ > dsa.c \ > rsa.c \ > shvfy.c \ > tlsprfalg.c \ > seed.c \ > jpake.c \ >+ chacha20poly1305.c \ > $(MPI_SRCS) \ > $(MPCPU_SRCS) \ > $(ECL_SRCS) \ > $(STUBS_SRCS) \ > $(LOWHASH_SRCS) \ > $(EXTRA_SRCS) \ > $(NULL) > > ALL_CSRCS := $(CSRCS) > >diff -r b008c4b827be lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/poly1305/poly1305-donna-x64-sse2-incremental-source.c Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,623 @@ >+/* This Source Code Form is subject to the terms of the Mozilla Public >+ * License, v. 2.0. If a copy of the MPL was not distributed with this >+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ >+ >+/* This implementation of poly1305 is by Andrew Moon >+ * (https://github.com/floodyberry/poly1305-donna) and released as public >+ * domain. It implements SIMD vectorization based on the algorithm described in >+ * http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte >+ * block size. */ >+ >+#include <emmintrin.h> >+#include <stdint.h> >+ >+#include "poly1305.h" >+ >+#define ALIGN(x) __attribute__((aligned(x))) >+#define INLINE inline >+#define U8TO64_LE(m) (*(uint64_t*)(m)) >+#define U8TO32_LE(m) (*(uint32_t*)(m)) >+#define U64TO8_LE(m,v) (*(uint64_t*)(m)) = v >+ >+typedef __m128i xmmi; >+typedef unsigned __int128 uint128_t; >+ >+static const uint32_t ALIGN(16) poly1305_x64_sse2_message_mask[4] = {(1 << 26) - 1, 0, (1 << 26) - 1, 0}; >+static const uint32_t ALIGN(16) poly1305_x64_sse2_5[4] = {5, 0, 5, 0}; >+static const uint32_t ALIGN(16) poly1305_x64_sse2_1shl128[4] = {(1 << 24), 0, (1 << 24), 0}; >+ >+static uint128_t INLINE >+add128(uint128_t a, uint128_t b) { >+ return a + b; >+} >+ >+static uint128_t INLINE >+add128_64(uint128_t a, uint64_t b) { >+ return a + b; >+} >+ >+static uint128_t INLINE >+mul64x64_128(uint64_t a, uint64_t b) { >+ return (uint128_t)a * b; >+} >+ >+static uint64_t INLINE >+lo128(uint128_t a) { >+ return (uint64_t)a; >+} >+ >+static uint64_t INLINE >+shr128(uint128_t v, const int shift) { >+ return (uint64_t)(v >> shift); >+} >+ >+static uint64_t INLINE >+shr128_pair(uint64_t hi, uint64_t lo, const int shift) { >+ return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift); >+} >+ >+typedef struct poly1305_power_t { >+ union { >+ xmmi v; >+ uint64_t u[2]; >+ uint32_t d[4]; >+ } R20,R21,R22,R23,R24,S21,S22,S23,S24; >+} poly1305_power; >+ >+typedef struct poly1305_state_internal_t { >+ poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 bytes of free storage */ >+ union { >+ xmmi H[5]; /* 80 bytes */ >+ uint64_t HH[10]; >+ }; >+ /* uint64_t r0,r1,r2; [24 bytes] */ >+ /* uint64_t pad0,pad1; [16 bytes] */ >+ uint64_t started; /* 8 bytes */ >+ uint64_t leftover; /* 8 bytes */ >+ uint8_t buffer[64]; /* 64 bytes */ >+} poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */ >+ >+static poly1305_state_internal INLINE >+*poly1305_aligned_state(poly1305_state *state) { >+ return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63); >+} >+ >+/* copy 0-63 bytes */ >+static void INLINE >+poly1305_block_copy(uint8_t *dst, const uint8_t *src, size_t bytes) { >+ size_t offset = src - dst; >+ if (bytes & 32) { >+ _mm_storeu_si128((xmmi *)(dst + 0), _mm_loadu_si128((xmmi *)(dst + offset + 0))); >+ _mm_storeu_si128((xmmi *)(dst + 16), _mm_loadu_si128((xmmi *)(dst + offset + 16))); >+ dst += 32; >+ } >+ if (bytes & 16) { _mm_storeu_si128((xmmi *)dst, _mm_loadu_si128((xmmi *)(dst + offset))); dst += 16; } >+ if (bytes & 8) { *(uint64_t *)dst = *(uint64_t *)(dst + offset); dst += 8; } >+ if (bytes & 4) { *(uint32_t *)dst = *(uint32_t *)(dst + offset); dst += 4; } >+ if (bytes & 2) { *(uint16_t *)dst = *(uint16_t *)(dst + offset); dst += 2; } >+ if (bytes & 1) { *( uint8_t *)dst = *( uint8_t *)(dst + offset); } >+} >+ >+/* zero 0-15 bytes */ >+static void INLINE >+poly1305_block_zero(uint8_t *dst, size_t bytes) { >+ if (bytes & 8) { *(uint64_t *)dst = 0; dst += 8; } >+ if (bytes & 4) { *(uint32_t *)dst = 0; dst += 4; } >+ if (bytes & 2) { *(uint16_t *)dst = 0; dst += 2; } >+ if (bytes & 1) { *( uint8_t *)dst = 0; } >+} >+ >+static size_t INLINE >+poly1305_min(size_t a, size_t b) { >+ return (a < b) ? a : b; >+} >+ >+void >+Poly1305Init(poly1305_state *state, const unsigned char key[32]) { >+ poly1305_state_internal *st = poly1305_aligned_state(state); >+ poly1305_power *p; >+ uint64_t r0,r1,r2; >+ uint64_t t0,t1; >+ >+ /* clamp key */ >+ t0 = U8TO64_LE(key + 0); >+ t1 = U8TO64_LE(key + 8); >+ r0 = t0 & 0xffc0fffffff; t0 >>= 44; t0 |= t1 << 20; >+ r1 = t0 & 0xfffffc0ffff; t1 >>= 24; >+ r2 = t1 & 0x00ffffffc0f; >+ >+ /* store r in un-used space of st->P[1] */ >+ p = &st->P[1]; >+ p->R20.d[1] = (uint32_t)(r0 ); >+ p->R20.d[3] = (uint32_t)(r0 >> 32); >+ p->R21.d[1] = (uint32_t)(r1 ); >+ p->R21.d[3] = (uint32_t)(r1 >> 32); >+ p->R22.d[1] = (uint32_t)(r2 ); >+ p->R22.d[3] = (uint32_t)(r2 >> 32); >+ >+ /* store pad */ >+ p->R23.d[1] = U8TO32_LE(key + 16); >+ p->R23.d[3] = U8TO32_LE(key + 20); >+ p->R24.d[1] = U8TO32_LE(key + 24); >+ p->R24.d[3] = U8TO32_LE(key + 28); >+ >+ /* H = 0 */ >+ st->H[0] = _mm_setzero_si128(); >+ st->H[1] = _mm_setzero_si128(); >+ st->H[2] = _mm_setzero_si128(); >+ st->H[3] = _mm_setzero_si128(); >+ st->H[4] = _mm_setzero_si128(); >+ >+ st->started = 0; >+ st->leftover = 0; >+} >+ >+static void >+poly1305_first_block(poly1305_state_internal *st, const uint8_t *m) { >+ const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); >+ const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); >+ const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); >+ xmmi T5,T6; >+ poly1305_power *p; >+ uint128_t d[3]; >+ uint64_t r0,r1,r2; >+ uint64_t r20,r21,r22,s22; >+ uint64_t pad0,pad1; >+ uint64_t c; >+ uint64_t i; >+ >+ /* pull out stored info */ >+ p = &st->P[1]; >+ >+ r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; >+ r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; >+ r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; >+ pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; >+ pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; >+ >+ /* compute powers r^2,r^4 */ >+ r20 = r0; >+ r21 = r1; >+ r22 = r2; >+ for (i = 0; i < 2; i++) { >+ s22 = r22 * (5 << 2); >+ >+ d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22)); >+ d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21)); >+ d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20)); >+ >+ r20 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44); >+ d[1] = add128_64(d[1], c); r21 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44); >+ d[2] = add128_64(d[2], c); r22 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42); >+ r20 += c * 5; c = (r20 >> 44); r20 = r20 & 0xfffffffffff; >+ r21 += c; >+ >+ p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)( r20 ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); >+ p->R21.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); >+ p->R22.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8) ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); >+ p->R23.