GitHub/boringssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: GitHub/boringssl:2564
Branches Tags
GitHub/boringssl:master GitHub/boringssl:spm GitHub/boringssl:master-with-bazel GitHub/boringssl:infra/config GitHub/boringssl:chromium-stable-with-bazel GitHub/boringssl:main-with-bazel GitHub/boringssl:chromium-stable GitHub/boringssl:3945 GitHub/boringssl:fips-android-20191008 GitHub/boringssl:esni GitHub/boringssl:3538 GitHub/boringssl:fips-20180730 GitHub/boringssl:3359 GitHub/boringssl:3282 GitHub/boringssl:3239 GitHub/boringssl:3202 GitHub/boringssl:3112 GitHub/boringssl:3071 GitHub/boringssl:3029 GitHub/boringssl:2987 GitHub/boringssl:2924 GitHub/boringssl:2883 GitHub/boringssl:2785 GitHub/boringssl:2661 GitHub/boringssl:2704 GitHub/boringssl:2623 GitHub/boringssl:2564 GitHub/boringssl:2490 GitHub/boringssl:2357 GitHub/boringssl:2311 GitHub/boringssl:2272 GitHub/boringssl:2214
..
pull from: GitHub/boringssl:2490
Branches Tags
GitHub/boringssl:spm GitHub/boringssl:master-with-bazel GitHub/boringssl:master GitHub/boringssl:infra/config GitHub/boringssl:chromium-stable-with-bazel GitHub/boringssl:main-with-bazel GitHub/boringssl:chromium-stable GitHub/boringssl:3945 GitHub/boringssl:fips-android-20191008 GitHub/boringssl:esni GitHub/boringssl:3538 GitHub/boringssl:fips-20180730 GitHub/boringssl:3359 GitHub/boringssl:3282 GitHub/boringssl:3239 GitHub/boringssl:3202 GitHub/boringssl:3112 GitHub/boringssl:3071 GitHub/boringssl:3029 GitHub/boringssl:2987 GitHub/boringssl:2924 GitHub/boringssl:2883 GitHub/boringssl:2785 GitHub/boringssl:2661 GitHub/boringssl:2704 GitHub/boringssl:2623 GitHub/boringssl:2564 GitHub/boringssl:2490 GitHub/boringssl:2357 GitHub/boringssl:2311 GitHub/boringssl:2272 GitHub/boringssl:2214

3 Commits
2564 .. 2490

Author SHA1 Message Date
David Benjamin 8f7f3837b8 Work around even more Estonian ID card misissuances. 
Not content with signing negative RSA moduli, still other Estonian IDs have too
many leading zeros. Work around those too.

This workaround will be removed in six months.

BUG=534766

Change-Id: Ica23b1b1499f9dbe39e94cf7b540900860e8e135
Reviewed-on: https://boringssl-review.googlesource.com/5980
Reviewed-by: Adam Langley <agl@google.com>
 2015-09-25 13:23:53 -04:00
David Benjamin a7a4063c10 Update the Estonian workaround comments. 
Target date for removal of the workaround is 6 months.

BUG=532048

Change-Id: I402f75e46736936725575559cd8eb194115ab0df
Reviewed-on: https://boringssl-review.googlesource.com/5910
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from commit c71567dd50)
 2015-09-21 16:21:40 -04:00
David Benjamin 9377d95a8b Work around broken Estonian smart cards. Again. 
Estonian IDs issued between September 2014 to September 2015 are broken and use
negative moduli. They last five years and are common enough that we need to
work around this bug.

Add parallel "buggy" versions of BN_cbs2unsigned and RSA_parse_public_key which
tolerate this mistake, to align with OpenSSL's previous behavior. This code is
currently hooked up to rsa_pub_decode in RSA_ASN1_METHOD so that d2i_X509 is
tolerant. (This isn't a huge deal as the rest of that stack still uses the
legacy ASN.1 code which is overly lenient in many other ways.)

In future, when Chromium isn't using crypto/x509 and has more unified
certificate handling code, we can put client certificates under a slightly
different codepath, so this needn't hold for all certificates forever. Then in
September 2019, when the broken Estonian certificates all expire, we can purge
this codepath altogether.

BUG=532048

Change-Id: Iadb245048c71dba2eec45dd066c4a6e077140751
Reviewed-on: https://boringssl-review.googlesource.com/5894
Reviewed-by: Adam Langley <agl@google.com>
(cherry picked from commit 231cb82145)
 2015-09-21 16:21:34 -04:00
936 changed files with 12682 additions and 32986 deletions
Expand all files Collapse all files
BUILDING
+97
View File
@@ -0,0 +1,97 @@
Build Prerequisites:
* CMake[1] 2.8.8 or later is required.
* Perl 5.6.1 or later is required. On Windows, Strawberry Perl and MSYS Perl
have both been reported to work. If not found by CMake, it may be configured
explicitly by setting PERL_EXECUTABLE.
* On Windows you currently must use Ninja[2] to build; on other platforms,
it is not required, but recommended, because it makes builds faster.
* If you need to build Ninja from source, then a recent version of
Python[3] is required (Python 2.7.5 works).
* On Windows only, Yasm[4] is required. If not found by CMake, it may be
configured explicitly by setting CMAKE_ASM_NASM_COMPILER.
* A C compiler is required. On Windows, MSVC 12 (Visual Studio 2013) or later
with Platform SDK 8.1 or later are supported. Recent versions of GCC and
Clang should work on non-Windows platforms, and maybe on Windows too.
* Go[5] is required. If not found by CMake, the go executable may be
configured explicitly by setting GO_EXECUTABLE.
Using Ninja (note the 'N' is capitalized in the cmake invocation):
mkdir build
cd build
cmake -GNinja ..
ninja
Using makefiles (does not work on Windows):
mkdir build
cd build
cmake ..
make
You usually don't need to run cmake again after changing CMakeLists.txt files
because the build scripts will detect changes to them and rebuild themselves
automatically.
Note that the default build flags in the top-level CMakeLists.txt are for
debugging - optimisation isn't enabled.
If you want to cross-compile then there is an example toolchain file for
32-bit Intel in util/. Wipe out the build directory, recreate it and run cmake
like this:
cmake -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -GNinja ..
If you want to build as a shared library, pass -DBUILD_SHARED_LIBS=1. On
Windows, where functions need to be tagged with "dllimport" when coming from a
shared library, define BORINGSSL_SHARED_LIBRARY in any code which #includes the
BoringSSL headers.
Building for Android:
It's possible to build BoringSSL with the Android NDK using CMake. This has
been tested with version 10d of the NDK.
Unpack the Android NDK somewhere and export ANDROID_NDK to point to the
directory. Clone https://github.com/taka-no-me/android-cmake into util/.
Then make a build directory as above and run CMake *twice* like this:
cmake -DANDROID_NATIVE_API_LEVEL=android-9 \
-DANDROID_ABI=armeabi-v7a \
-DCMAKE_TOOLCHAIN_FILE=../util/android-cmake/android.toolchain.cmake \
-DANDROID_NATIVE_API_LEVEL=16 \
-GNinja ..
Once you've run that twice, ninja should produce Android-compatible binaries.
You can replace "armeabi-v7a" in the above with "arm64-v8a" to build aarch64
binaries.
Known Limitations on Windows:
* Versions of cmake since 3.0.2 have a bug in its Ninja generator that causes
yasm to output warnings "yasm: warning: can open only one input file, only
the last file will be processed". These warnings can be safely ignored.
The cmake bug is http://www.cmake.org/Bug/view.php?id=15253.
* cmake can generate Visual Studio projects, but the generated project files
don't have steps for assembling the assembly language source files, so they
currently cannot be used to build BoringSSL.
[1] http://www.cmake.org/download/
[2] https://martine.github.io/ninja/
[3] https://www.python.org/downloads/
[4] http://yasm.tortall.net/
[5] https://golang.org/dl/
BUILDING.md
-143
View File
@@ -1,143 +0,0 @@
# Building BoringSSL
## Build Prerequisites
* [CMake](http://www.cmake.org/download/) 2.8.8 or later is required.
* Perl 5.6.1 or later is required. On Windows,
[Strawberry Perl](http://strawberryperl.com/) and MSYS Perl have both been
reported to work. If not found by CMake, it may be configured explicitly by
setting `PERL_EXECUTABLE`.
* On Windows you currently must use [Ninja](https://martine.github.io/ninja/)
to build; on other platforms, it is not required, but recommended, because
it makes builds faster.
* If you need to build Ninja from source, then a recent version of
[Python](https://www.python.org/downloads/) is required (Python 2.7.5 works).
* On Windows only, [Yasm](http://yasm.tortall.net/) is required. If not found
by CMake, it may be configured explicitly by setting
`CMAKE_ASM_NASM_COMPILER`.
* A C compiler is required. On Windows, MSVC 12 (Visual Studio 2013) or later
with Platform SDK 8.1 or later are supported. Recent versions of GCC and
Clang should work on non-Windows platforms, and maybe on Windows too.
* [Go](https://golang.org/dl/) is required. If not found by CMake, the go
executable may be configured explicitly by setting `GO_EXECUTABLE`.
* If you change crypto/chacha/chacha\_vec.c, you will need the
arm-linux-gnueabihf-gcc compiler:
```
wget https://releases.linaro.org/14.11/components/toolchain/binaries/arm-linux-gnueabihf/gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf.tar.xz && \
echo bc4ca2ced084d2dc12424815a4442e19cb1422db87068830305d90075feb1a3b gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf.tar.xz | sha256sum -c && \
tar xf gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf.tar.xz && \
sudo mv gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf /opt/
```
## Building
Using Ninja (note the 'N' is capitalized in the cmake invocation):
mkdir build
cd build
cmake -GNinja ..
ninja
Using Make (does not work on Windows):
mkdir build
cd build
cmake ..
make
You usually don't need to run `cmake` again after changing `CMakeLists.txt`
files because the build scripts will detect changes to them and rebuild
themselves automatically.
Note that the default build flags in the top-level `CMakeLists.txt` are for
debugging—optimisation isn't enabled.
If you want to cross-compile then there is an example toolchain file for 32-bit
Intel in `util/`. Wipe out the build directory, recreate it and run `cmake` like
this:
cmake -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -GNinja ..
If you want to build as a shared library, pass `-DBUILD_SHARED_LIBS=1`. On
Windows, where functions need to be tagged with `dllimport` when coming from a
shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s
the BoringSSL headers.
In order to serve environments where code-size is important as well as those
where performance is the overriding concern, `OPENSSL_SMALL` can be defined to
remove some code that is especially large.
### Building for Android
It's possible to build BoringSSL with the Android NDK using CMake. This has
been tested with version 10d of the NDK.
Unpack the Android NDK somewhere and export `ANDROID_NDK` to point to the
directory. Clone https://github.com/taka-no-me/android-cmake into `util/`. Then
make a build directory as above and run CMake *twice* like this:
cmake -DANDROID_NATIVE_API_LEVEL=android-9 \
-DANDROID_ABI=armeabi-v7a \
-DCMAKE_TOOLCHAIN_FILE=../util/android-cmake/android.toolchain.cmake \
-DANDROID_NATIVE_API_LEVEL=16 \
-GNinja ..
Once you've run that twice, Ninja should produce Android-compatible binaries.
You can replace `armeabi-v7a` in the above with `arm64-v8a` to build aarch64
binaries.
## Known Limitations on Windows
* Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes
yasm to output warnings
yasm: warning: can open only one input file, only the last file will be processed
These warnings can be safely ignored. The cmake bug is
http://www.cmake.org/Bug/view.php?id=15253.
* CMake can generate Visual Studio projects, but the generated project files
don't have steps for assembling the assembly language source files, so they
currently cannot be used to build BoringSSL.
## Embedded ARM
ARM, unlike Intel, does not have an instruction that allows applications to
discover the capabilities of the processor. Instead, the capability information
has to be provided by the operating system somehow.
BoringSSL will try to use `getauxval` to discover the capabilities and, failing
that, will probe for NEON support by executing a NEON instruction and handling
any illegal-instruction signal. But some environments don't support that sort
of thing and, for them, it's possible to configure the CPU capabilities
at compile time.
If you define `OPENSSL_STATIC_ARMCAP` then you can define any of the following
to enabling the corresponding ARM feature.
* `OPENSSL_STATIC_ARMCAP_NEON` or `__ARM_NEON__` (note that the latter is set by compilers when NEON support is enabled).
* `OPENSSL_STATIC_ARMCAP_AES`
* `OPENSSL_STATIC_ARMCAP_SHA1`
* `OPENSSL_STATIC_ARMCAP_SHA256`
* `OPENSSL_STATIC_ARMCAP_PMULL`
Note that if a feature is enabled in this way, but not actually supported at
run-time, BoringSSL will likely crash.
# Running tests
There are two sets of tests: the C/C++ tests and the blackbox tests. For former
are built by Ninja and can be run from the top-level directory with `go run
util/all_tests.go`. The latter have to be run separately by running `go test`
from within `ssl/test/runner`.
Both sets of tests may also be run with `ninja -C build run_tests`, but CMake
3.2 or later is required to avoid Ninja's output buffering.
CMakeLists.txt
+3 -36
View File
@@ -17,14 +17,15 @@ if (NOT GO_EXECUTABLE)
endif()
if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Werror -Wsign-compare -Wmissing-field-initializers -ggdb -fvisibility=hidden")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Werror -Wsign-compare -Wmissing-field-initializers -ggdb -std=c++0x -fvisibility=hidden")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Werror -ggdb -fvisibility=hidden")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Werror -ggdb -std=c++0x -fvisibility=hidden")
elseif(MSVC)
set(MSVC_DISABLED_WARNINGS_LIST
"C4100" # 'exarg' : unreferenced formal parameter
"C4127" # conditional expression is constant
"C4200" # nonstandard extension used : zero-sized array in
# struct/union.
"C4210" # nonstandard extension used : function given file scope
"C4242" # 'function' : conversion from 'int' to 'uint8_t',
# possible loss of data
"C4244" # 'function' : conversion from 'int' to 'uint8_t',
@@ -80,17 +81,6 @@ if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.9
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11 -D_XOPEN_SOURCE=700")
endif()
if(FUZZ)
if(!CMAKE_CXX_COMPILER_ID MATCHES "Clang")
message("You need to build with Clang for fuzzing to work")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address")
link_directories(.)
endif()
add_definitions(-DBORINGSSL_IMPLEMENTATION)
if (BUILD_SHARED_LIBS)
@@ -148,31 +138,8 @@ if (OPENSSL_NO_ASM)
set(ARCH "generic")
endif()
# Declare a dummy target to build all unit tests. Test targets should inject
# themselves as dependencies next to the target definition.
add_custom_target(all_tests)
add_subdirectory(crypto)
add_subdirectory(ssl)
add_subdirectory(ssl/test)
add_subdirectory(tool)
add_subdirectory(decrepit)
if(FUZZ)
add_subdirectory(fuzz)
endif()
if (NOT ${CMAKE_VERSION} VERSION_LESS "3.2")
# USES_TERMINAL is only available in CMake 3.2 or later.
set(MAYBE_USES_TERMINAL USES_TERMINAL)
endif()
add_custom_target(
run_tests
COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir
${CMAKE_BINARY_DIR}
COMMAND cd ssl/test/runner
COMMAND ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
DEPENDS all_tests bssl_shim
${MAYBE_USES_TERMINAL})
FUZZING.md
-40
View File
@@ -1,40 +0,0 @@
# Fuzz testing
Modern fuzz testers are very effective and we wish to use them to ensure that no silly bugs creep into BoringSSL.
We primarily use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require libFuzzer at build time.
In order to build the fuzz tests you will need at least Clang 3.7. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:
```
CC=clang CXX=clang++ cmake -GNinja -DFUZZ=1 ..
```
In order for the fuzz tests to link, the linker needs to find libFuzzer. This is not commonly provided and you may need to download the [Clang source code](http://llvm.org/releases/download.html) and do the following:
```
cd llvm-3.7.0.src/lib
clang -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
ar q libFuzzer.a *.o
```
Then copy `libFuzzer.a` to the top-level of your BoringSSL source directory.
From the `build/` directory, you can then run the fuzzers. For example:
```
./fuzz/cert -max_len=4000 -jobs=32 -workers=32 ../fuzz/cert_corpus/
```
The `max_len` argument is often important because, without it, libFuzzer defaults to limiting all test cases to 64 bytes, which is often insufficient for the formats that we wish to fuzz. The arguments to `jobs` and `workers` should be the number of cores that you wish to dedicate to fuzzing.
There are directories in `fuzz/` for each of the fuzzing tests which contain seed files for fuzzing. Some of the seed files were generated manually but many of them are “interesting” results generated by the fuzzing itself. (Where “interesting” means that it triggered a previously unknown path in the code.)
Here are the recommended values of `max_len` for each test.
| Test | `max_len` value |
|-----------|-----------------|
| `privkey` | 2048 |
| `cert` | 3072 |
| `server` | 1024 |
| `client` | 4096 |
PORTING.md
-164
View File
@@ -1,164 +0,0 @@
# Porting from OpenSSL to BoringSSL
BoringSSL is an OpenSSL derivative and is mostly source-compatible, for the
subset of OpenSSL retained. Libraries ideally need little to no changes for
BoringSSL support, provided they do not use removed APIs. In general, see if the
library compiles and, on failure, consult the documentation in the header files
and see if problematic features can be removed.
In some cases, BoringSSL-specific code may be necessary. In that case, the
`OPENSSL_IS_BORINGSSL` preprocessor macro may be used in `#ifdef`s. This macro
should also be used in lieu of the presence of any particular function to detect
OpenSSL vs BoringSSL in configure scripts, etc., where those are necessary.
For convenience, BoringSSL defines upstream's `OPENSSL_NO_*` feature macros
corresponding to removed features. These may also be used to disable code which
uses a removed feature.
Note: BoringSSL does *not* have a stable API or ABI. It must be updated with its
consumers. It is not suitable for, say, a system library in a traditional Linux
distribution. For instance, Chromium statically links the specific revision of
BoringSSL it was built against. Likewise, Android's system-internal copy of
BoringSSL is not exposed by the NDK and must not be used by third-party
applications.
## Major API changes
### Integer types
Some APIs have been converted to use `size_t` for consistency and to avoid
integer overflows at the API boundary. (Existing logic uses a mismash of `int`,
`long`, and `unsigned`.) For the most part, implicit casts mean that existing
code continues to compile. In some cases, this may require BoringSSL-specific
code, particularly to avoid compiler warnings.
Most notably, the `STACK_OF(T)` types have all been converted to use `size_t`
instead of `int` for indices and lengths.
### Reference counts
Some external consumers increment reference counts directly by calling
`CRYPTO_add` with the corresponding `CRYPTO_LOCK_*` value.
These APIs no longer exist in BoringSSL. Instead, code which increments
reference counts should call the corresponding `FOO_up_ref` function, such as
`EVP_PKEY_up_ref`. Note that not all of these APIs are present in OpenSSL and
may require `#ifdef`s.
### Error codes
OpenSSL's errors are extremely specific, leaking internals of the library,
including even a function code for the function which emitted the error! As some
logic in BoringSSL has been rewritten, code which conditions on the error may
break (grep for `ERR_GET_REASON` and `ERR_GET_FUNC`). This danger also exists
when upgrading OpenSSL versions.
Where possible, avoid conditioning on the exact error reason. Otherwise, a
BoringSSL `#ifdef` may be necessary. Exactly how best to resolve this issue is
still being determined. It's possible some new APIs will be added in the future.
Function codes have been completely removed. Remove code which conditions on
these as it will break with the slightest change in the library, OpenSSL or
BoringSSL.
### `*_ctrl` functions
Some OpenSSL APIs are implemented with `ioctl`-style functions such as
`SSL_ctrl` and `EVP_PKEY_CTX_ctrl`, combined with convenience macros, such as
# define SSL_CTX_set_mode(ctx,op) \
SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
In BoringSSL, these macros have been replaced with proper functions. The
underlying `_ctrl` functions have been removed.
For convenience, `SSL_CTRL_*` values are retained as macros to `doesnt_exist` so
existing code which uses them (or the wrapper macros) in `#ifdef` expressions
will continue to function. However, the macros themselves will not work.
Switch any `*_ctrl` callers to the macro/function versions. This works in both
OpenSSL and BoringSSL. Note that BoringSSL's function versions will be
type-checked and may require more care with types.
### HMAC `EVP_PKEY`s
`EVP_PKEY_HMAC` is removed. Use the `HMAC_*` functions in `hmac.h` instead. This
is compatible with OpenSSL.
### DSA `EVP_PKEY`s
`EVP_PKEY_DSA` is deprecated. It is currently still possible to parse DER into a
DSA `EVP_PKEY`, but signing or verifying with those objects will not work.
### DES
The `DES_cblock` type has been switched from an array to a struct to avoid the
pitfalls around array types in C. Where features which require DES cannot be
disabled, BoringSSL-specific codepaths may be necessary.
### TLS renegotiation
OpenSSL enables TLS renegotiation by default and accepts renegotiation requests
from the peer transparently. Renegotiation is an extremely problematic protocol
feature, so BoringSSL rejects peer renegotiations by default.
To enable renegotiation, call `SSL_set_renegotiate_mode` and set it to
`ssl_renegotiate_once` or `ssl_renegotiate_freely`. Renegotiation is only
supported as a client in SSL3/TLS and the HelloRequest must be received at a
quiet point in the application protocol. This is sufficient to support the
common use of requesting a new client certificate between an HTTP request and
response in (unpipelined) HTTP/1.1.
Things which do not work:
* There is no support for renegotiation as a server.
* There is no support for renegotiation in DTLS.
* There is no support for initiating renegotiation; `SSL_renegotiate` always
fails and `SSL_set_state` does nothing.
* Interleaving application data with the new handshake is forbidden.
* If a HelloRequest is received while `SSL_write` has unsent application data,
the renegotiation is rejected.
### Lowercase hexadecimal
BoringSSL's `BN_bn2hex` function uses lowercase hexadecimal digits instead of
uppercase. Some code may require changes to avoid being sensitive to this
difference.
## Optional BoringSSL-specific simplifications
BoringSSL makes some changes to OpenSSL which simplify the API but remain
compatible with OpenSSL consumers. In general, consult the BoringSSL
documentation for any functions in new BoringSSL-only code.
### Return values
Most OpenSSL APIs return 1 on success and either 0 or -1 on failure. BoringSSL
has narrowed most of these to 1 on success and 0 on failure. BoringSSL-specific
code may take advantage of the less error-prone APIs and use `!` to check for
errors.
### Initialization
OpenSSL has a number of different initialization functions for setting up error
strings and loading algorithms, etc. All of these functions still exist in
BoringSSL for convenience, but they do nothing and are not necessary.
The one exception is `CRYPTO_library_init`. In `BORINGSSL_NO_STATIC_INITIALIZER`
builds, it must be called to query CPU capabitilies before the rest of the
library. In the default configuration, this is done with a static initializer
and is also unnecessary.
### Threading
OpenSSL provides a number of APIs to configure threading callbacks and set up
locks. Without initializing these, the library is not thread-safe. Configuring
these does nothing in BoringSSL. Instead, BoringSSL calls pthreads and the
corresponding Windows APIs internally and is always thread-safe where the API
guarantees it.
README.md
-30
View File
@@ -1,30 +0,0 @@
# BoringSSL
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general
use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
so is likely to be frustrating because there are no guarantees of API or ABI
stability.
Programs ship their own copies of BoringSSL when they use it and we update
everything as needed when deciding to make API changes. This allows us to
mostly avoid compromises in the name of compatibility. It works for us, but it
may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and,
over time, built up a large number of patches that were maintained while
tracking upstream OpenSSL. As Google's product portfolio became more complex,
more copies of OpenSSL sprung up and the effort involved in maintaining all
these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's
not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful:
* [PORTING.md](/PORTING.md): how to port OpenSSL-using code to BoringSSL.
* [BUILDING.md](/BUILDING.md): how to build BoringSSL
* [STYLE.md](/STYLE.md): rules and guidelines for coding style.
* include/openssl: public headers with API documentation in comments. Also [available online](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
* [FUZZING.md](/FUZZING.md): information about fuzzing BoringSSL.
STYLE
+198
View File
@@ -0,0 +1,198 @@
BoringSSL Style Guide.
BoringSSL usually follows the Google C++ style guide, found below. The
rest of this document describes differences and clarifications on top
of the base guide.
https://google-styleguide.googlecode.com/svn/trunk/cppguide.html
Legacy code.
As a derivative of OpenSSL, BoringSSL contains a lot of legacy code
that does not follow this style guide. Particularly where public API
is concerned, balance consistency within a module with the benefits of
a given rule. Module-wide deviations on naming should be respected
while integer and return value conventions take precedence over
consistency.
Some modules have seen few changes, so they still retain the original
indentation style for now. When editing these, try to retain the
original style. For Emacs, doc/c-indentation.el from OpenSSL may be
helpful in this.
Language.
The majority of the project is in C, so C++-specific rules in the
Google style guide do not apply. Support for C99 features depends on
our target platforms. Typically, Chromium's target MSVC is the most
restrictive.
Variable declarations in the middle of a function are allowed.
Comments should be /* C-style */ for consistency.
When declaration pointer types, * should be placed next to the variable
name, not the type. So
uint8_t *ptr;
not
uint8_t* ptr;
Rather than malloc() and free(), use the wrappers OPENSSL_malloc() and
OPENSSL_free(). Use the standard C assert() function freely.
For new constants, prefer enums when the values are sequential and typed
constants for flags. If adding values to an existing set of #defines, continue
with #define.
Formatting.
Single-statement blocks are not allowed. All conditions and loops must
use braces:
if (foo) {
do_something();
}
not
if (foo)
do_something();
Integers.
Prefer using explicitly-sized integers where appropriate rather than
generic C ones. For instance, to represent a byte, use uint8_t, not
unsigned char. Likewise, represent a two-byte field as uint16_t, not
unsigned short.
Sizes are represented as size_t.
Within a struct that is retained across the lifetime of an SSL
connection, if bounds of a size are known and it's easy, use a smaller
integer type like uint8_t. This is a "free" connection footprint
optimization for servers. Don't make code significantly more complex
for it, and do still check the bounds when passing in and out of the
struct. This narrowing should not propagate to local variables and
function parameters.
When doing arithmetic, account for overflow conditions.
Except with platform APIs, do not use ssize_t. MSVC lacks it, and
prefer out-of-band error signaling for size_t (see Return values).
Naming.
Follow Google naming conventions in C++ files. In C files, use the
following naming conventions for consistency with existing OpenSSL and C
styles:
Define structs with typedef named TYPE_NAME. The corresponding struct
should be named struct type_name_st.
Name public functions as MODULE_function_name, unless the module
already uses a different naming scheme for legacy reasons. The module
name should be a type name if the function is a method of a particular
type.
Some types are allocated within the library while others are
initialized into a struct allocated by the caller, often on the
stack. Name these functions TYPE_NAME_new/TYPE_NAME_free and
TYPE_NAME_init/TYPE_NAME_cleanup, respectively. All TYPE_NAME_free
functions must do nothing on NULL input.
If a variable is the length of a pointer value, it has the suffix
_len. An output parameter is named out or has an out_ prefix. For
instance, For instance:
uint8_t *out,
size_t *out_len,
const uint8_t *in,
size_t in_len,
Name public headers like include/openssl/evp.h with header guards like
OPENSSL_HEADER_EVP_H. Name internal headers like crypto/ec/internal.h
with header guards like OPENSSL_HEADER_EC_INTERNAL_H.
Name enums like unix_hacker_t. For instance:
enum should_free_handshake_buffer_t {
free_handshake_buffer,
dont_free_handshake_buffer,
};
Return values.
As even malloc may fail in BoringSSL, the vast majority of functions
will have a failure case. Functions should return int with one on
success and zero on error. Do not overload the return value to both
signal success/failure and output an integer. For example:
OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out);
If a function needs more than a true/false result code, define an enum
rather than arbitrarily assigning meaning to int values.
If a function outputs a pointer to an object on success and there are no
other outputs, return the pointer directly and NULL on error.
Parameters.
Where not constrained by legacy code, parameter order should be:
1. context parameters
2. output parameters
3. input parameters
For example,
/* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
* ASN.1 object can be written. The |tag| argument will be used as the tag for
* the object. It returns one on success or zero on error. */
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag);
Documentation.
All public symbols must have a documentation comment in their header
file. The style is based on that of Go. The first sentence begins with
the symbol name, optionally prefixed with "A" or "An". Apart from the
initial mention of symbol, references to other symbols or parameter
names should be surrounded by |pipes|.
Documentation should be concise but completely describe the exposed
behavior of the function. Pay special note to success/failure behaviors
and caller obligations on object lifetimes. If this sacrifices
conciseness, consider simplifying the function's behavior.
/* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which
* will be verified by |EVP_DigestVerifyFinal|. It returns one on success and
* zero otherwise. */
OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data,
size_t len);
Explicitly mention any surprising edge cases or deviations from common
return value patterns in legacy functions.
/* RSA_private_encrypt encrypts |flen| bytes from |from| with the private key in
* |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
* least |RSA_size| bytes of space. It returns the number of bytes written, or
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
* values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. Use |RSA_sign_raw| instead. */
OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
Document private functions in their internal.h header or, if static,
where defined.
STYLE.md
-197
View File
@@ -1,197 +0,0 @@
# BoringSSL Style Guide
BoringSSL usually follows the
[Google C++ style guide](https://google.github.io/styleguide/cppguide.html),
The rest of this document describes differences and clarifications on
top of the base guide.
## Legacy code
As a derivative of OpenSSL, BoringSSL contains a lot of legacy code that
does not follow this style guide. Particularly where public API is
concerned, balance consistency within a module with the benefits of a
given rule. Module-wide deviations on naming should be respected while
integer and return value conventions take precedence over consistency.
Some modules have seen few changes, so they still retain the original
indentation style for now. When editing these, try to retain the
original style. For Emacs, `doc/c-indentation.el` from OpenSSL may be
helpful in this.
## Language
The majority of the project is in C, so C++-specific rules in the
Google style guide do not apply. Support for C99 features depends on
our target platforms. Typically, Chromium's target MSVC is the most
restrictive.
Variable declarations in the middle of a function are allowed.
Comments should be `/* C-style */` for consistency.
When declaration pointer types, `*` should be placed next to the variable
name, not the type. So
uint8_t *ptr;
not
uint8_t* ptr;
Rather than `malloc()` and `free()`, use the wrappers `OPENSSL_malloc()`
and `OPENSSL_free()`. Use the standard C `assert()` function freely.
For new constants, prefer enums when the values are sequential and typed
constants for flags. If adding values to an existing set of `#define`s,
continue with `#define`.
## Formatting
Single-statement blocks are not allowed. All conditions and loops must
use braces:
if (foo) {
do_something();
}
not
if (foo)
do_something();
## Integers
Prefer using explicitly-sized integers where appropriate rather than
generic C ones. For instance, to represent a byte, use `uint8_t`, not
`unsigned char`. Likewise, represent a two-byte field as `uint16_t`, not
`unsigned short`.
Sizes are represented as `size_t`.
Within a struct that is retained across the lifetime of an SSL
connection, if bounds of a size are known and it's easy, use a smaller
integer type like `uint8_t`. This is a "free" connection footprint
optimization for servers. Don't make code significantly more complex for
it, and do still check the bounds when passing in and out of the
struct. This narrowing should not propagate to local variables and
function parameters.
When doing arithmetic, account for overflow conditions.
Except with platform APIs, do not use `ssize_t`. MSVC lacks it, and
prefer out-of-band error signaling for `size_t` (see Return values).
## Naming
Follow Google naming conventions in C++ files. In C files, use the
following naming conventions for consistency with existing OpenSSL and C
styles:
Define structs with typedef named `TYPE_NAME`. The corresponding struct
should be named `struct type_name_st`.
Name public functions as `MODULE_function_name`, unless the module
already uses a different naming scheme for legacy reasons. The module
name should be a type name if the function is a method of a particular
type.
Some types are allocated within the library while others are initialized
into a struct allocated by the caller, often on the stack. Name these
functions `TYPE_NAME_new`/`TYPE_NAME_free` and
`TYPE_NAME_init`/`TYPE_NAME_cleanup`, respectively. All `TYPE_NAME_free`
functions must do nothing on `NULL` input.
If a variable is the length of a pointer value, it has the suffix
`_len`. An output parameter is named `out` or has an `out_` prefix. For
instance, For instance:
uint8_t *out,
size_t *out_len,
const uint8_t *in,
size_t in_len,
Name public headers like `include/openssl/evp.h` with header guards like
`OPENSSL_HEADER_EVP_H`. Name internal headers like
`crypto/ec/internal.h` with header guards like
`OPENSSL_HEADER_EC_INTERNAL_H`.
Name enums like `enum unix_hacker_t`. For instance:
enum should_free_handshake_buffer_t {
free_handshake_buffer,
dont_free_handshake_buffer,
};
## Return values
As even `malloc` may fail in BoringSSL, the vast majority of functions
will have a failure case. Functions should return `int` with one on
success and zero on error. Do not overload the return value to both
signal success/failure and output an integer. For example:
OPENSSL_EXPORT int CBS_get_u16(CBS *cbs, uint16_t *out);
If a function needs more than a true/false result code, define an enum
rather than arbitrarily assigning meaning to int values.
If a function outputs a pointer to an object on success and there are no
other outputs, return the pointer directly and `NULL` on error.
## Parameters
Where not constrained by legacy code, parameter order should be:
1. context parameters
2. output parameters
3. input parameters
For example,
/* CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
* ASN.1 object can be written. The |tag| argument will be used as the tag for
* the object. It returns one on success or zero on error. */
OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag);
## Documentation
All public symbols must have a documentation comment in their header
file. The style is based on that of Go. The first sentence begins with
the symbol name, optionally prefixed with "A" or "An". Apart from the
initial mention of symbol, references to other symbols or parameter
names should be surrounded by |pipes|.
Documentation should be concise but completely describe the exposed
behavior of the function. Pay special note to success/failure behaviors
and caller obligations on object lifetimes. If this sacrifices
conciseness, consider simplifying the function's behavior.
/* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which
* will be verified by |EVP_DigestVerifyFinal|. It returns one on success and
* zero otherwise. */
OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data,
size_t len);
Explicitly mention any surprising edge cases or deviations from common
return value patterns in legacy functions.
/* RSA_private_encrypt encrypts |flen| bytes from |from| with the private key in
* |rsa| and writes the encrypted data to |to|. The |to| buffer must have at
* least |RSA_size| bytes of space. It returns the number of bytes written, or
* -1 on error. The |padding| argument must be one of the |RSA_*_PADDING|
* values. If in doubt, |RSA_PKCS1_PADDING| is the most common.