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0)); >+ p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16) ) ), _MM_SHUFFLE(1,0,1,0)); >+ p->S21.v = _mm_mul_epu32(p->R21.v, FIVE); >+ p->S22.v = _mm_mul_epu32(p->R22.v, FIVE); >+ p->S23.v = _mm_mul_epu32(p->R23.v, FIVE); >+ p->S24.v = _mm_mul_epu32(p->R24.v, FIVE); >+ p--; >+ } >+ >+ /* put saved info back */ >+ p = &st->P[1]; >+ p->R20.d[1] = (uint32_t)(r0 ); >+ p->R20.d[3] = (uint32_t)(r0 >> 32); >+ p->R21.d[1] = (uint32_t)(r1 ); >+ p->R21.d[3] = (uint32_t)(r1 >> 32); >+ p->R22.d[1] = (uint32_t)(r2 ); >+ p->R22.d[3] = (uint32_t)(r2 >> 32); >+ p->R23.d[1] = (uint32_t)(pad0 ); >+ p->R23.d[3] = (uint32_t)(pad0 >> 32); >+ p->R24.d[1] = (uint32_t)(pad1 ); >+ p->R24.d[3] = (uint32_t)(pad1 >> 32); >+ >+ /* H = [Mx,My] */ >+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); >+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); >+ st->H[0] = _mm_and_si128(MMASK, T5); >+ st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); >+ st->H[2] = _mm_and_si128(MMASK, T5); >+ st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); >+} >+ >+static void >+poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, size_t bytes) { >+ const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); >+ const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); >+ const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); >+ >+ poly1305_power *p; >+ xmmi H0,H1,H2,H3,H4; >+ xmmi T0,T1,T2,T3,T4,T5,T6; >+ xmmi M0,M1,M2,M3,M4; >+ xmmi C1,C2; >+ >+ H0 = st->H[0]; >+ H1 = st->H[1]; >+ H2 = st->H[2]; >+ H3 = st->H[3]; >+ H4 = st->H[4]; >+ >+ while (bytes >= 64) { >+ /* H *= [r^4,r^4] */ >+ p = &st->P[0]; >+ T0 = _mm_mul_epu32(H0, p->R20.v); >+ T1 = _mm_mul_epu32(H0, p->R21.v); >+ T2 = _mm_mul_epu32(H0, p->R22.v); >+ T3 = _mm_mul_epu32(H0, p->R23.v); >+ T4 = _mm_mul_epu32(H0, p->R24.v); >+ T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); >+ >+ /* H += [Mx,My]*[r^2,r^2] */ >+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); >+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); >+ M0 = _mm_and_si128(MMASK, T5); >+ M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); >+ M2 = _mm_and_si128(MMASK, T5); >+ M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); >+ >+ p = &st->P[1]; >+ T5 = _mm_mul_epu32(M0, p->R20.v); T6 = _mm_mul_epu32(M0, p->R21.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(M1, p->S24.v); T6 = _mm_mul_epu32(M1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(M2, p->S23.v); T6 = _mm_mul_epu32(M2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(M3, p->S22.v); T6 = _mm_mul_epu32(M3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(M4, p->S21.v); T6 = _mm_mul_epu32(M4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(M0, p->R22.v); T6 = _mm_mul_epu32(M0, p->R23.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(M1, p->R21.v); T6 = _mm_mul_epu32(M1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(M2, p->R20.v); T6 = _mm_mul_epu32(M2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(M3, p->S24.v); T6 = _mm_mul_epu32(M3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(M4, p->S23.v); T6 = _mm_mul_epu32(M4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(M0, p->R24.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(M1, p->R23.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(M2, p->R22.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(M3, p->R21.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(M4, p->R20.v); T4 = _mm_add_epi64(T4, T5); >+ >+ /* H += [Mx,My] */ >+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 32)), _mm_loadl_epi64((xmmi *)(m + 48))); >+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 40)), _mm_loadl_epi64((xmmi *)(m + 56))); >+ M0 = _mm_and_si128(MMASK, T5); >+ M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); >+ M2 = _mm_and_si128(MMASK, T5); >+ M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); >+ >+ T0 = _mm_add_epi64(T0, M0); >+ T1 = _mm_add_epi64(T1, M1); >+ T2 = _mm_add_epi64(T2, M2); >+ T3 = _mm_add_epi64(T3, M3); >+ T4 = _mm_add_epi64(T4, M4); >+ >+ /* reduce */ >+ C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); >+ C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); >+ C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); >+ C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); >+ >+ /* H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) */ >+ H0 = T0; >+ H1 = T1; >+ H2 = T2; >+ H3 = T3; >+ H4 = T4; >+ >+ m += 64; >+ bytes -= 64; >+ } >+ >+ st->H[0] = H0; >+ st->H[1] = H1; >+ st->H[2] = H2; >+ st->H[3] = H3; >+ st->H[4] = H4; >+} >+ >+static size_t >+poly1305_combine(poly1305_state_internal *st, const uint8_t *m, size_t bytes) { >+ const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask); >+ const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128); >+ const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5); >+ >+ poly1305_power *p; >+ xmmi H0,H1,H2,H3,H4; >+ xmmi M0,M1,M2,M3,M4; >+ xmmi T0,T1,T2,T3,T4,T5,T6; >+ xmmi C1,C2; >+ >+ uint64_t r0,r1,r2; >+ uint64_t t0,t1,t2,t3,t4; >+ uint64_t c; >+ size_t consumed = 0; >+ >+ H0 = st->H[0]; >+ H1 = st->H[1]; >+ H2 = st->H[2]; >+ H3 = st->H[3]; >+ H4 = st->H[4]; >+ >+ /* p = [r^2,r^2] */ >+ p = &st->P[1]; >+ >+ if (bytes >= 32) { >+ /* H *= [r^2,r^2] */ >+ T0 = _mm_mul_epu32(H0, p->R20.v); >+ T1 = _mm_mul_epu32(H0, p->R21.v); >+ T2 = _mm_mul_epu32(H0, p->R22.v); >+ T3 = _mm_mul_epu32(H0, p->R23.v); >+ T4 = _mm_mul_epu32(H0, p->R24.v); >+ T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); >+ >+ /* H += [Mx,My] */ >+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16))); >+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24))); >+ M0 = _mm_and_si128(MMASK, T5); >+ M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12)); >+ M2 = _mm_and_si128(MMASK, T5); >+ M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26)); >+ M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT); >+ >+ T0 = _mm_add_epi64(T0, M0); >+ T1 = _mm_add_epi64(T1, M1); >+ T2 = _mm_add_epi64(T2, M2); >+ T3 = _mm_add_epi64(T3, M3); >+ T4 = _mm_add_epi64(T4, M4); >+ >+ /* reduce */ >+ C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); >+ C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); >+ C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); >+ C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); >+ >+ /* H = (H*[r^2,r^2] + [Mx,My]) */ >+ H0 = T0; >+ H1 = T1; >+ H2 = T2; >+ H3 = T3; >+ H4 = T4; >+ >+ consumed = 32; >+ } >+ >+ /* finalize, H *= [r^2,r] */ >+ r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; >+ r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; >+ r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; >+ >+ p->R20.d[2] = (uint32_t)( r0 ) & 0x3ffffff; >+ p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff; >+ p->R22.d[2] = (uint32_t)((r1 >> 8) ) & 0x3ffffff; >+ p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff; >+ p->R24.d[2] = (uint32_t)((r2 >> 16) ) ; >+ p->S21.d[2] = p->R21.d[2] * 5; >+ p->S22.d[2] = p->R22.d[2] * 5; >+ p->S23.d[2] = p->R23.d[2] * 5; >+ p->S24.d[2] = p->R24.d[2] * 5; >+ >+ /* H *= [r^2,r] */ >+ T0 = _mm_mul_epu32(H0, p->R20.v); >+ T1 = _mm_mul_epu32(H0, p->R21.v); >+ T2 = _mm_mul_epu32(H0, p->R22.v); >+ T3 = _mm_mul_epu32(H0, p->R23.v); >+ T4 = _mm_mul_epu32(H0, p->R24.v); >+ T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6); >+ T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6); >+ T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5); >+ T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5); >+ >+ C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2); >+ C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE)); >+ C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2); >+ C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1); >+ >+ /* H = H[0]+H[1] */ >+ H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8)); >+ H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8)); >+ H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8)); >+ H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8)); >+ H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8)); >+ >+ t0 = _mm_cvtsi128_si32(H0) ; c = (t0 >> 26); t0 &= 0x3ffffff; >+ t1 = _mm_cvtsi128_si32(H1) + c; c = (t1 >> 26); t1 &= 0x3ffffff; >+ t2 = _mm_cvtsi128_si32(H2) + c; c = (t2 >> 26); t2 &= 0x3ffffff; >+ t3 = _mm_cvtsi128_si32(H3) + c; c = (t3 >> 26); t3 &= 0x3ffffff; >+ t4 = _mm_cvtsi128_si32(H4) + c; c = (t4 >> 26); t4 &= 0x3ffffff; >+ t0 = t0 + (c * 5); c = (t0 >> 26); t0 &= 0x3ffffff; >+ t1 = t1 + c; >+ >+ st->HH[0] = ((t0 ) | (t1 << 26) ) & 0xfffffffffffull; >+ st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & 0xfffffffffffull; >+ st->HH[2] = ((t3 >> 10) | (t4 << 16) ) & 0x3ffffffffffull; >+ >+ return consumed; >+} >+ >+void >+Poly1305Update(poly1305_state *state, const unsigned char *m, size_t bytes) { >+ poly1305_state_internal *st = poly1305_aligned_state(state); >+ size_t want; >+ >+ /* need at least 32 initial bytes to start the accelerated branch */ >+ if (!st->started) { >+ if ((st->leftover == 0) && (bytes > 32)) { >+ poly1305_first_block(st, m); >+ m += 32; >+ bytes -= 32; >+ } else { >+ want = poly1305_min(32 - st->leftover, bytes); >+ poly1305_block_copy(st->buffer + st->leftover, m, want); >+ bytes -= want; >+ m += want; >+ st->leftover += want; >+ if ((st->leftover < 32) || (bytes == 0)) >+ return; >+ poly1305_first_block(st, st->buffer); >+ st->leftover = 0; >+ } >+ st->started = 1; >+ } >+ >+ /* handle leftover */ >+ if (st->leftover) { >+ want = poly1305_min(64 - st->leftover, bytes); >+ poly1305_block_copy(st->buffer + st->leftover, m, want); >+ bytes -= want; >+ m += want; >+ st->leftover += want; >+ if (st->leftover < 64) >+ return; >+ poly1305_blocks(st, st->buffer, 64); >+ st->leftover = 0; >+ } >+ >+ /* process 64 byte blocks */ >+ if (bytes >= 64) { >+ want = (bytes & ~63); >+ poly1305_blocks(st, m, want); >+ m += want; >+ bytes -= want; >+ } >+ >+ if (bytes) { >+ poly1305_block_copy(st->buffer + st->leftover, m, bytes); >+ st->leftover += bytes; >+ } >+} >+ >+void >+Poly1305Finish(poly1305_state *state, unsigned char mac[16]) { >+ poly1305_state_internal *st = poly1305_aligned_state(state); >+ size_t leftover = st->leftover; >+ uint8_t *m = st->buffer; >+ uint128_t d[3]; >+ uint64_t h0,h1,h2; >+ uint64_t t0,t1; >+ uint64_t g0,g1,g2,c,nc; >+ uint64_t r0,r1,r2,s1,s2; >+ poly1305_power *p; >+ >+ if (st->started) { >+ size_t consumed = poly1305_combine(st, m, leftover); >+ leftover -= consumed; >+ m += consumed; >+ } >+ >+ /* st->HH will either be 0 or have the combined result */ >+ h0 = st->HH[0]; >+ h1 = st->HH[1]; >+ h2 = st->HH[2]; >+ >+ p = &st->P[1]; >+ r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1]; >+ r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1]; >+ r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1]; >+ s1 = r1 * (5 << 2); >+ s2 = r2 * (5 << 2); >+ >+ if (leftover < 16) >+ goto poly1305_donna_atmost15bytes; >+ >+poly1305_donna_atleast16bytes: >+ t0 = U8TO64_LE(m + 0); >+ t1 = U8TO64_LE(m + 8); >+ h0 += t0 & 0xfffffffffff; >+ t0 = shr128_pair(t1, t0, 44); >+ h1 += t0 & 0xfffffffffff; >+ h2 += (t1 >> 24) | ((uint64_t)1 << 40); >+ >+poly1305_donna_mul: >+ d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), mul64x64_128(h2, s1)); >+ d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), mul64x64_128(h2, s2)); >+ d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), mul64x64_128(h2, r0)); >+ h0 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44); >+ d[1] = add128_64(d[1], c); h1 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44); >+ d[2] = add128_64(d[2], c); h2 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42); >+ h0 += c * 5; >+ >+ m += 16; >+ leftover -= 16; >+ if (leftover >= 16) goto poly1305_donna_atleast16bytes; >+ >+ /* final bytes */ >+poly1305_donna_atmost15bytes: >+ if (!leftover) goto poly1305_donna_finish; >+ >+ m[leftover++] = 1; >+ poly1305_block_zero(m + leftover, 16 - leftover); >+ leftover = 16; >+ >+ t0 = U8TO64_LE(m+0); >+ t1 = U8TO64_LE(m+8); >+ h0 += t0 & 0xfffffffffff; t0 = shr128_pair(t1, t0, 44); >+ h1 += t0 & 0xfffffffffff; >+ h2 += (t1 >> 24); >+ >+ goto poly1305_donna_mul; >+ >+poly1305_donna_finish: >+ c = (h0 >> 44); h0 &= 0xfffffffffff; >+ h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff; >+ h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff; >+ h0 += c * 5; >+ >+ g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff; >+ g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff; >+ g2 = h2 + c - ((uint64_t)1 << 42); >+ >+ c = (g2 >> 63) - 1; >+ nc = ~c; >+ h0 = (h0 & nc) | (g0 & c); >+ h1 = (h1 & nc) | (g1 & c); >+ h2 = (h2 & nc) | (g2 & c); >+ >+ /* pad */ >+ t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1]; >+ t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1]; >+ h0 += (t0 & 0xfffffffffff) ; c = (h0 >> 44); h0 &= 0xfffffffffff; t0 = shr128_pair(t1, t0, 44); >+ h1 += (t0 & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff; t1 = (t1 >> 24); >+ h2 += (t1 ) + c; >+ >+ U64TO8_LE(mac + 0, ((h0 ) | (h1 << 44))); >+ U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24))); >+} >diff -r b008c4b827be lib/freebl/poly1305/poly1305.c >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/poly1305/poly1305.c Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,254 @@ >+/* This Source Code Form is subject to the terms of the Mozilla Public >+ * License, v. 2.0. If a copy of the MPL was not distributed with this >+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ >+ >+/* This implementation of poly1305 is by Andrew Moon >+ * (https://github.com/floodyberry/poly1305-donna) and released as public >+ * domain. */ >+ >+#include <string.h> >+#include <stdint.h> >+ >+#include "poly1305.h" >+ >+#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) >+/* We can assume little-endian. */ >+static uint32_t U8TO32_LE(const unsigned char *m) { >+ uint32_t r; >+ memcpy(&r, m, sizeof(r)); >+ return r; >+} >+ >+static void U32TO8_LE(unsigned char *m, uint32_t v) { >+ memcpy(m, &v, sizeof(v)); >+} >+#else >+static void U8TO32_LE(const unsigned char *m) { >+ return (uint32_t)m[0] | >+ (uint32_t)m[1] << 8 | >+ (uint32_t)m[2] << 16 | >+ (uint32_t)m[3] << 