*
* WARNING: this function is dangerous because it breaks the usual return value
* convention. Use |RSA_sign_raw| instead. */
OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
Document private functions in their `internal.h` header or, if static,
where defined.
crypto/CMakeLists.txt
+1 -4
View File
@@ -1,4 +1,4 @@
include_directories(../include)
include_directories(. ../include)
if(APPLE)
if (${ARCH} STREQUAL "x86")
@@ -210,7 +210,6 @@ add_executable(
)
target_link_libraries(constant_time_test crypto)
add_dependencies(all_tests constant_time_test)
add_executable(
thread_test
@@ -221,7 +220,6 @@ add_executable(
)
target_link_libraries(thread_test crypto)
add_dependencies(all_tests thread_test)
add_executable(
refcount_test
@@ -230,4 +228,3 @@ add_executable(
)
target_link_libraries(refcount_test crypto)
add_dependencies(all_tests refcount_test)
crypto/aes/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
if (${ARCH} STREQUAL "x86_64")
set(
@@ -69,4 +69,3 @@ add_executable(
)
target_link_libraries(aes_test crypto)
add_dependencies(all_tests aes_test)
crypto/aes/aes.c
+4 -61
View File
@@ -49,9 +49,6 @@
#include <openssl/aes.h>
#include <assert.h>
#include <stdlib.h>
#include <openssl/cpu.h>
#include "internal.h"
@@ -1060,44 +1057,6 @@ void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
#else
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
static int hwaes_capable(void) {
return CRYPTO_is_ARMv8_AES_capable();
}
int aes_v8_set_encrypt_key(const uint8_t *user_key, const int bits,
AES_KEY *key);
int aes_v8_set_decrypt_key(const uint8_t *user_key, const int bits,
AES_KEY *key);
void aes_v8_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
void aes_v8_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
#else
static int hwaes_capable(void) {
return 0;
}
static int aes_v8_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
abort();
}
static int aes_v8_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
abort();
}
static void aes_v8_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
static void aes_v8_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
#endif
/* In this case several functions are provided by asm code. However, one cannot
* control asm symbol visibility with command line flags and such so they are
* always hidden and wrapped by these C functions, which can be so
@@ -1105,38 +1064,22 @@ static void aes_v8_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key)
void asm_AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
if (hwaes_capable()) {
aes_v8_encrypt(in, out, key);
} else {
asm_AES_encrypt(in, out, key);
}
asm_AES_encrypt(in, out, key);
}
void asm_AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
if (hwaes_capable()) {
aes_v8_decrypt(in, out, key);
} else {
asm_AES_decrypt(in, out, key);
}
asm_AES_decrypt(in, out, key);
}
int asm_AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey);
int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
if (hwaes_capable()) {
return aes_v8_set_encrypt_key(key, bits, aeskey);
} else {
return asm_AES_set_encrypt_key(key, bits, aeskey);
}
return asm_AES_set_encrypt_key(key, bits, aeskey);
}
int asm_AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey);
int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
if (hwaes_capable()) {
return aes_v8_set_decrypt_key(key, bits, aeskey);
} else {
return asm_AES_set_decrypt_key(key, bits, aeskey);
}
return asm_AES_set_decrypt_key(key, bits, aeskey);
}
#endif /* OPENSSL_NO_ASM || (!OPENSSL_X86 && !OPENSSL_X86_64 && !OPENSSL_ARM) */
crypto/aes/asm/aes-armv4.pl
+1 -1
View File
@@ -65,7 +65,7 @@ $rounds="r12";
$code=<<___;
#if defined(__arm__)
#ifndef __KERNEL__
# include <openssl/arm_arch.h>
# include "arm_arch.h"
#else
# define __ARM_ARCH__ __LINUX_ARM_ARCH__
#endif
crypto/aes/asm/aesni-x86.pl
+1 -1
View File
@@ -88,7 +88,7 @@ $inout3="xmm5"; $in1="xmm5";
$inout4="xmm6"; $in0="xmm6";
$inout5="xmm7"; $ivec="xmm7";
# AESNI extension
# AESNI extenstion
sub aeskeygenassist
{ my($dst,$src,$imm)=@_;
if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
crypto/aes/asm/aesv8-armx.pl
+1 -1
View File
@@ -45,7 +45,7 @@ open OUT,"| \"$^X\" $xlate $flavour $output";
$prefix="aes_v8";
$code=<<___;
#include <openssl/arm_arch.h>
#include "arm_arch.h"
#if __ARM_MAX_ARCH__>=7
.text
crypto/aes/asm/bsaes-armv7.pl
+3 -1
View File
@@ -701,8 +701,9 @@ ___
}
$code.=<<___;
#if defined(__arm__)
#ifndef __KERNEL__
# include <openssl/arm_arch.h>
# include "arm_arch.h"
# define VFP_ABI_PUSH vstmdb sp!,{d8-d15}
# define VFP_ABI_POP vldmia sp!,{d8-d15}
@@ -2496,6 +2497,7 @@ ___
}
$code.=<<___;
#endif
#endif
___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
crypto/aes/mode_wrappers.c
+2 -2
View File
@@ -48,9 +48,9 @@
#include <openssl/aes.h>
#include <assert.h>
#include "assert.h"
#include "../modes/internal.h"
#include <openssl/modes.h>
void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
include/openssl/arm_arch.h → crypto/arm_arch.h
+10 -1
View File
@@ -102,6 +102,15 @@
* will be included. */
#define __ARM_MAX_ARCH__ 8
#if !__ASSEMBLER__
/* OPENSSL_armcap_P contains flags describing the capabilities of the CPU and
* is easy for assembly code to acesss. For C code, see the functions in
* |cpu.h|. */
extern uint32_t OPENSSL_armcap_P;
#endif /* !__ASSEMBLER__ */
/* ARMV7_NEON is true when a NEON unit is present in the current CPU. */
#define ARMV7_NEON (1 << 0)
@@ -124,4 +133,4 @@
#define ARMV8_PMULL (1 << 5)
#endif /* OPENSSL_HEADER_ARM_ARCH_H */
#endif /* OPENSSL_HEADER_THREAD_H */
crypto/asn1/CMakeLists.txt
+1 -1
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
asn1
crypto/asn1/a_i2d_fp.c
+1 -1
View File
@@ -76,7 +76,7 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
return(ret);
}
int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, void *x)
int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
{
char *b;
unsigned char *p;
crypto/asn1/tasn_dec.c
+2 -2
View File
@@ -359,9 +359,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
}
asn1_set_choice_selector(pval, i, it);
*in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
*in = p;
return 1;
case ASN1_ITYPE_NDEF_SEQUENCE:
@@ -515,9 +515,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/* Save encoding */
if (!asn1_enc_save(pval, *in, p - *in, it))
goto auxerr;
*in = p;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
goto auxerr;
*in = p;
return 1;
default:
crypto/asn1/x_bignum.c
+1 -2
View File
@@ -80,8 +80,7 @@ static const ASN1_PRIMITIVE_FUNCS bignum_pf = {
bn_free,
0,
bn_c2i,
bn_i2c,
NULL /* prim_print */,
bn_i2c
};
ASN1_ITEM_start(BIGNUM)
crypto/base64/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
base64
@@ -17,4 +17,3 @@ add_executable(
)
target_link_libraries(base64_test crypto)
add_dependencies(all_tests base64_test)
crypto/bio/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
bio
@@ -30,4 +30,3 @@ target_link_libraries(bio_test crypto)
if (WIN32)
target_link_libraries(bio_test ws2_32)
endif()
add_dependencies(all_tests bio_test)
crypto/bio/bio.c
+4 -6
View File
@@ -529,7 +529,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
uint8_t header[6];
static const size_t kInitialHeaderLen = 2;
if (BIO_read(bio, header, kInitialHeaderLen) != (int) kInitialHeaderLen) {
if (BIO_read(bio, header, kInitialHeaderLen) != kInitialHeaderLen) {
return 0;
}
@@ -559,8 +559,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
return 0;
}
if (BIO_read(bio, header + kInitialHeaderLen, num_bytes) !=
(int)num_bytes) {
if (BIO_read(bio, header + kInitialHeaderLen, num_bytes) != num_bytes) {
return 0;
}
header_len = kInitialHeaderLen + num_bytes;
@@ -586,8 +585,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
}
if (len + header_len < len ||
len + header_len > max_len ||
len > INT_MAX) {
len + header_len > max_len) {
return 0;
}
len += header_len;
@@ -599,7 +597,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
}
memcpy(*out, header, header_len);
if (BIO_read(bio, (*out) + header_len, len - header_len) !=
(int) (len - header_len)) {
len - header_len) {
OPENSSL_free(*out);
return 0;
}
crypto/bio/bio_mem.c
+1 -1
View File
@@ -176,7 +176,7 @@ static int mem_write(BIO *bio, const char *in, int inl) {
if (INT_MAX - blen < inl) {
goto err;
}
if (BUF_MEM_grow_clean(b, blen + inl) != ((size_t) blen) + inl) {
if (BUF_MEM_grow_clean(b, blen + inl) != (blen + inl)) {
goto err;
}
memcpy(&b->data[blen], in, inl);
crypto/bio/connect.c
+64 -70
View File
@@ -93,6 +93,7 @@ typedef struct bio_connect_st {
char *param_port;
int nbio;
uint8_t ip[4];
unsigned short port;
struct sockaddr_storage them;
@@ -113,59 +114,23 @@ static int closesocket(int sock) {
}
#endif
/* split_host_and_port sets |*out_host| and |*out_port| to the host and port
* parsed from |name|. It returns one on success or zero on error. Even when
* successful, |*out_port| may be NULL on return if no port was specified. */
static int split_host_and_port(char **out_host, char **out_port, const char *name) {
const char *host, *port = NULL;
size_t host_len = 0;
/* maybe_copy_ipv4_address sets |*ipv4| to the IPv4 address from |ss| (in
* big-endian order), if |ss| contains an IPv4 socket address. */
static void maybe_copy_ipv4_address(uint8_t *ipv4,
const struct sockaddr_storage *ss) {
const struct sockaddr_in *sin;
*out_host = NULL;
*out_port = NULL;
if (name[0] == '[') { /* bracketed IPv6 address */
const char *close = strchr(name, ']');
if (close == NULL) {
return 0;
}
host = name + 1;
host_len = close - host;
if (close[1] == ':') { /* [IP]:port */
port = close + 2;
} else if (close[1] != 0) {
return 0;
}
} else {
const char *colon = strchr(name, ':');
if (colon == NULL || strchr(colon + 1, ':') != NULL) { /* IPv6 address */
host = name;
host_len = strlen(name);
} else { /* host:port */
host = name;
host_len = colon - name;
port = colon + 1;
}
if (ss->ss_family != AF_INET) {
return;
}
*out_host = BUF_strndup(host, host_len);
if (*out_host == NULL) {
return 0;
}
if (port == NULL) {
*out_port = NULL;
return 1;
}
*out_port = OPENSSL_strdup(port);
if (*out_port == NULL) {
OPENSSL_free(*out_host);
*out_host = NULL;
return 0;
}
return 1;
sin = (const struct sockaddr_in*) ss;
memcpy(ipv4, &sin->sin_addr, 4);
}
static int conn_state(BIO *bio, BIO_CONNECT *c) {
int ret = -1, i;
char *p, *q;
int (*cb)(const BIO *, int, int) = NULL;
if (c->info_callback != NULL) {
@@ -175,30 +140,36 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
for (;;) {
switch (c->state) {
case BIO_CONN_S_BEFORE:
/* If there's a hostname and a port, assume that both are
* exactly what they say. If there is only a hostname, try
* (just once) to split it into a hostname and port. */
if (c->param_hostname == NULL) {
p = c->param_hostname;
if (p == NULL) {
OPENSSL_PUT_ERROR(BIO, BIO_R_NO_HOSTNAME_SPECIFIED);
goto exit_loop;
}
for (; *p != 0; p++) {
if (*p == ':' || *p == '/') {
break;
}
}
i = *p;
if (i == ':' || i == '/') {
*(p++) = 0;
if (i == ':') {
for (q = p; *q; q++) {
if (*q == '/') {
*q = 0;
break;
}
}
OPENSSL_free(c->param_port);
c->param_port = BUF_strdup(p);
}
}
if (c->param_port == NULL) {
char *host, *port;
if (!split_host_and_port(&host, &port, c->param_hostname) ||
port == NULL) {
OPENSSL_free(host);
OPENSSL_free(port);
OPENSSL_PUT_ERROR(BIO, BIO_R_NO_PORT_SPECIFIED);
ERR_add_error_data(2, "host=", c->param_hostname);
goto exit_loop;
}
OPENSSL_free(c->param_port);
c->param_port = port;
OPENSSL_free(c->param_hostname);
c->param_hostname = host;
OPENSSL_PUT_ERROR(BIO, BIO_R_NO_PORT_SPECIFIED);
ERR_add_error_data(2, "host=", c->param_hostname);
goto exit_loop;
}
if (!bio_ip_and_port_to_socket_and_addr(
@@ -209,6 +180,9 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
goto exit_loop;
}
memset(c->ip, 0, 4);
maybe_copy_ipv4_address(c->ip, &c->them);
if (c->nbio) {
if (!bio_socket_nbio(bio->num, 1)) {
OPENSSL_PUT_ERROR(BIO, BIO_R_ERROR_SETTING_NBIO);
@@ -222,7 +196,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
ret = setsockopt(bio->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i,
sizeof(i));
if (ret < 0) {
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(setsockopt);
OPENSSL_PUT_ERROR(BIO, BIO_R_KEEPALIVE);
ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port);
goto exit_loop;
@@ -236,7 +210,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
c->state = BIO_CONN_S_BLOCKED_CONNECT;
bio->retry_reason = BIO_RR_CONNECT;
} else {
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(connect);
OPENSSL_PUT_ERROR(BIO, BIO_R_CONNECT_ERROR);
ERR_add_error_data(4, "host=", c->param_hostname, ":",
c->param_port);
@@ -257,7 +231,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
ret = -1;
} else {
BIO_clear_retry_flags(bio);
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(connect);
OPENSSL_PUT_ERROR(BIO, BIO_R_NBIO_CONNECT_ERROR);
ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port);
ret = 0;
@@ -402,6 +376,7 @@ static int conn_write(BIO *bio, const char *in, int in_len) {
static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) {
int *ip;
const char **pptr;
long ret = 1;
BIO_CONNECT *data;
@@ -422,6 +397,25 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) {
ret = 1;
}
break;
case BIO_C_GET_CONNECT:
/* TODO(fork): can this be removed? (Or maybe this whole file). */
if (ptr != NULL) {
pptr = (const char **)ptr;
if (num == 0) {
*pptr = data->param_hostname;
} else if (num == 1) {
*pptr = data->param_port;
} else if (num == 2) {
*pptr = (char *) &data->ip[0];
} else if (num == 3) {
*((int *)ptr) = data->port;
}
if (!bio->init) {
*pptr = "not initialized";
}
ret = 1;
}
break;
case BIO_C_SET_CONNECT:
if (ptr != NULL) {
bio->init = 1;
@@ -451,9 +445,9 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) {
if (ip != NULL) {
*ip = bio->num;
}
ret = bio->num;
ret = 1;
} else {
ret = -1;
ret = 0;
}
break;
case BIO_CTRL_GET_CLOSE:
crypto/bio/fd.c
+2 -2
View File
@@ -208,9 +208,9 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) {
if (ip != NULL) {
*ip = b->num;
}
return b->num;
return 1;
} else {
ret = -1;
ret = 0;
}
break;
case BIO_CTRL_GET_CLOSE:
crypto/bio/file.c
+8 -7
View File
@@ -129,7 +129,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) {
file = open_file(filename, mode);
if (file == NULL) {
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(fopen);
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
if (errno == ENOENT) {
@@ -182,19 +182,20 @@ static int file_free(BIO *bio) {
}
static int file_read(BIO *b, char *out, int outl) {
int ret = 0;
if (!b->init) {
return 0;
}
size_t ret = fread(out, 1, outl, (FILE *)b->ptr);
ret = fread(out, 1, outl, (FILE *)b->ptr);
if (ret == 0 && ferror((FILE *)b->ptr)) {
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(fread);
OPENSSL_PUT_ERROR(BIO, ERR_R_SYS_LIB);
return -1;
ret = -1;
}
/* fread reads at most |outl| bytes, so |ret| fits in an int. */
return (int)ret;
return ret;
}
static int file_write(BIO *b, const char *in, int inl) {
@@ -258,7 +259,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
}
fp = open_file(ptr, p);
if (fp == NULL) {
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(fopen);
ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
OPENSSL_PUT_ERROR(BIO, ERR_R_SYS_LIB);
ret = 0;
crypto/bio/pair.c
+1 -1
View File
@@ -256,8 +256,8 @@ int BIO_zero_copy_get_read_buf_done(BIO* bio, size_t bytes_read) {
return 0;
}
assert(peer_b->len >= bytes_read);
peer_b->len -= bytes_read;
assert(peer_b->len >= 0);
assert(peer_b->offset + bytes_read <= peer_b->size);
/* Move read offset. If zero_copy_write_lock == 1 we must advance the
crypto/bio/printf.c
+1 -5
View File
@@ -87,11 +87,7 @@ int BIO_printf(BIO *bio, const char *format, ...) {
}
#endif
if (out_len < 0) {
return -1;
}
if ((size_t) out_len >= sizeof(buf)) {
if (out_len >= sizeof(buf)) {
const int requested_len = out_len;
/* The output was truncated. Note that vsnprintf's return value
* does not include a trailing NUL, but the buffer must be sized
crypto/bio/socket_helper.c
+2 -2
View File
@@ -59,7 +59,7 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock,
ret = 0;
for (cur = result; cur; cur = cur->ai_next) {
if ((size_t) cur->ai_addrlen > sizeof(struct sockaddr_storage)) {
if (cur->ai_addrlen > sizeof(struct sockaddr_storage)) {
continue;
}
memset(out_addr, 0, sizeof(struct sockaddr_storage));
@@ -68,7 +68,7 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock,
*out_sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);
if (*out_sock < 0) {
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_SYSTEM_ERROR(socket);
goto out;
}
crypto/bn/CMakeLists.txt
+1 -11
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
if (${ARCH} STREQUAL "x86_64")
set(
@@ -31,14 +31,6 @@ if (${ARCH} STREQUAL "arm")
)
endif()
if (${ARCH} STREQUAL "aarch64")
set(
BN_ARCH_SOURCES
armv8-mont.${ASM_EXT}
)
endif()
add_library(
bn
@@ -74,7 +66,6 @@ perlasm(bn-586.${ASM_EXT} asm/bn-586.pl)
perlasm(co-586.${ASM_EXT} asm/co-586.pl)
perlasm(x86-mont.${ASM_EXT} asm/x86-mont.pl)
perlasm(armv4-mont.${ASM_EXT} asm/armv4-mont.pl)
perlasm(armv8-mont.${ASM_EXT} asm/armv8-mont.pl)
add_executable(
bn_test
@@ -85,4 +76,3 @@ add_executable(
)
target_link_libraries(bn_test crypto)
add_dependencies(all_tests bn_test)
crypto/bn/asm/armv4-mont.pl
+1 -1
View File
@@ -79,7 +79,7 @@ $_n0="$num,#14*4";
$_num="$num,#15*4"; $_bpend=$_num;
$code=<<___;
#include <openssl/arm_arch.h>
#include "arm_arch.h"
.text
.code 32
crypto/bn/asm/armv8-mont.pl
-1503
View File
File diff suppressed because it is too large Load Diff
crypto/bn/asm/rsaz-avx2.pl
+23 -7
View File
@@ -79,13 +79,29 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
# In upstream, this is controlled by shelling out to the compiler to check
# versions, but BoringSSL is intended to be used with pre-generated perlasm
# output, so this isn't useful anyway.
#
# TODO(davidben): Enable these after testing. $avx goes up to 2 and $addx to 1.
$avx = 0;
$addx = 0;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avx = ($1>=2.19) + ($1>=2.22);
$addx = ($1>=2.23);
}
if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
$avx = ($1>=2.09) + ($1>=2.10);
$addx = ($1>=2.10);
}
if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./) {
$avx = ($1>=10) + ($1>=11);
$addx = ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);
}
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT = *OUT;
crypto/bn/asm/rsaz-x86_64.pl
+19 -6
View File
@@ -98,12 +98,25 @@ die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
# In upstream, this is controlled by shelling out to the compiler to check
# versions, but BoringSSL is intended to be used with pre-generated perlasm
# output, so this isn't useful anyway.
#
# TODO(davidben): Enable this after testing. $addx goes up to 1.
$addx = 0;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$addx = ($1>=2.23);
}
if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
$addx = ($1>=2.10);
}
if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./) {
$addx = ($1>=12);
}
if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$addx = ($ver>=3.03);
}
($out, $inp, $mod) = ("%rdi", "%rsi", "%rbp"); # common internal API
{
crypto/bn/asm/x86_64-mont.pl
+14 -6
View File
@@ -53,12 +53,20 @@ die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
# In upstream, this is controlled by shelling out to the compiler to check
# versions, but BoringSSL is intended to be used with pre-generated perlasm
# output, so this isn't useful anyway.
#
# TODO(davidben): Enable this option after testing. $addx goes up to 1.
$addx = 0;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$addx = ($1>=2.23);
}
if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
$addx = ($1>=2.10);
}
if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./) {
$addx = ($1>=12);
}
# int bn_mul_mont(
$rp="%rdi"; # BN_ULONG *rp,
crypto/bn/asm/x86_64-mont5.pl
+14 -6
View File
@@ -38,12 +38,20 @@ die "can't locate x86_64-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
# In upstream, this is controlled by shelling out to the compiler to check
# versions, but BoringSSL is intended to be used with pre-generated perlasm
# output, so this isn't useful anyway.
#
# TODO(davidben): Enable this after testing. $addx goes up to 1.
$addx = 0;
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$addx = ($1>=2.23);
}
if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
$addx = ($1>=2.10);
}
if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./) {
$addx = ($1>=12);
}
# int bn_mul_mont_gather5(
$rp="%rdi"; # BN_ULONG *rp,
crypto/bn/bn_test.cc
+25 -87
View File
@@ -76,8 +76,6 @@
#include <stdio.h>
#include <string.h>
#include <utility>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
@@ -213,7 +211,7 @@ int main(int argc, char *argv[]) {
if (!sample) {
return 1;
}
if (!test_lshift(bc_file.get(), ctx.get(), std::move(sample))) {
if (!test_lshift(bc_file.get(), ctx.get(), bssl::move(sample))) {
return 1;
}
flush_fp(bc_file.get());
@@ -425,16 +423,6 @@ static bool test_div(FILE *fp, BN_CTX *ctx) {
return false;
}
if (!BN_one(a.get())) {
return false;
}
BN_zero(b.get());
if (BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) {
fprintf(stderr, "Division by zero succeeded!\n");
return false;
}
ERR_clear_error();
for (int i = 0; i < num0 + num1; i++) {
if (i < num1) {
if (!BN_rand(a.get(), 400, 0, 0) ||
@@ -503,6 +491,14 @@ static bool test_div(FILE *fp, BN_CTX *ctx) {
return false;
}
// Test the BN_div checks for division by zero.
BN_zero(b.get());
if (BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) {
fprintf(stderr, "Divided by zero!\n");
return false;
}
ERR_clear_error();
return true;
}
@@ -832,17 +828,18 @@ static bool test_div_word(FILE *fp) {
}
for (int i = 0; i < num0; i++) {
BN_ULONG s;
do {
if (!BN_rand(a.get(), 512, -1, 0) ||
!BN_rand(b.get(), BN_BITS2, -1, 0)) {
return false;
}
} while (BN_is_zero(b.get()));
s = b->d[0];
} while (!s);
if (!BN_copy(b.get(), a.get())) {
return false;
}
BN_ULONG s = b->d[0];
BN_ULONG r = BN_div_word(b.get(), s);
if (r == (BN_ULONG)-1) {
return false;
@@ -885,27 +882,8 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) {
ScopedBIGNUM B(BN_new());
ScopedBIGNUM n(BN_new());
ScopedBN_MONT_CTX mont(BN_MONT_CTX_new());
if (!a || !b || !c || !d || !A || !B || !n || !mont) {
return false;
}
BN_zero(n.get());
if (BN_MONT_CTX_set(mont.get(), n.get(), ctx)) {
fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n");
return false;
}
ERR_clear_error();
if (!BN_set_word(n.get(), 16)) {
return false;
}
if (BN_MONT_CTX_set(mont.get(), n.get(), ctx)) {
fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n");
return false;
}
ERR_clear_error();
if (!BN_rand(a.get(), 100, 0, 0) ||
if (!a || !b || !c || !d || !A || !B || !n || !mont ||
!BN_rand(a.get(), 100, 0, 0) ||
!BN_rand(b.get(), 100, 0, 0)) {
return false;
}
@@ -946,6 +924,13 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) {
}
}
BN_zero(n.get());
if (BN_MONT_CTX_set(mont.get(), n.get(), ctx)) {
fprintf(stderr, "Division by zero!\n");
return false;
}
ERR_clear_error();
return true;
}
@@ -999,16 +984,6 @@ static bool test_mod_mul(FILE *fp, BN_CTX *ctx) {
return false;
}
if (!BN_one(a.get()) || !BN_one(b.get())) {
return false;
}
BN_zero(c.get());
if (BN_mod_mul(e.get(), a.get(), b.get(), c.get(), ctx)) {
fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n");
return false;
}
ERR_clear_error();
for (int j = 0; j < 3; j++) {
if (!BN_rand(c.get(), 1024, 0, 0)) {
return false;
@@ -1063,21 +1038,8 @@ static bool test_mod_exp(FILE *fp, BN_CTX *ctx) {
ScopedBIGNUM c(BN_new());
ScopedBIGNUM d(BN_new());
ScopedBIGNUM e(BN_new());
if (!a || !b || !c || !d || !e) {
return false;
}
if (!BN_one(a.get()) || !BN_one(b.get())) {
return false;
}
BN_zero(c.get());
if (BN_mod_exp(d.get(), a.get(), b.get(), c.get(), ctx)) {
fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
return 0;
}
ERR_clear_error();
if (!BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery
if (!a || !b || !c || !d || !e ||
!BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery
return false;
}
for (int i = 0; i < num2; i++) {
@@ -1116,32 +1078,8 @@ static bool test_mod_exp_mont_consttime(FILE *fp, BN_CTX *ctx) {
ScopedBIGNUM c(BN_new());
ScopedBIGNUM d(BN_new());
ScopedBIGNUM e(BN_new());
if (!a || !b || !c || !d || !e) {
return false;
}
if (!BN_one(a.get()) || !BN_one(b.get())) {
return false;
}
BN_zero(c.get());
if (BN_mod_exp_mont_consttime(d.get(), a.get(), b.get(), c.get(), ctx,
nullptr)) {
fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus succeeded!\n");
return 0;
}
ERR_clear_error();
if (!BN_set_word(c.get(), 16)) {
return false;
}
if (BN_mod_exp_mont_consttime(d.get(), a.get(), b.get(), c.get(), ctx,
nullptr)) {
fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus succeeded!\n");
return 0;
}
ERR_clear_error();
if (!BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery
if (!a || !b || !c || !d || !e ||
!BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery
return false;
}
for (int i = 0; i < num2; i++) {
crypto/bn/exponentiation.c
+72 -57
View File
@@ -123,17 +123,6 @@
#define RSAZ_ENABLED
#include "rsaz_exp.h"
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table,
const BN_ULONG *np, const BN_ULONG *n0, int num,
int power);
void bn_scatter5(const BN_ULONG *inp, size_t num, void *table, size_t power);
void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table,
const BN_ULONG *np, const BN_ULONG *n0, int num, int power);
int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *not_used, const BN_ULONG *np,
const BN_ULONG *n0, int num);
#endif
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
@@ -285,10 +274,10 @@ static int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
goto err;
}
if (BN_ucmp(m, &recp->N) < 0) {
if (BN_ucmp(m, &(recp->N)) < 0) {
BN_zero(d);
if (!BN_copy(r, m)) {
goto err;
return 0;
}
BN_CTX_end(ctx);
return 1;
@@ -613,17 +602,17 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
}
int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont) {
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) {
int i, j, bits, ret = 0, wstart, window;
int start = 1;
BIGNUM *d, *r;
const BIGNUM *aa;
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *new_mont = NULL;
BN_MONT_CTX *mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, mont);
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
if (!BN_is_odd(m)) {
@@ -644,13 +633,18 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err;
}
/* Allocate a montgomery context if it was not supplied by the caller. */
if (mont == NULL) {
new_mont = BN_MONT_CTX_new();
if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
/* If this is not done, things will break in the montgomery part */
if (in_mont != NULL) {
mont = in_mont;
} else {
mont = BN_MONT_CTX_new();
if (mont == NULL) {
goto err;
}
if (!BN_MONT_CTX_set(mont, m, ctx)) {
goto err;
}
mont = new_mont;
}
if (a->neg || BN_ucmp(a, m) >= 0) {
@@ -769,7 +763,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
ret = 1;
err:
BN_MONT_CTX_free(new_mont);
if (in_mont == NULL) {
BN_MONT_CTX_free(mont);
}
BN_CTX_end(ctx);
return ret;
}
@@ -855,10 +851,10 @@ static int copy_from_prebuf(BIGNUM *b, int top, unsigned char *buf, int idx,
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
const BN_MONT_CTX *mont) {
BN_MONT_CTX *in_mont) {
int i, bits, ret = 0, window, wvalue;
int top;
BN_MONT_CTX *new_mont = NULL;
BN_MONT_CTX *mont = NULL;
int numPowers;
unsigned char *powerbufFree = NULL;
@@ -866,13 +862,12 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
unsigned char *powerbuf = NULL;
BIGNUM tmp, am;
if (!BN_is_odd(m)) {
top = m->top;
if (!(m->d[0] & 1)) {
OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
}
top = m->top;
bits = BN_num_bits(p);
if (bits == 0) {
ret = BN_one(rr);
@@ -881,13 +876,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BN_CTX_start(ctx);
/* Allocate a montgomery context if it was not supplied by the caller. */
if (mont == NULL) {
new_mont = BN_MONT_CTX_new();
if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
/* Allocate a montgomery context if it was not supplied by the caller.