24; >+} >+ >+static void U32TO8_LE(unsigned char *m, uint32_t v) { >+ m[0] = v; >+ m[1] = v >> 8; >+ m[2] = v >> 16; >+ m[3] = v >> 24; >+} >+#endif >+ >+static uint64_t >+mul32x32_64(uint32_t a, uint32_t b) { >+ return (uint64_t)a * b; >+} >+ >+struct poly1305_state_st { >+ uint32_t r0,r1,r2,r3,r4; >+ uint32_t s1,s2,s3,s4; >+ uint32_t h0,h1,h2,h3,h4; >+ unsigned char buf[16]; >+ unsigned int buf_used; >+ unsigned char key[16]; >+}; >+ >+/* update updates |state| given some amount of input data. This function may >+ * only be called with a |len| that is not a multiple of 16 at the end of the >+ * data. Otherwise the input must be buffered into 16 byte blocks. */ >+static void update(struct poly1305_state_st *state, const unsigned char *in, >+ size_t len) { >+ uint32_t t0,t1,t2,t3; >+ uint64_t t[5]; >+ uint32_t b; >+ uint64_t c; >+ size_t j; >+ unsigned char mp[16]; >+ >+ if (len < 16) >+ goto poly1305_donna_atmost15bytes; >+ >+poly1305_donna_16bytes: >+ t0 = U8TO32_LE(in); >+ t1 = U8TO32_LE(in+4); >+ t2 = U8TO32_LE(in+8); >+ t3 = U8TO32_LE(in+12); >+ >+ in += 16; >+ len -= 16; >+ >+ state->h0 += t0 & 0x3ffffff; >+ state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; >+ state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; >+ state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; >+ state->h4 += (t3 >> 8) | (1 << 24); >+ >+poly1305_donna_mul: >+ t[0] = mul32x32_64(state->h0,state->r0) + >+ mul32x32_64(state->h1,state->s4) + >+ mul32x32_64(state->h2,state->s3) + >+ mul32x32_64(state->h3,state->s2) + >+ mul32x32_64(state->h4,state->s1); >+ t[1] = mul32x32_64(state->h0,state->r1) + >+ mul32x32_64(state->h1,state->r0) + >+ mul32x32_64(state->h2,state->s4) + >+ mul32x32_64(state->h3,state->s3) + >+ mul32x32_64(state->h4,state->s2); >+ t[2] = mul32x32_64(state->h0,state->r2) + >+ mul32x32_64(state->h1,state->r1) + >+ mul32x32_64(state->h2,state->r0) + >+ mul32x32_64(state->h3,state->s4) + >+ mul32x32_64(state->h4,state->s3); >+ t[3] = mul32x32_64(state->h0,state->r3) + >+ mul32x32_64(state->h1,state->r2) + >+ mul32x32_64(state->h2,state->r1) + >+ mul32x32_64(state->h3,state->r0) + >+ mul32x32_64(state->h4,state->s4); >+ t[4] = mul32x32_64(state->h0,state->r4) + >+ mul32x32_64(state->h1,state->r3) + >+ mul32x32_64(state->h2,state->r2) + >+ mul32x32_64(state->h3,state->r1) + >+ mul32x32_64(state->h4,state->r0); >+ >+ state->h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26); >+ t[1] += c; state->h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26); >+ t[2] += b; state->h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26); >+ t[3] += b; state->h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26); >+ t[4] += b; state->h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26); >+ state->h0 += b * 5; >+ >+ if (len >= 16) >+ goto poly1305_donna_16bytes; >+ >+ /* final bytes */ >+poly1305_donna_atmost15bytes: >+ if (!len) >+ return; >+ >+ for (j = 0; j < len; j++) >+ mp[j] = in[j]; >+ mp[j++] = 1; >+ for (; j < 16; j++) >+ mp[j] = 0; >+ len = 0; >+ >+ t0 = U8TO32_LE(mp+0); >+ t1 = U8TO32_LE(mp+4); >+ t2 = U8TO32_LE(mp+8); >+ t3 = U8TO32_LE(mp+12); >+ >+ state->h0 += t0 & 0x3ffffff; >+ state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; >+ state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff; >+ state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff; >+ state->h4 += (t3 >> 8); >+ >+ goto poly1305_donna_mul; >+} >+ >+void Poly1305Init(poly1305_state *statep, const unsigned char key[32]) { >+ struct poly1305_state_st *state = (struct poly1305_state_st*) statep; >+ uint32_t t0,t1,t2,t3; >+ >+ t0 = U8TO32_LE(key+0); >+ t1 = U8TO32_LE(key+4); >+ t2 = U8TO32_LE(key+8); >+ t3 = U8TO32_LE(key+12); >+ >+ /* precompute multipliers */ >+ state->r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; >+ state->r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12; >+ state->r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18; >+ state->r3 = t2 & 0x3f03fff; t3 >>= 8; >+ state->r4 = t3 & 0x00fffff; >+ >+ state->s1 = state->r1 * 5; >+ state->s2 = state->r2 * 5; >+ state->s3 = state->r3 * 5; >+ state->s4 = state->r4 * 5; >+ >+ /* init state */ >+ state->h0 = 0; >+ state->h1 = 0; >+ state->h2 = 0; >+ state->h3 = 0; >+ state->h4 = 0; >+ >+ state->buf_used = 0; >+ memcpy(state->key, key + 16, sizeof(state->key)); >+} >+ >+void Poly1305Update(poly1305_state *statep, const unsigned char *in, >+ size_t in_len) { >+ unsigned int i; >+ struct poly1305_state_st *state = (struct poly1305_state_st*) statep; >+ >+ if (state->buf_used) { >+ unsigned int todo = 16 - state->buf_used; >+ if (todo > in_len) >+ todo = in_len; >+ for (i = 0; i < todo; i++) >+ state->buf[state->buf_used + i] = in[i]; >+ state->buf_used += todo; >+ in_len -= todo; >+ in += todo; >+ >+ if (state->buf_used == 16) { >+ update(state, state->buf, 16); >+ state->buf_used = 0; >+ } >+ } >+ >+ if (in_len >= 16) { >+ size_t todo = in_len & ~0xf; >+ update(state, in, todo); >+ in += todo; >+ in_len &= 0xf; >+ } >+ >+ if (in_len) { >+ for (i = 0; i < in_len; i++) >+ state->buf[i] = in[i]; >+ state->buf_used = in_len; >+ } >+} >+ >+void Poly1305Finish(poly1305_state *statep, unsigned char mac[16]) { >+ struct poly1305_state_st *state = (struct poly1305_state_st*) statep; >+ uint64_t f0,f1,f2,f3; >+ uint32_t g0,g1,g2,g3,g4; >+ uint32_t b, nb; >+ >+ if (state->buf_used) >+ update(state, state->buf, state->buf_used); >+ >+ b = state->h0 >> 26; state->h0 = state->h0 & 0x3ffffff; >+ state->h1 += b; b = state->h1 >> 26; state->h1 = state->h1 & 0x3ffffff; >+ state->h2 += b; b = state->h2 >> 26; state->h2 = state->h2 & 0x3ffffff; >+ state->h3 += b; b = state->h3 >> 26; state->h3 = state->h3 & 0x3ffffff; >+ state->h4 += b; b = state->h4 >> 26; state->h4 = state->h4 & 0x3ffffff; >+ state->h0 += b * 5; >+ >+ g0 = state->h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff; >+ g1 = state->h1 + b; b = g1 >> 26; g1 &= 0x3ffffff; >+ g2 = state->h2 + b; b = g2 >> 26; g2 &= 0x3ffffff; >+ g3 = state->h3 + b; b = g3 >> 26; g3 &= 0x3ffffff; >+ g4 = state->h4 + b - (1 << 26); >+ >+ b = (g4 >> 31) - 1; >+ nb = ~b; >+ state->h0 = (state->h0 & nb) | (g0 & b); >+ state->h1 = (state->h1 & nb) | (g1 & b); >+ state->h2 = (state->h2 & nb) | (g2 & b); >+ state->h3 = (state->h3 & nb) | (g3 & b); >+ state->h4 = (state->h4 & nb) | (g4 & b); >+ >+ f0 = ((state->h0 ) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]); >+ f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&state->key[4]); >+ f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&state->key[8]); >+ f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&state->key[12]); >+ >+ U32TO8_LE(&mac[ 0], f0); f1 += (f0 >> 32); >+ U32TO8_LE(&mac[ 4], f1); f2 += (f1 >> 32); >+ U32TO8_LE(&mac[ 8], f2); f3 += (f2 >> 32); >+ U32TO8_LE(&mac[12], f3); >+} >diff -r b008c4b827be lib/freebl/poly1305/poly1305.h >--- /dev/null Thu Jan 01 00:00:00 1970 +0000 >+++ b/lib/freebl/poly1305/poly1305.h Thu Sep 19 14:30:56 2013 -0400 >@@ -0,0 +1,31 @@ >+/* >+ * poly1305.h - header file for Poly1305 implementation. >+ * >+ * This Source Code Form is subject