* If this is not done, things will break in the montgomery part. */
if (in_mont != NULL) {
mont = in_mont;
} else {
mont = BN_MONT_CTX_new();
if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) {
goto err;
}
mont = new_mont;
}
#ifdef RSAZ_ENABLED
@@ -996,7 +993,20 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
* 512-bit RSA is hardly relevant, we omit it to spare size... */
if (window == 5 && top > 1) {
const BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2;
void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG * ap,
const void * table, const BN_ULONG * np,
const BN_ULONG * n0, int num, int power);
void bn_scatter5(const BN_ULONG * inp, size_t num, void * table,
size_t power);
void bn_gather5(BN_ULONG * out, size_t num, void * table, size_t power);
void bn_power5(BN_ULONG * rp, const BN_ULONG * ap, const void * table,
const BN_ULONG * np, const BN_ULONG * n0, int num,
int power);
int bn_from_montgomery(BN_ULONG * rp, const BN_ULONG * ap,
const BN_ULONG * not_used, const BN_ULONG * np,
const BN_ULONG * n0, int num);
BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2;
/* BN_to_montgomery can contaminate words above .top
* [in BN_DEBUG[_DEBUG] build]... */
@@ -1010,11 +1020,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (top & 7) {
np2 = np;
} else {
BN_ULONG *np_double = am.d + top;
for (i = 0; i < top; i++) {
np_double[2 * i] = np[i];
for (np2 = am.d + top, i = 0; i < top; i++) {
np2[2 * i] = np[i];
}
np2 = np_double;
}
bn_scatter5(tmp.d, top, powerbuf, 0);
@@ -1179,9 +1187,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err;
}
ret = 1;
err:
BN_MONT_CTX_free(new_mont);
if (in_mont == NULL) {
BN_MONT_CTX_free(mont);
}
if (powerbuf != NULL) {
OPENSSL_cleanse(powerbuf, powerbufLen);
OPENSSL_free(powerbufFree);
@@ -1191,9 +1200,8 @@ err:
}
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
const BN_MONT_CTX *mont) {
BN_MONT_CTX *new_mont = NULL;
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) {
BN_MONT_CTX *mont = NULL;
int b, bits, ret = 0;
int r_is_one;
BN_ULONG w, next_w;
@@ -1251,13 +1259,13 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
goto err;
}
/* Allocate a montgomery context if it was not supplied by the caller. */
if (mont == NULL) {
new_mont = BN_MONT_CTX_new();
if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
if (in_mont != NULL) {
mont = in_mont;
} else {
mont = BN_MONT_CTX_new();
if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) {
goto err;
}
mont = new_mont;
}
r_is_one = 1; /* except for Montgomery factor */
@@ -1339,7 +1347,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
ret = 1;
err:
BN_MONT_CTX_free(new_mont);
if (in_mont == NULL) {
BN_MONT_CTX_free(mont);
}
BN_CTX_end(ctx);
return ret;
}
@@ -1348,7 +1358,7 @@ err:
int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
BN_CTX *ctx, const BN_MONT_CTX *mont) {
BN_CTX *ctx, BN_MONT_CTX *in_mont) {
int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2,
wvalue1, wvalue2;
int r_is_one = 1;
@@ -1356,7 +1366,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
const BIGNUM *a_mod_m;
/* Tables of variables obtained from 'ctx' */
BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
BN_MONT_CTX *new_mont = NULL;
BN_MONT_CTX *mont = NULL;
if (!(m->d[0] & 1)) {
OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS);
@@ -1380,13 +1390,16 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
goto err;
}
/* Allocate a montgomery context if it was not supplied by the caller. */
if (mont == NULL) {
new_mont = BN_MONT_CTX_new();
if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) {
if (in_mont != NULL) {
mont = in_mont;
} else {
mont = BN_MONT_CTX_new();
if (mont == NULL) {
goto err;
}
if (!BN_MONT_CTX_set(mont, m, ctx)) {
goto err;
}
mont = new_mont;
}
window1 = BN_window_bits_for_exponent_size(bits1);
@@ -1538,7 +1551,9 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
ret = 1;
err:
BN_MONT_CTX_free(new_mont);
if (in_mont == NULL) {
BN_MONT_CTX_free(mont);
}
BN_CTX_end(ctx);
return ret;
}
crypto/bn/gcd.c
+7 -21
View File
@@ -223,23 +223,20 @@ err:
}
/* solves ax == 1 (mod n) */
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, int *out_no_inverse,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx);
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a,
const BIGNUM *n, BN_CTX *ctx);
BIGNUM *BN_mod_inverse_ex(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
const BIGNUM *n, BN_CTX *ctx) {
BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx) {
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
BIGNUM *ret = NULL;
int sign;
if ((a->flags & BN_FLG_CONSTTIME) != 0 ||
(n->flags & BN_FLG_CONSTTIME) != 0) {
return BN_mod_inverse_no_branch(out, out_no_inverse, a, n, ctx);
return BN_mod_inverse_no_branch(out, a, n, ctx);
}
*out_no_inverse = 0;
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
@@ -525,7 +522,6 @@ BIGNUM *BN_mod_inverse_ex(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
}
}
} else {
*out_no_inverse = 1;
OPENSSL_PUT_ERROR(BN, BN_R_NO_INVERSE);
goto err;
}
@@ -539,25 +535,16 @@ err:
return ret;
}
BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx) {
int no_inverse;
return BN_mod_inverse_ex(out, &no_inverse, a, n, ctx);
}
/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
* It does not contain branches that may leak sensitive information. */
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, int *out_no_inverse,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx) {
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a,
const BIGNUM *n, BN_CTX *ctx) {
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
BIGNUM local_A, local_B;
BIGNUM *pA, *pB;
BIGNUM *ret = NULL;
int sign;
*out_no_inverse = 0;
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
@@ -695,7 +682,6 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, int *out_no_inverse,
}
}
} else {
*out_no_inverse = 1;
OPENSSL_PUT_ERROR(BN, BN_R_NO_INVERSE);
goto err;
}
crypto/bn/generic.c
+106
View File
@@ -1022,4 +1022,110 @@ void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) {
r[7] = c2;
}
#if defined(OPENSSL_NO_ASM) || (!defined(OPENSSL_ARM) && !defined(OPENSSL_X86_64))
/* This is essentially reference implementation, which may or may not
* result in performance improvement. E.g. on IA-32 this routine was
* observed to give 40% faster rsa1024 private key operations and 10%
* faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
* by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
* reference implementation, one to be used as starting point for
* platform-specific assembler. Mentioned numbers apply to compiler
* generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
* can vary not only from platform to platform, but even for compiler
* versions. Assembler vs. assembler improvement coefficients can
* [and are known to] differ and are to be documented elsewhere. */
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0p, int num) {
BN_ULONG c0, c1, ml, *tp, n0;
#ifdef mul64
BN_ULONG mh;
#endif
volatile BN_ULONG *vp;
int i = 0, j;
#if 0 /* template for platform-specific implementation */
if (ap==bp) return bn_sqr_mont(rp,ap,np,n0p,num);
#endif
vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
n0 = *n0p;
c0 = 0;
ml = bp[0];
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
for (j = 0; j < num; ++j) {
mul(tp[j], ap[j], ml, mh, c0);
}
#else
for (j = 0; j < num; ++j) {
mul(tp[j], ap[j], ml, c0);
}
#endif
tp[num] = c0;
tp[num + 1] = 0;
goto enter;
for (i = 0; i < num; i++) {
c0 = 0;
ml = bp[i];
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
for (j = 0; j < num; ++j) {
mul_add(tp[j], ap[j], ml, mh, c0);
}
#else
for (j = 0; j < num; ++j) {
mul_add(tp[j], ap[j], ml, c0);
}
#endif
c1 = (tp[num] + c0) & BN_MASK2;
tp[num] = c1;
tp[num + 1] = (c1 < c0 ? 1 : 0);
enter:
c1 = tp[0];
ml = (c1 * n0) & BN_MASK2;
c0 = 0;
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
mul_add(c1, np[0], ml, mh, c0);
#else
mul_add(c1, ml, np[0], c0);
#endif
for (j = 1; j < num; j++) {
c1 = tp[j];
#ifdef mul64
mul_add(c1, np[j], ml, mh, c0);
#else
mul_add(c1, ml, np[j], c0);
#endif
tp[j - 1] = c1 & BN_MASK2;
}
c1 = (tp[num] + c0) & BN_MASK2;
tp[num - 1] = c1;
tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
}
if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
c0 = bn_sub_words(rp, tp, np, num);
if (tp[num] != 0 || c0 == 0) {
for (i = 0; i < num + 2; i++) {
vp[i] = 0;
}
return 1;
}
}
for (i = 0; i < num; i++) {
rp[i] = tp[i], vp[i] = 0;
}
vp[num] = 0;
vp[num + 1] = 0;
return 1;
}
#endif
#endif
crypto/bn/montgomery.c
+15 -10
View File
@@ -118,9 +118,8 @@
#include "../internal.h"
#if !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
#if !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
#define OPENSSL_BN_ASM_MONT
#endif
@@ -131,14 +130,18 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) {
return NULL;
}
memset(ret, 0, sizeof(BN_MONT_CTX));
BN_init(&ret->RR);
BN_init(&ret->N);
BN_init(&ret->Ni);
BN_MONT_CTX_init(ret);
ret->flags = BN_FLG_MALLOCED;
return ret;
}
void BN_MONT_CTX_init(BN_MONT_CTX *mont) {
memset(mont, 0, sizeof(BN_MONT_CTX));
BN_init(&mont->RR);
BN_init(&mont->N);
BN_init(&mont->Ni);
}
void BN_MONT_CTX_free(BN_MONT_CTX *mont) {
if (mont == NULL) {
return;
@@ -147,10 +150,12 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) {
BN_free(&mont->RR);
BN_free(&mont->N);
BN_free(&mont->Ni);
OPENSSL_free(mont);
if (mont->flags & BN_FLG_MALLOCED) {
OPENSSL_free(mont);
}
}
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from) {
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) {
if (to == from) {
return to;
}
crypto/bn/prime.c
+1 -1
View File
@@ -710,7 +710,7 @@ loop:
if (!BN_add_word(rnd, delta)) {
return 0;
}
if (BN_num_bits(rnd) != (unsigned)bits) {
if (BN_num_bits(rnd) != bits) {
goto again;
}
crypto/buf/CMakeLists.txt
+1 -1
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
buf
crypto/buf/buf.c
+1 -1
View File
@@ -220,7 +220,7 @@ size_t BUF_strlcat(char *dst, const char *src, size_t dst_size) {
void *BUF_memdup(const void *data, size_t dst_size) {
void *ret;
if (dst_size == 0) {
if (data == NULL) {
return NULL;
}
crypto/bytestring/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
bytestring
@@ -19,4 +19,3 @@ add_executable(
)
target_link_libraries(bytestring_test crypto)
add_dependencies(all_tests bytestring_test)
crypto/bytestring/ber.c
+1 -1
View File
@@ -119,7 +119,7 @@ static int cbs_convert_ber(CBS *in, CBB *out, char squash_header,
char squash_child_headers = is_primitive_type(tag);
/* This is a hack, but it sufficies to handle NSS's output. If we find
* an indefinite length, context-specific tag with a definite, primitive
* an indefinite length, context-specific tag with a definite, primtive
* tag inside it, then we assume that the context-specific tag is
* implicit and the tags within are fragments of a primitive type that
* need to be concatenated. */
crypto/bytestring/bytestring_test.cc
+6 -56
View File
@@ -365,55 +365,6 @@ static bool TestCBBPrefixed() {
return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
}
static bool TestCBBDiscardChild() {
ScopedCBB cbb;
CBB contents, inner_contents, inner_inner_contents;
if (!CBB_init(cbb.get(), 0) ||
!CBB_add_u8(cbb.get(), 0xaa)) {
return false;
}
// Discarding |cbb|'s children preserves the byte written.
CBB_discard_child(cbb.get());
if (!CBB_add_u8_length_prefixed(cbb.get(), &contents) ||
!CBB_add_u8_length_prefixed(cbb.get(), &contents) ||
!CBB_add_u8(&contents, 0xbb) ||
!CBB_add_u16_length_prefixed(cbb.get(), &contents) ||
!CBB_add_u16(&contents, 0xcccc) ||
!CBB_add_u24_length_prefixed(cbb.get(), &contents) ||
!CBB_add_u24(&contents, 0xdddddd) ||
!CBB_add_u8_length_prefixed(cbb.get(), &contents) ||
!CBB_add_u8(&contents, 0xff) ||
!CBB_add_u8_length_prefixed(&contents, &inner_contents) ||
!CBB_add_u8(&inner_contents, 0x42) ||
!CBB_add_u16_length_prefixed(&inner_contents, &inner_inner_contents) ||
!CBB_add_u8(&inner_inner_contents, 0x99)) {
return false;
}
// Discard everything from |inner_contents| down.
CBB_discard_child(&contents);
uint8_t *buf;
size_t buf_len;
if (!CBB_finish(cbb.get(), &buf, &buf_len)) {
return false;
}
ScopedOpenSSLBytes scoper(buf);
static const uint8_t kExpected[] = {
0xaa,
0,
1, 0xbb,
0, 2, 0xcc, 0xcc,
0, 0, 3, 0xdd, 0xdd, 0xdd,
1, 0xff,
};
return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
}
static bool TestCBBMisuse() {
CBB cbb, child, contents;
uint8_t *buf;
@@ -483,7 +434,7 @@ static bool TestCBBASN1() {
return false;
}
if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
!CBB_add_bytes(&contents, test_data.data(), 130) ||
!CBB_add_bytes(&contents, bssl::vector_data(&test_data), 130) ||
!CBB_finish(&cbb, &buf, &buf_len)) {
CBB_cleanup(&cbb);
return false;
@@ -492,7 +443,7 @@ static bool TestCBBASN1() {
if (buf_len != 3 + 130 ||
memcmp(buf, "\x30\x81\x82", 3) != 0 ||
memcmp(buf + 3, test_data.data(), 130) != 0) {
memcmp(buf + 3, bssl::vector_data(&test_data), 130) != 0) {
return false;
}
@@ -500,7 +451,7 @@ static bool TestCBBASN1() {
return false;
}
if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
!CBB_add_bytes(&contents, test_data.data(), 1000) ||
!CBB_add_bytes(&contents, bssl::vector_data(&test_data), 1000) ||
!CBB_finish(&cbb, &buf, &buf_len)) {
CBB_cleanup(&cbb);
return false;
@@ -509,7 +460,7 @@ static bool TestCBBASN1() {
if (buf_len != 4 + 1000 ||
memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 ||
memcmp(buf + 4, test_data.data(), 1000)) {
memcmp(buf + 4, bssl::vector_data(&test_data), 1000)) {
return false;
}
@@ -518,7 +469,7 @@ static bool TestCBBASN1() {
}
if (!CBB_add_asn1(&cbb, &contents, 0x30) ||
!CBB_add_asn1(&contents, &inner_contents, 0x30) ||
!CBB_add_bytes(&inner_contents, test_data.data(), 100000) ||
!CBB_add_bytes(&inner_contents, bssl::vector_data(&test_data), 100000) ||
!CBB_finish(&cbb, &buf, &buf_len)) {
CBB_cleanup(&cbb);
return false;
@@ -527,7 +478,7 @@ static bool TestCBBASN1() {
if (buf_len != 5 + 5 + 100000 ||
memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 ||
memcmp(buf + 10, test_data.data(), 100000)) {
memcmp(buf + 10, bssl::vector_data(&test_data), 100000)) {
return false;
}
@@ -719,7 +670,6 @@ int main(void) {
!TestCBBFinishChild() ||
!TestCBBMisuse() ||
!TestCBBPrefixed() ||
!TestCBBDiscardChild() ||
!TestCBBASN1() ||
!TestBerConvert() ||
!TestASN1Uint64() ||
crypto/bytestring/cbb.c
-18
View File
@@ -70,10 +70,6 @@ int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {
void CBB_cleanup(CBB *cbb) {
if (cbb->base) {
/* Only top-level |CBB|s are cleaned up. Child |CBB|s are non-owning. They
* are implicitly discarded when the parent is flushed or cleaned up. */
assert(cbb->is_top_level);
if (cbb->base->can_resize) {
OPENSSL_free(cbb->base->buf);
}
@@ -360,20 +356,6 @@ int CBB_add_u24(CBB *cbb, uint32_t value) {
return cbb_buffer_add_u(cbb->base, value, 3);
}
void CBB_discard_child(CBB *cbb) {
if (cbb->child == NULL) {
return;
}
cbb->base->len = cbb->offset;
cbb->child->base = NULL;
cbb->child = NULL;
cbb->pending_len_len = 0;
cbb->pending_is_asn1 = 0;
cbb->offset = 0;
}
int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
CBB child;
size_t i;
crypto/bytestring/cbs.c
+3 -17
View File
@@ -137,15 +137,6 @@ int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) {
return 1;
}
int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
const uint8_t *v;
if (!cbs_get(cbs, &v, len)) {
return 0;
}
memcpy(out, v, len);
return 1;
}
static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) {
uint32_t len;
if (!cbs_get_u(cbs, &len, len_len)) {
@@ -329,19 +320,14 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
}
int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag) {
int present = 0;
if (CBS_peek_asn1_tag(cbs, tag)) {
if (!CBS_get_asn1(cbs, out, tag)) {
return 0;
}
present = 1;
*out_present = 1;
} else {
*out_present = 0;
}
if (out_present != NULL) {
*out_present = present;
}
return 1;
}
crypto/chacha/CMakeLists.txt
+1 -1
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
if (${ARCH} STREQUAL "arm")
set(
crypto/chacha/chacha_generic.c
+10 -7
View File
@@ -54,8 +54,8 @@ static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
#if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM)
/* Defined in chacha_vec.c */
void CRYPTO_chacha_20_neon(uint8_t *out, const uint8_t *in, size_t in_len,
const uint8_t key[32], const uint8_t nonce[12],
uint32_t counter);
const uint8_t key[32], const uint8_t nonce[8],
size_t counter);
#endif
/* chacha_core performs 20 rounds of ChaCha on the input words in
@@ -85,8 +85,8 @@ static void chacha_core(uint8_t output[64], const uint32_t input[16]) {
}
void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
const uint8_t key[32], const uint8_t nonce[12],
uint32_t counter) {
const uint8_t key[32], const uint8_t nonce[8],
size_t counter) {
uint32_t input[16];
uint8_t buf[64];
size_t todo, i;
@@ -114,9 +114,9 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
input[11] = U8TO32_LITTLE(key + 28);
input[12] = counter;
input[13] = U8TO32_LITTLE(nonce + 0);
input[14] = U8TO32_LITTLE(nonce + 4);
input[15] = U8TO32_LITTLE(nonce + 8);
input[13] = ((uint64_t)counter) >> 32;
input[14] = U8TO32_LITTLE(nonce + 0);
input[15] = U8TO32_LITTLE(nonce + 4);
while (in_len > 0) {
todo = sizeof(buf);
@@ -134,6 +134,9 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
in_len -= todo;
input[12]++;
if (input[12] == 0) {
input[13]++;
}
}
}
crypto/chacha/chacha_vec.c
+16 -12
View File
@@ -154,12 +154,12 @@ void CRYPTO_chacha_20(
const uint8_t *in,
size_t inlen,
const uint8_t key[32],
const uint8_t nonce[12],
uint32_t counter)
const uint8_t nonce[8],
size_t counter)
{
unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp;
#if defined(__ARM_NEON__)
uint32_t np[3];
uint32_t np[2];
uint8_t alignment_buffer[16] __attribute__((aligned(16)));
#endif
vec s0, s1, s2, s3;
@@ -167,16 +167,20 @@ void CRYPTO_chacha_20(
{0x61707865,0x3320646E,0x79622D32,0x6B206574};
kp = (unsigned *)key;
#if defined(__ARM_NEON__)
memcpy(np, nonce, 12);
memcpy(np, nonce, 8);
#endif
s0 = LOAD_ALIGNED(chacha_const);
s1 = LOAD(&((vec*)kp)[0]);
s2 = LOAD(&((vec*)kp)[1]);
s3 = (vec){
counter,
counter & 0xffffffff,
#if __ARM_NEON__ || defined(OPENSSL_X86)
0, /* can't right-shift 32 bits on a 32-bit system. */
#else
counter >> 32,
#endif
((uint32_t*)nonce)[0],
((uint32_t*)nonce)[1],
((uint32_t*)nonce)[2]
((uint32_t*)nonce)[1]
};
for (iters = 0; iters < inlen/(BPI*64); iters++)
@@ -208,8 +212,8 @@ void CRYPTO_chacha_20(
x2 = chacha_const[2]; x3 = chacha_const[3];
x4 = kp[0]; x5 = kp[1]; x6 = kp[2]; x7 = kp[3];
x8 = kp[4]; x9 = kp[5]; x10 = kp[6]; x11 = kp[7];
x12 = counter+BPI*iters+(BPI-1); x13 = np[0];
x14 = np[1]; x15 = np[2];
x12 = counter+BPI*iters+(BPI-1); x13 = 0;
x14 = np[0]; x15 = np[1];
#endif
for (i = CHACHA_RNDS/2; i; i--)
{
@@ -261,9 +265,9 @@ void CRYPTO_chacha_20(
op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6]));
op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7]));
op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter+BPI*iters+(BPI-1)));
op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13 + np[0]));
op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[1]));
op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[2]));
op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13));
op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[0]));
op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[1]));
s3 += ONE;
ip += 16;
op += 16;
crypto/chacha/chacha_vec_arm.S
+300 -319
View File
@@ -23,7 +23,7 @@
# /opt/gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf-gcc -O3 -mcpu=cortex-a8 -mfpu=neon -fpic -DASM_GEN -I ../../include -S chacha_vec.c -o -
#if !defined(OPENSSL_NO_ASM)
#if defined(__arm__)
#if defined(__arm__) || defined(__aarch64__)
.syntax unified
.cpu cortex-a8
@@ -60,138 +60,137 @@
.thumb_func
.type CRYPTO_chacha_20_neon, %function
CRYPTO_chacha_20_neon:
@ args = 8, pretend = 0, frame = 160
@ args = 8, pretend = 0, frame = 152
@ frame_needed = 1, uses_anonymous_args = 0
push {r4, r5, r6, r7, r8, r9, r10, fp, lr}
mov r9, r3
mov r8, r3
vpush.64 {d8, d9, d10, d11, d12, d13, d14, d15}
mov r10, r2
mov r9, r2
ldr r4, .L91+16
mov fp, r1
mov r8, r9
mov fp, r0
mov r10, r1
mov lr, r8
.LPIC16:
add r4, pc
sub sp, sp, #164
sub sp, sp, #156
add r7, sp, #0
sub sp, sp, #112
add lr, r7, #148
str r0, [r7, #80]
add r6, r7, #144
str r0, [r7, #88]
str r1, [r7, #12]
str r2, [r7, #8]
ldmia r4, {r0, r1, r2, r3}
add r4, sp, #15
bic r4, r4, #15
ldr r6, [r7, #264]
str r4, [r7, #88]
ldr ip, [r7, #256]
str r4, [r7, #84]
mov r5, r4
adds r4, r4, #64
add ip, r5, #80
str r9, [r7, #56]
adds r5, r5, #80
str r8, [r7, #68]
stmia r4, {r0, r1, r2, r3}
movw r4, #43691
ldr r0, [r6] @ unaligned
ldr r0, [ip] @ unaligned
movt r4, 43690
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r9, #12] @ unaligned
str ip, [r7, #84]
stmia lr!, {r0, r1, r2}
mov lr, ip
ldr r1, [r9, #4] @ unaligned
ldr r2, [r9, #8] @ unaligned
ldr r0, [r9] @ unaligned
vldr d24, [r5, #64]
vldr d25, [r5, #72]
umull r4, r5, r10, r4
stmia ip!, {r0, r1, r2, r3}
ldr r0, [r8, #16]! @ unaligned
ldr r2, [r7, #88]
ldr r4, [r7, #268]
ldr r1, [r8, #4] @ unaligned
ldr r1, [ip, #4] @ unaligned
ldr r3, [r7, #84]
ldr r2, [r8, #8] @ unaligned
mov r8, #0
stmia r6!, {r0, r1}
mov r6, r5
ldr r1, [lr, #4] @ unaligned
ldr r0, [lr] @ unaligned
vldr d24, [r3, #64]
vldr d25, [r3, #72]
ldr r3, [lr, #12] @ unaligned
str r5, [r7, #80]
stmia r5!, {r0, r1, r2, r3}
ldr r0, [lr, #16]! @ unaligned
ldr r2, [r7, #84]
umull r4, r5, r9, r4
vldr d26, [r2, #80]
vldr d27, [r2, #88]
ldr r3, [r8, #12] @ unaligned
ldr r2, [r8, #8] @ unaligned
stmia lr!, {r0, r1, r2, r3}
ldr r3, [r6]
ldr r1, [r6, #4]
ldr r6, [r6, #8]
str r3, [r7, #68]
str r3, [r7, #132]
ldr r1, [lr, #4] @ unaligned
ldr r2, [lr, #8] @ unaligned
ldr r3, [lr, #12] @ unaligned
ldr r4, [r7, #260]
stmia r6!, {r0, r1, r2, r3}
ldr r3, [ip]
ldr r1, [r7, #84]
ldr r2, [ip, #4]
str r3, [r7, #64]
vldr d28, [r1, #80]
vldr d29, [r1, #88]
str r3, [r7, #136]
lsrs r3, r5, #7
str r6, [r7, #140]
str r6, [r7, #60]
ldr r6, [r7, #88]
str r4, [r7, #128]
str r1, [r7, #136]
str r1, [r7, #64]
vldr d28, [r6, #80]
vldr d29, [r6, #88]
str r2, [r7, #140]
str r8, [r7, #132]
str r2, [r7, #60]
vldr d22, [r7, #128]
vldr d23, [r7, #136]
beq .L26
mov r5, r6
lsls r2, r3, #8
ldr r5, [r1, #64]
sub r3, r2, r3, lsl #6
ldr r2, [r5, #68]
ldr r6, [r6, #64]
ldr r2, [r1, #68]
vldr d0, .L91
vldr d1, .L91+8
str r2, [r7, #48]
ldr r2, [r5, #72]
adds r4, r4, #2
str r5, [r7, #56]
str r2, [r7, #52]
ldr r5, [r1, #72]
ldr r2, [r1, #76]
str r3, [r7, #4]
str r6, [r7, #52]
str r5, [r7, #48]
str r2, [r7, #44]
adds r2, r4, #2
str r2, [r7, #72]
ldr r2, [r5, #76]
str fp, [r7, #76]
str r2, [r7, #40]
ldr r2, [r7, #80]
mov r2, fp
str r4, [r7, #72]
adds r3, r2, r3
str r10, [r7, #76]
str r3, [r7, #16]
.L4:
ldr r5, [r7, #56]
add r8, r7, #40
ldr r4, [r7, #68]
ldr r5, [r7, #68]
add r8, r7, #44
ldr r4, [r7, #72]
vadd.i32 q3, q11, q0
ldmia r8, {r8, r9, r10, fp}
mov r1, r5
ldr r2, [r5, #4]
vmov q8, q14 @ v4si
ldr r3, [r5]
ldr r2, [r5, #4]
vmov q1, q13 @ v4si
ldr r6, [r1, #28]
ldr r3, [r5]
vmov q9, q12 @ v4si
ldr lr, [r5, #20]
vmov q2, q11 @ v4si
mov r0, r2
ldr r2, [r5, #8]
str r4, [r7, #112]
movs r1, #10
ldr r4, [r7, #72]
vmov q2, q11 @ v4si
ldr lr, [r5, #20]
vmov q15, q14 @ v4si
str r3, [r7, #108]
vmov q5, q13 @ v4si
str r2, [r7, #116]
vmov q10, q12 @ v4si
ldr r2, [r5, #12]
mov r3, r5
ldr ip, [r5, #16]
ldr r3, [r7, #64]
vmov q15, q14 @ v4si
mov r1, r2
ldr r2, [r5, #12]
ldr r5, [r5, #24]
vmov q5, q13 @ v4si
ldr r6, [r3, #28]
vmov q10, q12 @ v4si
ldr r3, [r7, #64]
str r5, [r7, #116]
movs r5, #10
str r6, [r7, #120]
str r1, [r7, #92]
str r4, [r7, #112]
ldr r6, [r7, #60]
str r4, [r7, #100]
ldr r1, [r7, #116]
ldr r4, [r7, #108]
str r8, [r7, #96]
mov r8, r10
str lr, [r7, #104]
ldr r4, [r7, #108]
mov r10, r9
ldr r9, [r7, #116]
str lr, [r7, #104]
mov lr, r3
mov r9, r5
str r5, [r7, #92]
movs r5, #0
str r6, [r7, #124]
str r5, [r7, #100]
b .L92
.L93:
.align 3
@@ -214,24 +213,25 @@ CRYPTO_chacha_20_neon:
str r5, [r7, #116]
add r10, r10, r1
vrev32.16 q3, q3
str r6, [r7, #108]
eor lr, lr, r10
vadd.i32 q8, q8, q3
vrev32.16 q2, q2
vadd.i32 q15, q15, q2
mov fp, r3
ldr r3, [r7, #100]
ldr r3, [r7, #112]
veor q4, q8, q1
str r6, [r7, #112]
veor q6, q15, q5
add fp, fp, r2
eors r3, r3, r5
mov r5, r6
ldr r6, [r7, #112]
ldr r6, [r7, #100]
vshl.i32 q1, q4, #12
vshl.i32 q5, q6, #12
ror r3, r3, #16
add fp, fp, r2
eors r6, r6, r5
eor lr, lr, r10
ror r3, r3, #16
vsri.32 q1, q4, #20
ror lr, lr, #16
mov r5, r6
ldr r6, [r7, #124]
vsri.32 q5, q6, #20
@@ -239,26 +239,25 @@ CRYPTO_chacha_20_neon:
eor r6, r6, fp
ror r5, r5, #16
vadd.i32 q9, q9, q1
ror lr, lr, #16
add r9, r9, lr
ror r3, r6, #16
ldr r6, [r7, #124]
vadd.i32 q10, q10, q5
add r9, r9, lr
str r3, [r7, #108]
veor q4, q9, q3
add ip, ip, r6
ldr r6, [r7, #104]
veor q6, q10, q2
eor r4, ip, r4
str r3, [r7, #104]
vshl.i32 q3, q4, #8
eor r1, r9, r1
vshl.i32 q3, q4, #8
mov r8, r6
ldr r6, [r7, #120]
vshl.i32 q2, q6, #8
ror r4, r4, #20
add r6, r6, r3
vsri.32 q3, q4, #24
str r6, [r7, #100]
str r6, [r7, #104]
eors r2, r2, r6
ldr r6, [r7, #116]
vsri.32 q2, q6, #24
@@ -269,7 +268,7 @@ CRYPTO_chacha_20_neon:
eor r0, r8, r0
vadd.i32 q15, q15, q2
mov r3, r6
ldr r6, [r7, #108]
ldr r6, [r7, #112]
veor q6, q4, q1
ror r0, r0, #20
str r3, [r7, #112]
@@ -286,7 +285,7 @@ CRYPTO_chacha_20_neon:
ror r1, r1, #20
eors r5, r5, r6
vsri.32 q8, q6, #25
ldr r6, [r7, #104]
ldr r6, [r7, #108]
ror r3, r3, #24
ror r5, r5, #24
vsri.32 q1, q5, #25
@@ -298,7 +297,7 @@ CRYPTO_chacha_20_neon:
vext.32 q8, q8, q8, #1
str ip, [r7, #124]
add ip, r5, r8
ldr r5, [r7, #100]
ldr r5, [r7, #104]
eor lr, r10, lr
ror r6, r6, #24
vext.32 q1, q1, q1, #1
@@ -411,7 +410,7 @@ CRYPTO_chacha_20_neon:
veor q6, q15, q1
ldr r3, [r7, #116]
vshl.i32 q1, q4, #7
str r2, [r7, #100]
str r2, [r7, #112]
add r3, r3, r2
str r3, [r7, #120]
vshl.i32 q5, q6, #7
@@ -424,7 +423,7 @@ CRYPTO_chacha_20_neon:
vsri.32 q5, q6, #25
ldr r3, [r7, #92]
ror r4, r4, #25
str r6, [r7, #112]
str r6, [r7, #100]
ror r0, r0, #25
subs r3, r3, #1
str r5, [r7, #104]
@@ -438,325 +437,308 @@ CRYPTO_chacha_20_neon:
vext.32 q5, q5, q5, #3
vext.32 q1, q1, q1, #3
bne .L3
ldr r3, [r7, #84]
ldr r3, [r7, #80]
vadd.i32 q4, q12, q10
str r9, [r7, #92]
str r9, [r7, #116]
mov r9, r10
mov r10, r8
ldr r8, [r7, #96]
str lr, [r7, #96]
mov lr, r5
ldr r5, [r7, #52]
ldr r5, [r7, #56]
vadd.i32 q5, q13, q5
ldr r6, [r7, #76]
vadd.i32 q15, q14, q15