to the terms of the Mozilla Public >+ * License, v. 2.0. If a copy of the MPL was not distributed with this >+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ >+ >+#ifndef FREEBL_POLY1305_H_ >+#define FREEBL_POLY1305_H_ >+ >+typedef unsigned char poly1305_state[512]; >+ >+/* Poly1305Init sets up |state| so that it can be used to calculate an >+ * authentication tag with the one-time key |key|. Note that |key| is a >+ * one-time key and therefore there is no `reset' method because that would >+ * enable several messages to be authenticated with the same key. */ >+extern void Poly1305Init(poly1305_state* state, >+ const unsigned char key[32]); >+ >+/* Poly1305Update processes |in_len| bytes from |in|. It can be called zero or >+ * more times after poly1305_init. */ >+extern void Poly1305Update(poly1305_state* state, >+ const unsigned char *in, >+ size_t inLen); >+ >+/* Poly1305Finish completes the poly1305 calculation and writes a 16 byte >+ * authentication tag to |mac|. */ >+extern void Poly1305Finish(poly1305_state* state, >+ unsigned char mac[16]); >+ >+#endif /* FREEBL_POLY1305_H_ */ >diff -r b008c4b827be lib/pk11wrap/pk11mech.c >--- a/lib/pk11wrap/pk11mech.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/pk11wrap/pk11mech.c Thu Sep 19 14:30:56 2013 -0400 >@@ -389,20 +389,22 @@ > case CKM_SHA384_HMAC_GENERAL: > case CKM_SHA512_HMAC: > case CKM_SHA512_HMAC_GENERAL: > case CKM_MD2_HMAC: > case CKM_MD2_HMAC_GENERAL: > case CKM_MD5_HMAC: > case CKM_MD5_HMAC_GENERAL: > case CKM_TLS_PRF_GENERAL: > case CKM_NSS_TLS_PRF_GENERAL_SHA256: > return CKK_GENERIC_SECRET; >+ case CKM_NSS_CHACHA20_POLY1305: >+ return CKK_NSS_CHACHA20; > default: > return pk11_lookup(type)->keyType; > } > } > > /* > * Get the Key Gen Mechanism needed for the given > * crypto mechanism > */ > CK_MECHANISM_TYPE >@@ -606,20 +608,22 @@ > case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC: > case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC: > case CKM_PBE_SHA1_RC2_40_CBC: > case CKM_PBE_SHA1_RC2_128_CBC: > case CKM_PBE_SHA1_RC4_40: > case CKM_PBE_SHA1_RC4_128: > case CKM_PBE_SHA1_DES3_EDE_CBC: > case CKM_PBE_SHA1_DES2_EDE_CBC: > case CKM_PKCS5_PBKD2: > return type; >+ case CKM_NSS_CHACHA20_POLY1305: >+ return CKM_NSS_CHACHA20_KEY_GEN; > default: > return pk11_lookup(type)->keyGen; > } > } > > /* > * get the mechanism block size > */ > int > PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params) >diff -r b008c4b827be lib/softoken/pkcs11.c >--- a/lib/softoken/pkcs11.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/softoken/pkcs11.c Thu Sep 19 14:30:56 2013 -0400 >@@ -496,21 +496,23 @@ > {CKM_NSS_JPAKE_ROUND2_SHA1, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_ROUND2_SHA256, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_ROUND2_SHA384, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_ROUND2_SHA512, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_FINAL_SHA1, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_FINAL_SHA256, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_FINAL_SHA384, {0, 0, CKF_DERIVE}, PR_TRUE}, > {CKM_NSS_JPAKE_FINAL_SHA512, {0, 0, CKF_DERIVE}, PR_TRUE}, > /* -------------------- Constant Time TLS MACs ----------------------- */ > {CKM_NSS_HMAC_CONSTANT_TIME, {0, 0, CKF_DIGEST}, PR_TRUE}, >- {CKM_NSS_SSL3_MAC_CONSTANT_TIME, {0, 0, CKF_DIGEST}, PR_TRUE} >+ {CKM_NSS_SSL3_MAC_CONSTANT_TIME, {0, 0, CKF_DIGEST}, PR_TRUE}, >+ /* -------------------- ChaCha20+Poly1305 AEAD ----------------------- */ >+ {CKM_NSS_CHACHA20_POLY1305, {32, 32, CKF_EN_DE}, PR_TRUE} > }; > static const CK_ULONG mechanismCount = sizeof(mechanisms)/sizeof(mechanisms[0]); > > /* sigh global so fipstokn can read it */ > PRBool nsc_init = PR_FALSE; > > #if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED) > > #include <pthread.h> > >diff -r b008c4b827be lib/softoken/pkcs11c.c >--- a/lib/softoken/pkcs11c.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/softoken/pkcs11c.c Thu Sep 19 14:30:56 2013 -0400 >@@ -468,20 +468,124 @@ > > static SECStatus > sftk_DecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output, > unsigned int *outputLen, unsigned int maxLen, > unsigned char *input, unsigned int inputLen) > { > return RSA_DecryptOAEP(info->params, info->key, output, outputLen, > maxLen, input, inputLen); > } > >+/* sftk_ChaCha20Poly1305_Context saves the key and additional data for a >+ * ChaCha20+Poly1305 AEAD operation. */ >+struct sftk_ChaCha20Poly1305_Context { >+ unsigned char key[32]; >+ unsigned char nonce[8]; >+ unsigned char ad[16]; >+ unsigned char *adOverflow; >+ unsigned int adLen; >+ unsigned char tagLen; >+}; >+ >+static struct sftk_ChaCha20Poly1305_Context* sftk_ChaCha20Poly1305_New( >+ const unsigned char *key, >+ const CK_AEAD_PARAMS* params) { >+ struct sftk_ChaCha20Poly1305_Context* ctx; >+ >+ if (params->ulIvLen != sizeof(ctx->nonce)) >+ return NULL; >+ >+ if (params->ulTagBits == 0 || >+ params->ulTagBits > 128 || >+ (params->ulTagBits & 3) != 0) { >+ return NULL; >+ } >+ >+ ctx = PORT_Alloc(sizeof(struct sftk_ChaCha20Poly1305_Context)); >+ if (ctx == NULL) >+ return NULL; >+ >+ memcpy(ctx->nonce, params->pIv, sizeof(ctx->nonce)); >+ memcpy(ctx->key, key, sizeof(ctx->key)); >+ ctx->tagLen = params->ulTagBits >> 3; >+ >+ if (params->ulAADLen > sizeof(ctx->ad)) { >+ /* Need to allocate an overflow buffer for the additional data. */ >+ ctx->adOverflow = PORT_Alloc(params->ulAADLen); >+ if (!ctx->adOverflow) { >+ PORT_Free(ctx); >+ return NULL; >+ } >+ memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen); >+ } else { >+ ctx->adOverflow = NULL; >+ memcpy(ctx->ad, params->pAAD, params->ulAADLen); >+ } >+ ctx->adLen = params->ulAADLen; >+ >+ return ctx; >+} >+ >+static void sftk_ChaCha20Poly1305_Free( >+ struct sftk_ChaCha20Poly1305_Context *ctx) { >+ if (ctx->adOverflow != NULL) { >+ PORT_Free(ctx->adOverflow); >+ } >+ PORT_Free(ctx); >+} >+ >+static SECStatus sftk_ChaCha20Poly1305_Seal( >+ const struct sftk_ChaCha20Poly1305_Context *ctx, >+ unsigned char *output, >+ unsigned int *outputLen, >+ unsigned int maxOutputLen, >+ const unsigned char *input, >+ unsigned int inputLen) { >+ const unsigned char* ad = ctx->adOverflow; >+ >+ if (maxOutputLen < inputLen + 16) { >+ return SECFailure; >+ } >+ >+ if (ad == NULL) { >+ ad = ctx->ad; >+ } >+ >+ *outputLen = inputLen + 16; >+ >+ return ChaCha20Poly1305_Seal(output, ad, ctx->adLen, input, inputLen, >+ ctx->tagLen, ctx->key, ctx->nonce); >+} >+ >+static SECStatus sftk_ChaCha20Poly1305_Open( >+ const struct sftk_ChaCha20Poly1305_Context *ctx, >+ unsigned char *output, >+ unsigned int *outputLen, >+ unsigned int maxOutputLen, >+ const unsigned char *input, >+ unsigned int inputLen) { >+ const unsigned char* ad = ctx->adOverflow; >+ >+ if (maxOutputLen < inputLen || inputLen < 16) { >+ return SECFailure; >+ } >+ >+ if (ad == NULL) { >+ ad = ctx->ad; >+ } >+ >+ *outputLen = inputLen - 16; >+ >+ return ChaCha20Poly1305_Open(output, ad, ctx->adLen, input, inputLen, >+ ctx->tagLen, ctx->key, ctx->nonce); >+} >+ > /** NSC_CryptInit initializes an encryption/Decryption