add fp, fp, r5
ldr r5, [r7, #48]
str r3, [r7, #104]
vadd.i32 q7, q14, q8
ldr r3, [r6, #12] @ unaligned
add r10, r10, r5
str r0, [r7, #36]
vadd.i32 q2, q11, q2
ldr r0, [r6] @ unaligned
vadd.i32 q6, q12, q9
ldr r5, [r7, #104]
vadd.i32 q1, q13, q1
str r1, [r7, #116]
vadd.i32 q11, q11, q0
ldr r1, [r6, #4] @ unaligned
str r2, [r7, #32]
vadd.i32 q3, q11, q3
ldr r2, [r6, #8] @ unaligned
vadd.i32 q11, q11, q0
ldr r5, [r7, #52]
str r4, [r7, #108]
ldr r4, [r7, #100]
vadd.i32 q7, q14, q8
ldr r4, [r7, #112]
add r5, r10, r5
str r3, [r7, #112]
vadd.i32 q2, q11, q2
ldr r3, [r6, #12] @ unaligned
vadd.i32 q6, q12, q9
str r0, [r7, #92]
vadd.i32 q1, q13, q1
ldr r0, [r6] @ unaligned
vadd.i32 q11, q11, q0
str r1, [r7, #40]
str r2, [r7, #36]
vadd.i32 q3, q11, q3
ldr r1, [r6, #4] @ unaligned
vadd.i32 q11, q11, q0
ldr r2, [r6, #8] @ unaligned
str r5, [r7, #104]
vadd.i32 q11, q11, q0
ldr r5, [r7, #112]
ldr r10, [r7, #80]
stmia r5!, {r0, r1, r2, r3}
ldr r2, [r7, #88]
ldr r3, [r7, #44]
ldr r5, [r7, #84]
vldr d20, [r2, #80]
vldr d21, [r2, #88]
add r3, r9, r3
str r3, [r7, #104]
veor q10, q10, q4
ldr r3, [r7, #40]
add r3, r8, r3
str r3, [r7, #100]
mov r5, r10
ldr r0, [r7, #84]
ldr r2, [r7, #48]
ldr r3, [r7, #72]
vstr d20, [r2, #80]
vstr d21, [r2, #88]
vldr d20, [r0, #80]
vldr d21, [r0, #88]
add r9, r9, r2
veor q10, q10, q4
ldr r2, [r7, #44]
adds r1, r4, r3
str r1, [r7, #28]
add r2, r8, r2
str r2, [r7, #32]
vstr d20, [r0, #80]
vstr d21, [r0, #88]
ldmia r5!, {r0, r1, r2, r3}
ldr r4, [r7, #68]
ldr r5, [r7, #112]
ldr r8, [r7, #84]
add r5, r5, r4
ldr r4, [r7, #96]
str r5, [r7, #24]
ldr r5, [r7, #64]
add r4, r4, r5
ldr r5, [r7, #60]
ldr r5, [r7, #124]
str r4, [r7, #96]
ldr r4, [r7, #124]
add r4, r4, r5
str r4, [r7, #20]
ldr r4, [r7, #80]
mov r5, r8
ldr r4, [r7, #60]
add r5, r5, r4
ldr r4, [r7, #88]
str r5, [r7, #24]
mov r5, r10
str r0, [r4] @ unaligned
mov r0, r4
str r1, [r4, #4] @ unaligned
mov r4, r8
str r2, [r0, #8] @ unaligned
mov r8, r0
str r2, [r0, #8] @ unaligned
mov r4, r10
str r3, [r0, #12] @ unaligned
mov r9, r4
ldr r0, [r6, #16]! @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r6, [r7, #76]
stmia r5!, {r0, r1, r2, r3}
mov r5, r8
ldr r3, [r7, #88]
mov r5, r10
ldr r3, [r7, #84]
vldr d20, [r3, #80]
vldr d21, [r3, #88]
veor q10, q10, q5
vstr d20, [r3, #80]
vstr d21, [r3, #88]
ldmia r4!, {r0, r1, r2, r3}
mov r4, r9
mov r4, r8
str r0, [r8, #16] @ unaligned
str r1, [r8, #20] @ unaligned
str r2, [r8, #24] @ unaligned
str r3, [r8, #28] @ unaligned
mov r8, r5
mov r8, r4
ldr r0, [r6, #32]! @ unaligned
mov r5, r9
str r10, [r7, #124]
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r6, [r7, #76]
stmia r5!, {r0, r1, r2, r3}
mov r5, r8
ldr r1, [r7, #88]
vldr d16, [r1, #80]
vldr d17, [r1, #88]
mov r5, r10
ldr r2, [r7, #84]
vldr d16, [r2, #80]
vldr d17, [r2, #88]
veor q15, q8, q15
vstr d30, [r1, #80]
vstr d31, [r1, #88]
ldmia r4!, {r0, r1, r2, r3}
mov r4, r9
str r0, [r8, #32] @ unaligned
str r1, [r8, #36] @ unaligned
str r2, [r8, #40] @ unaligned
str r3, [r8, #44] @ unaligned
mov r8, r5
vstr d30, [r2, #80]
vstr d31, [r2, #88]
ldmia r10!, {r0, r1, r2, r3}
str r0, [r4, #32] @ unaligned
str r1, [r4, #36] @ unaligned
str r2, [r4, #40] @ unaligned
str r3, [r4, #44] @ unaligned
ldr r0, [r6, #48]! @ unaligned
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r6, [r7, #76]
stmia r4!, {r0, r1, r2, r3}
mov r4, r9
ldr r1, [r7, #88]
str r9, [r7, #112]
stmia r5!, {r0, r1, r2, r3}
ldr r1, [r7, #84]
vldr d18, [r1, #80]
vldr d19, [r1, #88]
veor q9, q9, q2
vstr d18, [r1, #80]
vstr d19, [r1, #88]
ldmia r9!, {r0, r1, r2, r3}
str r0, [r5, #48] @ unaligned
str r1, [r5, #52] @ unaligned
str r2, [r5, #56] @ unaligned
str r3, [r5, #60] @ unaligned
ldr r3, [r7, #112]
ldr r5, [r7, #80]
mov r10, r3
ldmia r10!, {r0, r1, r2, r3}
str r0, [r4, #48] @ unaligned
str r1, [r4, #52] @ unaligned
str r2, [r4, #56] @ unaligned
str r3, [r4, #60] @ unaligned
ldr r0, [r6, #64]! @ unaligned
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r6, [r7, #76]
mov r9, r6
mov r6, r4
stmia r6!, {r0, r1, r2, r3}
mov r6, r4
ldr r1, [r7, #88]
stmia r5!, {r0, r1, r2, r3}
ldr r1, [r7, #84]
ldr r3, [r7, #112]
ldr r5, [r7, #80]
vldr d18, [r1, #80]
vldr d19, [r1, #88]
veor q9, q9, q6
mov r10, r3
str r5, [r7, #20]
vstr d18, [r1, #80]
vstr d19, [r1, #88]
ldmia r4!, {r0, r1, r2, r3}
mov r4, r6
str r3, [r5, #76] @ unaligned
mov r3, r9
str r2, [r5, #72] @ unaligned
str r0, [r5, #64] @ unaligned
str r1, [r5, #68] @ unaligned
mov r5, r4
ldr r0, [r3, #80]! @ unaligned
mov r9, r3
ldr r1, [r9, #4] @ unaligned
ldr r2, [r9, #8] @ unaligned
ldr r3, [r9, #12] @ unaligned
mov r9, r4
ldmia r10!, {r0, r1, r2, r3}
str r1, [r4, #68] @ unaligned
str r2, [r4, #72] @ unaligned
str r3, [r4, #76] @ unaligned
str r0, [r4, #64] @ unaligned
ldr r0, [r6, #80]! @ unaligned
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r6, [r7, #76]
str r9, [r7, #124]
stmia r5!, {r0, r1, r2, r3}
mov r5, r8
ldr r1, [r7, #88]
ldr r1, [r7, #84]
ldr r3, [r7, #20]
ldr r5, [r7, #80]
vldr d18, [r1, #80]
vldr d19, [r1, #88]
veor q1, q9, q1
mov r10, r3
vstr d2, [r1, #80]
vstr d3, [r1, #88]
ldmia r4!, {r0, r1, r2, r3}
mov r4, r9
str r0, [r8, #80] @ unaligned
str r1, [r8, #84] @ unaligned
str r2, [r8, #88] @ unaligned
str r3, [r8, #92] @ unaligned
ldmia r10!, {r0, r1, r2, r3}
mov r10, r5
str r0, [r4, #80] @ unaligned
str r1, [r4, #84] @ unaligned
str r2, [r4, #88] @ unaligned
str r3, [r4, #92] @ unaligned
ldr r0, [r6, #96]! @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
ldr r6, [r7, #76]
stmia r4!, {r0, r1, r2, r3}
mov r4, r9
ldr r3, [r7, #88]
stmia r5!, {r0, r1, r2, r3}
mov r5, r10
ldr r3, [r7, #84]
vldr d16, [r3, #80]
vldr d17, [r3, #88]
veor q8, q8, q7
vstr d16, [r3, #80]
vstr d17, [r3, #88]
ldmia r9!, {r0, r1, r2, r3}
str r0, [r5, #96] @ unaligned
str r1, [r5, #100] @ unaligned
str r2, [r5, #104] @ unaligned
str r3, [r5, #108] @ unaligned
ldmia r10!, {r0, r1, r2, r3}
str r0, [r4, #96] @ unaligned
str r1, [r4, #100] @ unaligned
str r2, [r4, #104] @ unaligned
str r3, [r4, #108] @ unaligned
ldr r0, [r6, #112]! @ unaligned
ldr r1, [r6, #4] @ unaligned
ldr r2, [r6, #8] @ unaligned
ldr r3, [r6, #12] @ unaligned
mov r6, r4
stmia r6!, {r0, r1, r2, r3}
mov r6, r5
ldr r3, [r7, #88]
stmia r6!, {r0, r1, r2, r3}
ldr r3, [r7, #84]
vldr d16, [r3, #80]
vldr d17, [r3, #88]
veor q8, q8, q3
vstr d16, [r3, #80]
vstr d17, [r3, #88]
ldmia r4!, {r0, r1, r2, r3}
mov r4, r5
mov r8, r4
str r2, [r5, #120] @ unaligned
ldr r2, [r7, #76]
str r0, [r5, #112] @ unaligned
str r1, [r5, #116] @ unaligned
str r3, [r5, #124] @ unaligned
ldr r3, [r2, #128]
ldr r1, [r7, #104]
ldmia r5!, {r0, r1, r2, r3}
str r1, [r4, #116] @ unaligned
ldr r1, [r7, #76]
str r0, [r4, #112] @ unaligned
str r2, [r4, #120] @ unaligned
str r3, [r4, #124] @ unaligned
ldr r3, [r1, #128]
ldr r2, [r7, #104]
eor r3, fp, r3
str r3, [r5, #128]
ldr r3, [r2, #132]
mov r5, r2
eor r3, r10, r3
str r3, [r6, #132]
ldr r3, [r2, #136]
mov r6, r5
eors r1, r1, r3
str r1, [r8, #136]
ldr r1, [r7, #56]
ldr r3, [r2, #140]
ldr r2, [r7, #100]
ldr r0, [r7, #108]
eors r3, r3, r2
str r3, [r4, #140]
ldr r3, [r1]
ldr r2, [r5, #144]
mov r8, r0
add r8, r8, r3
mov r5, r6
mov r3, r8
str r3, [r4, #128]
ldr r3, [r1, #132]
eors r2, r2, r3
str r2, [r4, #144]
ldr r3, [r6, #148]
ldr r2, [r1, #4]
ldr r6, [r7, #36]
add r6, r6, r2
str r2, [r8, #132]
ldr r3, [r1, #136]
ldr r5, [r7, #68]
ldr r6, [r7, #32]
eor r3, r9, r3
str r3, [r4, #136]
ldr r3, [r1, #140]
ldr r0, [r7, #92]
eors r3, r3, r6
mov r6, r1
ldr r6, [r7, #108]
str r3, [r4, #140]
ldr r3, [r5]
ldr r2, [r1, #144]
add r6, r6, r3
eors r2, r2, r6
str r2, [r4, #144]
ldr r2, [r5, #4]
ldr r3, [r1, #148]
add r0, r0, r2
ldr r6, [r7, #36]
eors r3, r3, r0
ldr r0, [r7, #40]
str r3, [r4, #148]
ldr r2, [r1, #8]
ldr r1, [r7, #116]
ldr r3, [r5, #152]
mov r8, r1
add r8, r8, r2
ldr r1, [r7, #32]
mov r2, r8
eors r3, r3, r2
ldr r2, [r5, #8]
ldr r3, [r1, #152]
add r0, r0, r2
eors r3, r3, r0
str r3, [r4, #152]
mov r8, r4
ldr r2, [r6, #12]
ldr r3, [r5, #156]
add r1, r1, r2
eors r3, r3, r1
str r3, [r4, #156]
ldr r2, [r6, #16]
mov r1, r4
ldr r3, [r5, #160]
mov r4, r5
ldr r2, [r5, #12]
mov r0, r4
ldr r3, [r1, #156]
mov r4, r1
add r6, r6, r2
mov r1, r0
eors r3, r3, r6
str r3, [r0, #156]
ldr r2, [r5, #16]
ldr r3, [r4, #160]
add ip, ip, r2
mov r5, r6
eor r3, ip, r3
str r3, [r1, #160]
ldr r2, [r6, #20]
ldr r2, [r5, #20]
ldr r3, [r4, #164]
add lr, lr, r2
ldr r2, [r7, #92]
ldr r2, [r7, #116]
eor r3, lr, r3
str r3, [r1, #164]
ldr r6, [r5, #24]
mov lr, r4
ldr r3, [r4, #168]
add r2, r2, r6
ldr r6, [r7, #120]
mov r6, r4
eors r3, r3, r2
str r3, [r1, #168]
ldr r5, [r5, #28]
mov r2, r1
ldr r3, [r4, #172]
add r6, r6, r5
eors r3, r3, r6
str r3, [r1, #172]
ldr r4, [r4, #176]
ldr r0, [r7, #28]
ldr r0, [r7, #120]
add r0, r0, r5
ldr r5, [r7, #24]
eors r4, r4, r0
str r4, [r8, #176]
ldr r0, [lr, #180]
ldr r2, [r7, #96]
eors r0, r0, r5
str r0, [r8, #180]
ldr r1, [lr, #184]
ldr r4, [r7, #20]
eors r1, r1, r2
str r1, [r8, #184]
ldr r2, [lr, #188]
add r1, lr, #192
eors r3, r3, r0
str r3, [r1, #172]
ldr r3, [r7, #72]
eors r2, r2, r4
str r2, [r8, #188]
ldr r2, [r7, #16]
adds r3, r3, #3
str r3, [r7, #72]
mov r3, r8
ldr r4, [r4, #176]
ldr r1, [r7, #28]
eors r4, r4, r1
adds r1, r3, #3
str r4, [r2, #176]
ldr r3, [r7, #100]
ldr r0, [lr, #180]
str r1, [r7, #72]
eors r3, r3, r0
mov r0, r3
mov r3, r2
str r0, [r2, #180]
adds r3, r3, #192
ldr r1, [lr, #184]
ldr r2, [r7, #96]
eors r1, r1, r2
str r1, [r3, #-8]
ldr r2, [lr, #188]
mov r1, r6
adds r1, r1, #192
str r1, [r7, #76]
eors r2, r2, r5
str r2, [r3, #-4]
ldr r2, [r7, #16]
str r3, [r7, #88]
cmp r2, r3
str r3, [r7, #80]
bne .L4
ldr r3, [r7, #12]
ldr r2, [r7, #4]
@@ -775,8 +757,8 @@ CRYPTO_chacha_20_neon:
beq .L6
ldr r5, [r7, #12]
ldr r4, [r7, #16]
ldr r6, [r7, #88]
ldr lr, [r7, #84]
ldr r6, [r7, #84]
ldr lr, [r7, #80]
vldr d30, .L94
vldr d31, .L94+8
str fp, [r7, #120]
@@ -982,7 +964,7 @@ CRYPTO_chacha_20_neon:
mov r9, r5
bhi .L88
vadd.i32 q12, q12, q10
ldr r3, [r7, #88]
ldr r3, [r7, #84]
vst1.64 {d24-d25}, [r3:128]
.L14:
ldr r3, [r7, #8]
@@ -1019,7 +1001,7 @@ CRYPTO_chacha_20_neon:
movcs r1, ip
cmp r1, #0
beq .L17
ldr r5, [r7, #88]
ldr r5, [r7, #84]
cmp r1, #1
ldrb r0, [r0] @ zero_extendqisi2
add r3, r2, #1
@@ -1154,7 +1136,7 @@ CRYPTO_chacha_20_neon:
ldr r5, [r7, #16]
cmp r6, #1
add r0, r1, r2
ldr r1, [r7, #88]
ldr r1, [r7, #84]
add r1, r1, r2
vld1.64 {d18-d19}, [r0:64]
add r2, r2, r5
@@ -1192,7 +1174,7 @@ CRYPTO_chacha_20_neon:
add r3, r3, lr
beq .L1
.L19:
ldr r4, [r7, #88]
ldr r4, [r7, #84]
adds r2, r3, #1
ldr r1, [r7, #12]
cmp r2, r9
@@ -1307,7 +1289,7 @@ CRYPTO_chacha_20_neon:
eor r1, r1, r0
strb r1, [r5, r2]
bls .L1
ldr r2, [r7, #88]
ldr r2, [r7, #84]
ldrb r1, [r2, r3] @ zero_extendqisi2
ldr r2, [r7, #12]
ldrb r2, [r2, r3] @ zero_extendqisi2
@@ -1315,7 +1297,7 @@ CRYPTO_chacha_20_neon:
ldr r1, [r7, #16]
strb r2, [r1, r3]
.L1:
adds r7, r7, #164
adds r7, r7, #156
mov sp, r7
@ sp needed
vldm sp!, {d8-d15}
@@ -1323,7 +1305,7 @@ CRYPTO_chacha_20_neon:
.L88:
ldr r5, [r7, #12]
vadd.i32 q12, q12, q10
ldr r4, [r7, #84]
ldr r4, [r7, #80]
cmp r9, #31
ldr r0, [r5] @ unaligned
ldr r1, [r5, #4] @ unaligned
@@ -1331,7 +1313,7 @@ CRYPTO_chacha_20_neon:
ldr r2, [r5, #8] @ unaligned
ldr r3, [r5, #12] @ unaligned
stmia r6!, {r0, r1, r2, r3}
ldr r2, [r7, #88]
ldr r2, [r7, #84]
ldr r6, [r7, #16]
vldr d18, [r2, #80]
vldr d19, [r2, #88]
@@ -1346,7 +1328,7 @@ CRYPTO_chacha_20_neon:
str r3, [r6, #12] @ unaligned
bhi .L89
vadd.i32 q13, q13, q15
ldr r3, [r7, #88]
ldr r3, [r7, #84]
vstr d26, [r3, #16]
vstr d27, [r3, #24]
b .L14
@@ -1355,7 +1337,7 @@ CRYPTO_chacha_20_neon:
ldr r2, [r7, #12]
add r2, r2, r9
mov r5, r2
ldr r2, [r7, #88]
ldr r2, [r7, #84]
add r2, r2, r3
mov r3, r2
.L24:
@@ -1365,18 +1347,17 @@ CRYPTO_chacha_20_neon:
eor r2, r2, r1
strb r2, [r4], #1
bne .L24
adds r7, r7, #164
adds r7, r7, #156
mov sp, r7
@ sp needed
vldm sp!, {d8-d15}
pop {r4, r5, r6, r7, r8, r9, r10, fp, pc}
.L26:
ldr r3, [r7, #80]
str r3, [r7, #16]
str fp, [r7, #16]
b .L2
.L89:
mov r3, r5
ldr r4, [r7, #84]
ldr r4, [r7, #80]
ldr r0, [r3, #16]! @ unaligned
add lr, r1, #16
mov r5, r1
@@ -1387,7 +1368,7 @@ CRYPTO_chacha_20_neon:
ldr r2, [r3, #8] @ unaligned
ldr r3, [r3, #12] @ unaligned
stmia r6!, {r0, r1, r2, r3}
ldr r2, [r7, #88]
ldr r2, [r7, #84]
vldr d18, [r2, #80]
vldr d19, [r2, #88]
veor q13, q9, q13
@@ -1400,16 +1381,16 @@ CRYPTO_chacha_20_neon:
str r3, [lr, #12] @ unaligned
bhi .L90
vadd.i32 q8, q14, q8
ldr r3, [r7, #88]
ldr r3, [r7, #84]
vstr d16, [r3, #32]
vstr d17, [r3, #40]
b .L14
.L90:
ldr r3, [r7, #12]
add lr, r5, #32
ldr r4, [r7, #84]
ldr r4, [r7, #80]
vadd.i32 q8, q14, q8
ldr r5, [r7, #88]
ldr r5, [r7, #84]
vadd.i32 q11, q11, q3
ldr r0, [r3, #32]! @ unaligned
mov r6, r4
@@ -1443,5 +1424,5 @@ CRYPTO_chacha_20_neon:
.ident "GCC: (Linaro GCC 2014.11) 4.9.3 20141031 (prerelease)"
.section .note.GNU-stack,"",%progbits
#endif /* __arm__ */
#endif /* __arm__ || __aarch64__ */
#endif /* !OPENSSL_NO_ASM */
crypto/chacha/chacha_vec_arm_generate.go
+3 -6
View File
@@ -12,10 +12,7 @@
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
// This package generates chacha_vec_arm.S from chacha_vec.c. Install the
// arm-linux-gnueabihf-gcc compiler as described in BUILDING.md. Then:
// `(cd crypto/chacha && go run chacha_vec_arm_generate.go)`.