operation. > * > * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey. > * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block > * ciphers MAC'ing. > */ > static CK_RV > sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, > CK_OBJECT_HANDLE hKey, > CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage, >@@ -863,20 +967,44 @@ > isEncrypt, att->attrib.ulValueLen, 16); > sftk_FreeAttribute(att); > if (context->cipherInfo == NULL) { > crv = CKR_HOST_MEMORY; > break; > } > context->update = (SFTKCipher) (isEncrypt ? AES_Encrypt : AES_Decrypt); > context->destroy = (SFTKDestroy) AES_DestroyContext; > break; > >+ case CKM_NSS_CHACHA20_POLY1305: >+ context->multi = PR_FALSE; >+ if (key_type != CKK_NSS_CHACHA20) { >+ crv = CKR_KEY_TYPE_INCONSISTENT; >+ break; >+ } >+ att = sftk_FindAttribute(key,CKA_VALUE); >+ if (att == NULL) { >+ crv = CKR_KEY_HANDLE_INVALID; >+ break; >+ } >+ context->cipherInfo = sftk_ChaCha20Poly1305_New( >+ (unsigned char*) att->attrib.pValue, >+ (CK_AEAD_PARAMS*) pMechanism->pParameter); >+ sftk_FreeAttribute(att); >+ if (context->cipherInfo == NULL) { >+ crv = CKR_HOST_MEMORY; >+ break; >+ } >+ context->update = (SFTKCipher) (isEncrypt ? sftk_ChaCha20Poly1305_Seal : >+ sftk_ChaCha20Poly1305_Open); >+ context->destroy = (SFTKDestroy) sftk_ChaCha20Poly1305_Free; >+ break; >+ > case CKM_NETSCAPE_AES_KEY_WRAP_PAD: > context->doPad = PR_TRUE; > /* fall thru */ > case CKM_NETSCAPE_AES_KEY_WRAP: > context->multi = PR_FALSE; > context->blockSize = 8; > if (key_type != CKK_AES) { > crv = CKR_KEY_TYPE_INCONSISTENT; > break; > } >@@ -3265,20 +3393,24 @@ > *key_length = 16; > break; > case CKM_CAMELLIA_KEY_GEN: > *key_type = CKK_CAMELLIA; > if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; > break; > case CKM_AES_KEY_GEN: > *key_type = CKK_AES; > if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; > break; >+ case CKM_NSS_CHACHA20_KEY_GEN: >+ *key_type = CKK_NSS_CHACHA20; >+ if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; >+ break; > default: > PORT_Assert(0); > crv = CKR_MECHANISM_INVALID; > break; > } > > return crv; > } > > CK_RV >@@ -3510,20 +3642,21 @@ > case CKM_DES2_KEY_GEN: > case CKM_DES3_KEY_GEN: > checkWeak = PR_TRUE; > /* fall through */ > case CKM_RC2_KEY_GEN: > case CKM_RC4_KEY_GEN: > case CKM_GENERIC_SECRET_KEY_GEN: > case CKM_SEED_KEY_GEN: > case CKM_CAMELLIA_KEY_GEN: > case CKM_AES_KEY_GEN: >+ case CKM_NSS_CHACHA20_KEY_GEN: > #if NSS_SOFTOKEN_DOES_RC5 > case CKM_RC5_KEY_GEN: > #endif > crv = nsc_SetupBulkKeyGen(pMechanism->mechanism,&key_type,&key_length); > break; > case CKM_SSL3_PRE_MASTER_KEY_GEN: > key_type = CKK_GENERIC_SECRET; > key_length = 48; > key_gen_type = nsc_ssl; > break; >diff -r b008c4b827be lib/ssl/ssl3con.c >--- a/lib/ssl/ssl3con.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/ssl3con.c Thu Sep 19 14:30:56 2013 -0400 >@@ -79,20 +79,22 @@ > #define MIN_SEND_BUF_LENGTH 4000 > > /* This list of SSL3 cipher suites is sorted in descending order of > * precedence (desirability). It only includes cipher suites we implement. > * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites > * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c) > */ > static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { > /* cipher_suite policy enabled isPresent */ > #ifdef NSS_ENABLE_ECC >+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, >+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, SSL_ALLOWED, PR_FALSE, PR_FALSE}, > { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, > { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, > #endif /* NSS_ENABLE_ECC */ > { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, > { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, > > #ifdef NSS_ENABLE_ECC > { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, > { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, > #endif /* NSS_ENABLE_ECC */ >@@ -251,20 +253,21 @@ > {cipher_des, calg_des, 8, 8, type_block, 8, 8, 0, 0}, > {cipher_3des, calg_3des, 24,24, type_block, 8, 8, 0, 0}, > {cipher_des40, calg_des, 8, 5, type_block, 8, 8, 0, 0}, > {cipher_idea, calg_idea, 16,16, type_block, 8, 8, 0, 0}, > {cipher_aes_128, calg_aes, 16,16, type_block, 16,16, 0, 0}, > {cipher_aes_256, calg_aes, 32,32, type_block, 16,16, 0, 0}, > {cipher_camellia_128, calg_camellia, 16,16, type_block, 16,16, 0, 0}, > {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, > {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, > {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, >+ {cipher_chacha20, calg_chacha20, 32,32, type_aead, 0, 0,16, 0}, > {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, > }; > > static const ssl3KEADef kea_defs[] = > { /* indexed by SSL3KeyExchangeAlgorithm */ > /* kea exchKeyType signKeyType is_limited limit tls_keygen */ > {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE}, > {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE}, > {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE}, > {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE}, >@@ -377,20 +380,22 @@ > {TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, > cipher_rc4_56, mac_sha,kea_rsa_export_1024}, > > {SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_rsa_fips}, > {SSL_RSA_FIPS_WITH_DES_CBC_SHA, cipher_des, mac_sha, kea_rsa_fips}, > > {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa}, > {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa}, > {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, > {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, >+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_rsa}, >+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa}, > > #ifdef NSS_ENABLE_ECC > {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, > {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, > {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}, > {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa}, > {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa}, > > {TLS_ECDHE_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdhe_ecdsa}, > {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdhe_ecdsa}, >@@ -442,20 +447,21 @@ > { calg_rc4 , CKM_RC4 }, > { calg_rc2 , CKM_RC2_CBC }, > { calg_des , CKM_DES_CBC }, > { calg_3des , CKM_DES3_CBC }, > { calg_idea , CKM_IDEA_CBC }, > { calg_fortezza , CKM_SKIPJACK_CBC64 }, > { calg_aes , CKM_AES_CBC }, > { calg_camellia , CKM_CAMELLIA_CBC }, > { calg_seed , CKM_SEED_CBC }, > { calg_aes_gcm , CKM_AES_GCM }, >+ { calg_chacha20 , CKM_NSS_CHACHA20_POLY1305 }, > /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ > }; > > #define mmech_invalid (CK_MECHANISM_TYPE)0x80000000L > #define mmech_md5 CKM_SSL3_MD5_MAC > #define mmech_sha CKM_SSL3_SHA1_MAC > #define mmech_md5_hmac CKM_MD5_HMAC > #define mmech_sha_hmac CKM_SHA_1_HMAC > #define mmech_sha256_hmac CKM_SHA256_HMAC > >@@ -1933,20 +1939,60 @@ > } else { > rv = AES_Encrypt(cx, out, &uOutLen, maxout, in, inlen); > } > AES_DestroyContext(cx, PR_FALSE); > *outlen += (int) uOutLen; > > return rv; > } > #endif > >+static SECStatus >+ssl3_ChaCha20Poly1305( >+ ssl3KeyMaterial *keys, >+ PRBool doDecrypt, >+ unsigned char *out, >+ int *outlen, >+ int maxout, >+ const unsigned char *in, >+ int inlen, >+ const unsigned char *additionalData, >+ int additionalDataLen) >+{ >+ SECItem param; >+ SECStatus rv = SECFailure; >+ unsigned int uOutLen; >+ CK_AEAD_PARAMS aeadParams; >+ static const int tagSize = 16; >+ >+ param.type = siBuffer; >+ param.len = sizeof(aeadParams); >+ param.data = (unsigned char *) &aeadParams; >+ memset(&aeadParams, 0, sizeof(CK_AEAD_PARAMS)); >+ aeadParams.pIv = (unsigned char *) additionalData; >+ aeadParams.ulIvLen = 8; >+ aeadParams.pAAD = (unsigned char *) additionalData; >+ aeadParams.ulAADLen = additionalDataLen; >+ aeadParams.ulTagBits = tagSize * 8; >+ >+ if (doDecrypt) { >+ rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, >+ out, &uOutLen, maxout, in, inlen); >+ } else { >+ rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, ¶m, >+ out, &uOutLen, maxout, in, inlen); >+ } >+ *outlen = (int) uOutLen; >+ >+ return rv; >+} >+ > /* Initialize encryption and MAC contexts for pending spec. > * Master Secret already is derived. > * Caller holds Spec write lock. > */ > static SECStatus > ssl3_InitPendingContextsPKCS11(sslSocket *ss) > { > ssl3CipherSpec * pwSpec; > const ssl3BulkCipherDef *cipher_def; > PK11Context * serverContext = NULL; >@@ -1966,27 +2012,31 @@ > > pwSpec = ss->ssl3.pwSpec; > cipher_def = pwSpec->cipher_def; > macLength = pwSpec->mac_size; > calg = cipher_def->calg; > PORT_Assert(alg2Mech[calg].calg == calg); > > pwSpec->client.write_mac_context = NULL; > pwSpec->server.write_mac_context = NULL; > >- if (calg == calg_aes_gcm) { >+ if (calg == calg_aes_gcm || calg == calg_chacha20) { > pwSpec->encode = NULL; > pwSpec->decode = NULL; > pwSpec->destroy = NULL; > pwSpec->encodeContext = NULL; > pwSpec->decodeContext = NULL; >- pwSpec->aead = ssl3_AESGCM; >+ if (calg == calg_aes_gcm) { >+ pwSpec->aead = ssl3_AESGCM; >+ } else { >+ pwSpec->aead = ssl3_ChaCha20Poly1305; >+ } > return SECSuccess; > } > > /* > ** Now setup the MAC contexts, > ** crypto contexts are setup below. > */ > > mac_mech = pwSpec->mac_def->mmech; > mac_param.data = (unsigned char *)&macLength; >diff -r b008c4b827be lib/ssl/ssl3ecc.c >--- a/lib/ssl/ssl3ecc.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/ssl3ecc.c Thu Sep 19 14:30:56 2013 -0400 >@@ -891,50 +891,54 @@ > TLS_ECDH_RSA_WITH_RC4_128_SHA, > 0 /* end of list marker */ > }; > > static const ssl3CipherSuite ecdhe_ecdsa_suites[] = { > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, >+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, > TLS_ECDHE_ECDSA_WITH_NULL_SHA, > TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > 0 /* end of list marker */ > }; > > static const ssl3CipherSuite ecdhe_rsa_suites[] = { > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, >+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, > TLS_ECDHE_RSA_WITH_NULL_SHA, > TLS_ECDHE_RSA_WITH_RC4_128_SHA, > 0 /* end of list marker */ > }; > > /* List of all ECC cipher suites */ > static const ssl3CipherSuite ecSuites[] = { > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, >+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, > TLS_ECDHE_ECDSA_WITH_NULL_SHA, > TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, >+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, > TLS_ECDHE_RSA_WITH_NULL_SHA, > TLS_ECDHE_RSA_WITH_RC4_128_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_ECDSA_WITH_NULL_SHA, > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, >diff -r b008c4b827be lib/ssl/sslenum.c >--- a/lib/ssl/sslenum.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/sslenum.c Thu Sep 19 14:30:56 2013 -0400 >@@ -24,20 +24,22 @@ > * the cipherSuites table in ssl3con.c. > * > * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays > * in ssl3ecc.c. > * > * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. > */ > const PRUint16 SSL_ImplementedCiphers[] = { > /* AES-GCM */ > #ifdef NSS_ENABLE_ECC >+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, >+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > #endif /* NSS_ENABLE_ECC */ > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_RSA_WITH_AES_128_GCM_SHA256, > > /* 256-bit */ > #ifdef NSS_ENABLE_ECC > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, >diff -r b008c4b827be lib/ssl/sslimpl.h >--- a/lib/ssl/sslimpl.h Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/sslimpl.h Thu Sep 19 14:30:56 2013 -0400 >@@ -48,20 +48,21 @@ > #define calg_rc4 ssl_calg_rc4 > #define calg_rc2 ssl_calg_rc2 > #define calg_des ssl_calg_des > #define calg_3des ssl_calg_3des > #define calg_idea ssl_calg_idea > #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ > #define calg_aes ssl_calg_aes > #define calg_camellia ssl_calg_camellia > #define calg_seed ssl_calg_seed > #define calg_aes_gcm ssl_calg_aes_gcm >+#define calg_chacha20 ssl_calg_chacha20 > > #define mac_null ssl_mac_null > #define mac_md5 ssl_mac_md5 > #define mac_sha ssl_mac_sha > #define hmac_md5 ssl_hmac_md5 > #define hmac_sha ssl_hmac_sha > #define hmac_sha256 ssl_hmac_sha256 > #define mac_aead ssl_mac_aead > > #define SET_ERROR_CODE /* reminder */ >@@ -275,21 +276,21 @@ > unsigned int isPresent : 1; > #else > ssl3CipherSuite cipher_suite; > PRUint8 policy; > unsigned char enabled : 1; > unsigned char isPresent : 1; > #endif > } ssl3CipherSuiteCfg; > > #ifdef NSS_ENABLE_ECC >-#define ssl_V3_SUITES_IMPLEMENTED 61 >+#define ssl_V3_SUITES_IMPLEMENTED 63 > #else > #define ssl_V3_SUITES_IMPLEMENTED 37 > #endif /* NSS_ENABLE_ECC */ > > #define MAX_DTLS_SRTP_CIPHER_SUITES 4 > > typedef struct sslOptionsStr { > /* If SSL_SetNextProtoNego has been called, then this contains the > * list of supported protocols. */ > SECItem nextProtoNego; >@@ -449,20 +450,21 @@ > cipher_des, > cipher_3des, > cipher_des40, > cipher_idea, > cipher_aes_128, > cipher_aes_256, > cipher_camellia_128, > cipher_camellia_256, > cipher_seed, > cipher_aes_128_gcm, >+ cipher_chacha20, > cipher_missing /* reserved for no such supported cipher */ > /* This enum must match ssl3_cipherName[] in ssl3con.c. */ > } SSL3BulkCipher; > > typedef enum { type_stream, type_block, type_aead } CipherType; > > #define MAX_IV_LENGTH 24 > > /* > * Do not depend upon 64 bit arithmetic in the underlying machine. >diff -r b008c4b827be lib/ssl/sslinfo.c >--- a/lib/ssl/sslinfo.c Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/sslinfo.c Thu Sep 19 14:30:56 2013 -0400 >@@ -111,20 +111,21 @@ > #define C_SEED "SEED", calg_seed > #define C_CAMELLIA "CAMELLIA", calg_camellia > #define C_AES "AES", calg_aes > #define C_RC4 "RC4", calg_rc4 > #define C_RC2 "RC2", calg_rc2 > #define C_DES "DES", calg_des > #define C_3DES "3DES", calg_3des > #define C_NULL "NULL", calg_null > #define C_SJ "SKIPJACK", calg_sj > #define C_AESGCM "AES-GCM", calg_aes_gcm >+#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20 > > #define B_256 256, 256, 256 > #define B_128 128, 128, 128 > #define B_3DES 192, 156, 112 > #define B_SJ 96, 80, 80 > #define B_DES 64, 56, 56 > #define B_56 128, 56, 56 > #define B_40 128, 40, 40 > #define B_0 0, 0, 0 > >@@ -189,26 +190,28 @@ > {0,CS(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, }, > > {0,CS(TLS_ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, }, > {0,CS(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, > {0,CS(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, > {0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, >+{0,CS(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305),S_ECDSA,K_ECDHE,C_CHACHA20,B_256,M_AEAD_128,0, 0, 0, }, > > {0,CS(TLS_ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, > {0,CS(TLS_ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, > {0,CS(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SHA, 1, 0, 0, }, >+{0,CS(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305), S_RSA,K_ECDHE,C_CHACHA20,B_256,M_AEAD_128, 0, 0, 0, }, > > {0,CS(TLS_ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, 0, 0, 0, }, > {0,CS(TLS_ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, > {0,CS(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, 1, 0, 0, }, > {0,CS(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, > {0,CS(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, 1, 0, 0, }, > #endif /* NSS_ENABLE_ECC */ > > /* SSL 2 table */ >diff -r b008c4b827be lib/ssl/sslproto.h >--- a/lib/ssl/sslproto.h Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/sslproto.h Thu Sep 19 14:30:56 2013 -0400 >@@ -206,20 +206,23 @@ > #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA 0xC019 > > #define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 > #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 > > #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B > #define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D > #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F > #define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 > >+#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 0xCC13 >+#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0xCC14 >+ > /* Netscape "experimental" cipher suites. */ > #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA 0xffe0 > #define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA 0xffe1 > > /* New non-experimental openly spec'ed versions of those cipher suites. */ > #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff > #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe > > /* DTLS-SRTP cipher suites from RFC 5764 */ > /* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */ >diff -r b008c4b827be lib/ssl/sslt.h >--- a/lib/ssl/sslt.h Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/ssl/sslt.h Thu Sep 19 14:30:56 2013 -0400 >@@ -74,21 +74,22 @@ > ssl_calg_null = 0, > ssl_calg_rc4 = 1, > ssl_calg_rc2 = 2, > ssl_calg_des = 3, > ssl_calg_3des = 4, > ssl_calg_idea = 5, > ssl_calg_fortezza = 6, /* deprecated, now unused */ > ssl_calg_aes = 7, > ssl_calg_camellia = 8, > ssl_calg_seed = 9, >- ssl_calg_aes_gcm = 10 >+ ssl_calg_aes_gcm = 10, >+ ssl_calg_chacha20 = 11 > } SSLCipherAlgorithm; > > typedef enum { > ssl_mac_null = 0, > ssl_mac_md5 = 1, > ssl_mac_sha = 2, > ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */ > ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */ > ssl_hmac_sha256 = 5, > ssl_mac_aead = 6 >diff -r b008c4b827be lib/util/pkcs11n.h >--- a/lib/util/pkcs11n.h Thu Sep 12 19:03:30 2013 +0200 >+++ b/lib/util/pkcs11n.h Thu Sep 19 14:30:56 2013 -0400 >@@ -44,20 +44,22 @@ > * NSS-defined key types > * > */ > #define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS) > > #define CKK_NSS_PKCS8 (CKK_NSS + 1) > > #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) > #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) > >+#define CKK_NSS_CHACHA20 (CKK_NSS + 4) >+ > /* > * NSS-defined certificate types > * > */ > #define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS) > > /* FAKE PKCS #11 defines */ > #define CKA_DIGEST 0x81000000L > #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ > >@@ -207,20 +209,31 @@ > */ > #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) > #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) > > /* TLS 1.2 mechanisms */ > #define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) > #define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) > #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) > #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) > >+#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 25) >+#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 26) >+ >+typedef struct CK_AEAD_PARAMS { >+ CK_BYTE_PTR pIv; /* This is the nonce. */ >+ CK_ULONG ulIvLen; >+ CK_BYTE_PTR pAAD; >+ CK_ULONG ulAADLen; >+ CK_ULONG ulTagBits; >+} CK_AEAD_PARAMS; >+ > /* > * HISTORICAL: > * Do not attempt to use these. They are only used by NETSCAPE's internal > * PKCS #11 interface. Most of these are place holders for other mechanism > * and will change in the future. > */ > #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL > #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL > #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL > #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL >diff -r b008c4b827be tests/cipher/cipher.sh >--- a/tests/cipher/cipher.sh Thu Sep 12 19:03:30 2013 +0200 >+++ b/tests/cipher/cipher.sh Thu Sep 19 14:30:56 2013 -0400 >@@ -100,20 +100,30 @@ > if [ -n "$EXP_RET" -a "$EXP_RET" != "#" ] ; then > TESTNAME=`echo $TESTNAME | sed -e "s/_/ /g"` > echo "$SCRIPTNAME: $TESTNAME --------------------------------" > echo "pk11gcmtest aes kat gcm $GCMTESTDIR/tests/$INPUT_FILE" > ${PROFTOOL} ${BINDIR}/pk11gcmtest aes kat gcm $GCMTESTDIR/tests/$INPUT_FILE > html_msg $? $EXP_RET "$TESTNAME" > fi > done < ${GCM_TXT} > } > >+######################## cipher_chacha20_poly1305 ###################### >+# local shell function to test ChaCha20+Poly1305 >+######################################################################## >+cipher_chacha20_poly1305() >+{ >+ INPUT_FILE=ChaCha20Poly1305Encrypt.rsp >+ echo "pk11gcmtest chacha20 kat poly1305 $GCMTESTDIR/tests/$INPUT_FILE" >+ ${PROFTOOL} ${BINDIR}/pk11gcmtest chacha20 kat poly1305 $GCMTESTDIR/tests/$INPUT_FILE >+} >+ > ############################## cipher_cleanup ############################ > # local shell function to finish this script (no exit since it might be > # sourced) > ######################################################################## > cipher_cleanup() > { > html "</TABLE><BR>" > cd ${QADIR} > . common/cleanup.sh > } >@@ -124,11 +134,12 @@ > # built and the cipher suite run as part of an nss-softoken build. > if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then > echo "bltest not built, skipping this test." >> ${LOGFILE} > res = 0 > html_msg $res $EXP_RET "$TESTNAME" > return 0 > fi > cipher_init > cipher_main > cipher_gcm >+cipher_chacha20_poly1305 > cipher_cleanup
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="/https/bugzilla.mozilla.org/attachment.cgi?id=807334">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
|
Review
Attachments on
bug 917571
:
806296
|
807334
|
814476
|
820719
|
820740