// This package generates chacha_vec_arm.S from chacha_vec.c.
package main
import (
@@ -56,7 +53,7 @@ func main() {
output.WriteString(" ")
output.WriteString(strings.Join(args, " "))
output.WriteString("\n\n#if !defined(OPENSSL_NO_ASM)\n")
output.WriteString("#if defined(__arm__)\n\n")
output.WriteString("#if defined(__arm__) || defined(__aarch64__)\n\n")
cmd := exec.Command(compiler, args...)
cmd.Stderr = os.Stderr
@@ -148,6 +145,6 @@ const attr28Block = `
`
const trailer = `
#endif /* __arm__ */
#endif /* __arm__ || __aarch64__ */
#endif /* !OPENSSL_NO_ASM */
`
crypto/cipher/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
cipher
@@ -37,4 +37,3 @@ add_executable(
target_link_libraries(cipher_test crypto)
target_link_libraries(aead_test crypto)
add_dependencies(all_tests cipher_test aead_test)
crypto/cipher/aead.c
-13
View File
@@ -30,10 +30,6 @@ size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; }
size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; }
void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) {
memset(ctx, 0, sizeof(EVP_AEAD_CTX));
}
int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
const uint8_t *key, size_t key_len, size_t tag_len,
ENGINE *impl) {
@@ -156,12 +152,3 @@ int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key)
return ctx->aead->get_rc4_state(ctx, out_key);
}
int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_len) {
if (ctx->aead->get_iv == NULL) {
return 0;
}
return ctx->aead->get_iv(ctx, out_iv, out_len);
}
crypto/cipher/aead_test.cc
+57 -33
View File
@@ -22,7 +22,7 @@
#include <openssl/err.h>
#include "../test/file_test.h"
#include "../test/scoped_types.h"
#include "../test/stl_compat.h"
// This program tests an AEAD against a series of test vectors from a file,
@@ -35,6 +35,18 @@
// CT: 5294265a60
// TAG: 1d45758621762e061368e68868e2f929
// EVP_AEAD_CTX lacks a zero state, so it doesn't fit easily into
// ScopedOpenSSLContext.
class EVP_AEAD_CTXScoper {
public:
EVP_AEAD_CTXScoper(EVP_AEAD_CTX *ctx) : ctx_(ctx) {}
~EVP_AEAD_CTXScoper() {
EVP_AEAD_CTX_cleanup(ctx_);
}
private:
EVP_AEAD_CTX *ctx_;
};
static bool TestAEAD(FileTest *t, void *arg) {
const EVP_AEAD *aead = reinterpret_cast<const EVP_AEAD*>(arg);
@@ -48,19 +60,22 @@ static bool TestAEAD(FileTest *t, void *arg) {
return false;
}
ScopedEVP_AEAD_CTX ctx;
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_seal)) {
EVP_AEAD_CTX ctx;
if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
key.size(), tag.size(),
evp_aead_seal)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
EVP_AEAD_CTXScoper cleanup(&ctx);
std::vector<uint8_t> out(in.size() + EVP_AEAD_max_overhead(aead));
if (!t->HasAttribute("NO_SEAL")) {
size_t out_len;
if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
nonce.data(), nonce.size(), in.data(), in.size(),
ad.data(), ad.size())) {
if (!EVP_AEAD_CTX_seal(&ctx, bssl::vector_data(&out), &out_len, out.size(),
bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&in), in.size(),
bssl::vector_data(&ad), ad.size())) {
t->PrintLine("Failed to run AEAD.");
return false;
}
@@ -71,31 +86,36 @@ static bool TestAEAD(FileTest *t, void *arg) {
(unsigned)(ct.size() + tag.size()));
return false;
}
if (!t->ExpectBytesEqual(ct.data(), ct.size(), out.data(), ct.size()) ||
!t->ExpectBytesEqual(tag.data(), tag.size(), out.data() + ct.size(),
tag.size())) {
if (!t->ExpectBytesEqual(bssl::vector_data(&ct), ct.size(),
bssl::vector_data(&out), ct.size()) ||
!t->ExpectBytesEqual(bssl::vector_data(&tag), tag.size(),
bssl::vector_data(&out) + ct.size(), tag.size())) {
return false;
}
} else {
out.resize(ct.size() + tag.size());
memcpy(out.data(), ct.data(), ct.size());
memcpy(out.data() + ct.size(), tag.data(), tag.size());
memcpy(bssl::vector_data(&out), bssl::vector_data(&ct), ct.size());
memcpy(bssl::vector_data(&out) + ct.size(), bssl::vector_data(&tag),
tag.size());
}
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
EVP_AEAD_CTX_cleanup(&ctx);
if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
key.size(), tag.size(),
evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
std::vector<uint8_t> out2(out.size());
size_t out2_len;
int ret = EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(),
out.size(), ad.data(), ad.size());
int ret = EVP_AEAD_CTX_open(&ctx,
bssl::vector_data(&out2), &out2_len, out2.size(),
bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&out), out.size(),
bssl::vector_data(&ad), ad.size());
if (t->HasAttribute("FAILS")) {
if (ret) {
t->PrintLine("Decrypted bad data.");
@@ -110,15 +130,17 @@ static bool TestAEAD(FileTest *t, void *arg) {
return false;
}
out2.resize(out2_len);
if (!t->ExpectBytesEqual(in.data(), in.size(), out2.data(), out2.size())) {
if (!t->ExpectBytesEqual(bssl::vector_data(&in), in.size(),
bssl::vector_data(&out2), out2.size())) {
return false;
}
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
EVP_AEAD_CTX_cleanup(&ctx);
if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
key.size(), tag.size(),
evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
@@ -126,9 +148,10 @@ static bool TestAEAD(FileTest *t, void *arg) {
// Garbage at the end isn't ignored.
out.push_back(0);
out2.resize(out.size());
if (EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(), out.size(),
ad.data(), ad.size())) {
if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(),
bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&out), out.size(),
bssl::vector_data(&ad), ad.size())) {
t->PrintLine("Decrypted bad data with trailing garbage.");
return false;
}
@@ -136,9 +159,10 @@ static bool TestAEAD(FileTest *t, void *arg) {
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
EVP_AEAD_CTX_cleanup(&ctx);
if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key),
key.size(), tag.size(),
evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
@@ -147,9 +171,10 @@ static bool TestAEAD(FileTest *t, void *arg) {
out[0] ^= 0x80;
out.resize(out.size() - 1);
out2.resize(out.size());
if (EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(), out.size(),
ad.data(), ad.size())) {
if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(),
bssl::vector_data(&nonce), nonce.size(),
bssl::vector_data(&out), out.size(),
bssl::vector_data(&ad), ad.size())) {
t->PrintLine("Decrypted bad data with corrupted byte.");
return false;
}
@@ -200,8 +225,7 @@ struct AEADName {
static const struct AEADName kAEADs[] = {
{ "aes-128-gcm", EVP_aead_aes_128_gcm },
{ "aes-256-gcm", EVP_aead_aes_256_gcm },
{ "chacha20-poly1305", EVP_aead_chacha20_poly1305_rfc7539 },
{ "chacha20-poly1305-old", EVP_aead_chacha20_poly1305_old },
{ "chacha20-poly1305", EVP_aead_chacha20_poly1305 },
{ "rc4-md5-tls", EVP_aead_rc4_md5_tls },
{ "rc4-sha1-tls", EVP_aead_rc4_sha1_tls },
{ "aes-128-cbc-sha1-tls", EVP_aead_aes_128_cbc_sha1_tls },
crypto/cipher/cipher_test.cc
+14 -18
View File
@@ -63,17 +63,12 @@
#include "../test/file_test.h"
#include "../test/scoped_types.h"
#include "../test/stl_compat.h"
static const EVP_CIPHER *GetCipher(const std::string &name) {
if (name == "DES-CBC") {
return EVP_des_cbc();
} else if (name == "DES-ECB") {
return EVP_des_ecb();
} else if (name == "DES-EDE") {
return EVP_des_ede();
} else if (name == "DES-EDE-CBC") {
return EVP_des_ede_cbc();
} else if (name == "DES-EDE3-CBC") {
return EVP_des_ede3_cbc();
} else if (name == "RC4") {
@@ -145,7 +140,7 @@ static bool TestOperation(FileTest *t,
}
if (is_aead && !encrypt &&
!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, tag.size(),
const_cast<uint8_t*>(tag.data()))) {
const_cast<uint8_t*>(bssl::vector_data(&tag)))) {
return false;
}
// The ciphers are run with no padding. For each of the ciphers we test, the
@@ -161,10 +156,10 @@ static bool TestOperation(FileTest *t,
// |EVP_CipherUpdate| calls when empty.
int unused, result_len1 = 0, result_len2;
if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()) ||
!EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key.data(), iv.data(),
-1) ||
!EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, bssl::vector_data(&key),
bssl::vector_data(&iv), -1) ||
(!aad.empty() &&
!EVP_CipherUpdate(ctx.get(), nullptr, &unused, aad.data(),
!EVP_CipherUpdate(ctx.get(), nullptr, &unused, bssl::vector_data(&aad),
aad.size())) ||
!EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) {
t->PrintLine("Operation failed.");
@@ -174,27 +169,28 @@ static bool TestOperation(FileTest *t,
for (size_t i = 0; i < in->size(); i++) {
uint8_t c = (*in)[i];
int len;
if (!EVP_CipherUpdate(ctx.get(), result.data() + result_len1, &len, &c,
1)) {
if (!EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result) + result_len1,
&len, &c, 1)) {
t->PrintLine("Operation failed.");
return false;
}
result_len1 += len;
}
} else if (!in->empty() &&
!EVP_CipherUpdate(ctx.get(), result.data(), &result_len1,
in->data(), in->size())) {
!EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result),
&result_len1, bssl::vector_data(in),
in->size())) {
t->PrintLine("Operation failed.");
return false;
}
if (!EVP_CipherFinal_ex(ctx.get(), result.data() + result_len1,
if (!EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1,
&result_len2)) {
t->PrintLine("Operation failed.");
return false;
}
result.resize(result_len1 + result_len2);
if (!t->ExpectBytesEqual(out->data(), out->size(), result.data(),
result.size())) {
if (!t->ExpectBytesEqual(bssl::vector_data(out), out->size(),
bssl::vector_data(&result), result.size())) {
return false;
}
if (encrypt && is_aead) {
@@ -205,7 +201,7 @@ static bool TestOperation(FileTest *t,
}
if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, tag.size(),
rtag) ||
!t->ExpectBytesEqual(tag.data(), tag.size(), rtag,
!t->ExpectBytesEqual(bssl::vector_data(&tag), tag.size(), rtag,
tag.size())) {
return false;
}
crypto/cipher/e_aes.c
+67 -74
View File
@@ -54,6 +54,7 @@
#include <openssl/cpu.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/modes.h>
#include <openssl/obj.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -63,7 +64,7 @@
#include "../modes/internal.h"
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
#include <openssl/arm_arch.h>
#include "../arm_arch.h"
#endif
@@ -110,6 +111,7 @@ static char bsaes_capable(void) {
#elif !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
#include "../arm_arch.h"
#if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7
#define BSAES
@@ -119,8 +121,8 @@ static char bsaes_capable(void) {
#endif
#define HWAES
static int hwaes_capable(void) {
return CRYPTO_is_ARMv8_AES_capable();
static char hwaes_capable(void) {
return (OPENSSL_armcap_P & ARMV8_AES) != 0;
}
int aes_v8_set_encrypt_key(const uint8_t *user_key, const int bits,
@@ -150,14 +152,13 @@ static char bsaes_capable(void) {
/* On other platforms, bsaes_capable() will always return false and so the
* following will never be called. */
static void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
const AES_KEY *key, uint8_t ivec[16], int enc) {
void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
const AES_KEY *key, uint8_t ivec[16], int enc) {
abort();
}
static void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
size_t len, const AES_KEY *key,
const uint8_t ivec[16]) {
void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
const AES_KEY *key, const uint8_t ivec[16]) {
abort();
}
#endif
@@ -180,22 +181,20 @@ static char vpaes_capable(void) {
/* On other platforms, vpaes_capable() will always return false and so the
* following will never be called. */
static int vpaes_set_encrypt_key(const uint8_t *userKey, int bits,
AES_KEY *key) {
int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key) {
abort();
}
static int vpaes_set_decrypt_key(const uint8_t *userKey, int bits,
AES_KEY *key) {
int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, AES_KEY *key) {
abort();
}
static void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
static void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
static void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
const AES_KEY *key, uint8_t *ivec, int enc) {
void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
const AES_KEY *key, uint8_t *ivec, int enc) {
abort();
}
#endif
@@ -203,38 +202,34 @@ static void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
#if !defined(HWAES)
/* If HWAES isn't defined then we provide dummy functions for each of the hwaes
* functions. */
static int hwaes_capable(void) {
int hwaes_capable(void) {
return 0;
}
static int aes_v8_set_encrypt_key(const uint8_t *user_key, int bits,
AES_KEY *key) {
int aes_v8_set_encrypt_key(const uint8_t *user_key, int bits,
AES_KEY *key) {
abort();
}
static int aes_v8_set_decrypt_key(const uint8_t *user_key, int bits,
AES_KEY *key) {
int aes_v8_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
abort();
}
static void aes_v8_encrypt(const uint8_t *in, uint8_t *out,
const AES_KEY *key) {
void aes_v8_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
static void aes_v8_decrypt(const uint8_t *in, uint8_t *out,
const AES_KEY *key) {
void aes_v8_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
static void aes_v8_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
const AES_KEY *key, uint8_t *ivec, int enc) {
void aes_v8_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
const AES_KEY *key, uint8_t *ivec, int enc) {
abort();
}
static void aes_v8_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
size_t len, const AES_KEY *key,
const uint8_t ivec[16]) {
void aes_v8_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
const AES_KEY *key, const uint8_t ivec[16]) {
abort();
}
#endif
@@ -272,16 +267,14 @@ void gcm_ghash_avx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in,
/* On other platforms, aesni_capable() will always return false and so the
* following will never be called. */
static void aesni_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
void aesni_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
abort();
}
static int aesni_set_encrypt_key(const uint8_t *userKey, int bits,
AES_KEY *key) {
int aesni_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key) {
abort();
}
static void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
size_t blocks, const void *key,
const uint8_t *ivec) {
void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks,
const void *key, const uint8_t *ivec) {
abort();
}
@@ -480,14 +473,14 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
iv = gctx->iv;
}
if (iv) {
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
gctx->iv_set = 1;
}
gctx->key_set = 1;
} else {
/* If key set use IV, otherwise copy */
if (gctx->key_set) {
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
} else {
memcpy(gctx->iv, iv, gctx->ivlen);
}
@@ -591,7 +584,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (gctx->iv_gen == 0 || gctx->key_set == 0) {
return 0;
}
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen);
CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
if (arg <= 0 || arg > gctx->ivlen) {
arg = gctx->ivlen;
}
@@ -608,13 +601,19 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
return 0;
}
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen);
CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
gctx->iv_set = 1;
return 1;
case EVP_CTRL_COPY: {
EVP_CIPHER_CTX *out = ptr;
EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
if (gctx->gcm.key) {
if (gctx->gcm.key != &gctx->ks) {
return 0;
}
gctx_out->gcm.key = &gctx_out->ks;
}
if (gctx->iv == c->iv) {
gctx_out->iv = out->iv;
} else {
@@ -656,24 +655,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
if (len >= 32 && AES_GCM_ASM(gctx)) {
size_t res = (16 - gctx->gcm.mres) % 16;
if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in, out, res)) {
if (!CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res)) {
return -1;
}
bulk = AES_gcm_encrypt(in + res, out + res, len - res, &gctx->ks.ks,
bulk = AES_gcm_encrypt(in + res, out + res, len - res, gctx->gcm.key,
gctx->gcm.Yi.c, gctx->gcm.Xi.u);
gctx->gcm.len.u[1] += bulk;
bulk += res;
}
#endif
if (!CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in + bulk,
out + bulk, len - bulk, gctx->ctr)) {
if (!CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in + bulk, out + bulk,
len - bulk, gctx->ctr)) {
return -1;
}
} else {
size_t bulk = 0;
if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in + bulk,
out + bulk, len - bulk)) {
if (!CRYPTO_gcm128_encrypt(&gctx->gcm, in + bulk, out + bulk,
len - bulk)) {
return -1;
}
}
@@ -684,24 +683,24 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
if (len >= 16 && AES_GCM_ASM(gctx)) {
size_t res = (16 - gctx->gcm.mres) % 16;
if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in, out, res)) {
if (!CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res)) {
return -1;
}
bulk = AES_gcm_decrypt(in + res, out + res, len - res, &gctx->ks.ks,
bulk = AES_gcm_decrypt(in + res, out + res, len - res, gctx->gcm.key,
gctx->gcm.Yi.c, gctx->gcm.Xi.u);
gctx->gcm.len.u[1] += bulk;
bulk += res;
}
#endif
if (!CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in + bulk,
out + bulk, len - bulk, gctx->ctr)) {
if (!CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in + bulk, out + bulk,
len - bulk, gctx->ctr)) {
return -1;
}
} else {
size_t bulk = 0;
if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in + bulk,
out + bulk, len - bulk)) {
if (!CRYPTO_gcm128_decrypt(&gctx->gcm, in + bulk, out + bulk,
len - bulk)) {
return -1;
}
}
@@ -895,14 +894,14 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
iv = gctx->iv;
}
if (iv) {
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
gctx->iv_set = 1;
}
gctx->key_set = 1;
} else {
/* If key set use IV, otherwise copy */
if (gctx->key_set) {
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
} else {
memcpy(gctx->iv, iv, gctx->ivlen);
}
@@ -1102,6 +1101,7 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
size_t bulk = 0;
const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
GCM128_CONTEXT gcm;
@@ -1115,22 +1115,20 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
return 0;
}
const AES_KEY *key = &gcm_ctx->ks.ks;
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
return 0;
}
if (gcm_ctx->ctr) {
if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, key, in, out, in_len,
if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, in_len - bulk,
gcm_ctx->ctr)) {
return 0;
}
} else {
if (!CRYPTO_gcm128_encrypt(&gcm, key, in, out, in_len)) {
if (!CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk, in_len - bulk)) {
return 0;
}
}
@@ -1145,6 +1143,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
size_t bulk = 0;
const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state;
uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN];
size_t plaintext_len;
@@ -1162,22 +1161,22 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
return 0;
}
const AES_KEY *key = &gcm_ctx->ks.ks;
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
return 0;
}
if (gcm_ctx->ctr) {
if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, key, in, out,
in_len - gcm_ctx->tag_len, gcm_ctx->ctr)) {
if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
in_len - bulk - gcm_ctx->tag_len,
gcm_ctx->ctr)) {
return 0;
}
} else {
if (!CRYPTO_gcm128_decrypt(&gcm, key, in, out, in_len - gcm_ctx->tag_len)) {
if (!CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
in_len - bulk - gcm_ctx->tag_len)) {
return 0;
}
}
@@ -1203,7 +1202,6 @@ static const EVP_AEAD aead_aes_128_gcm = {
aead_aes_gcm_seal,
aead_aes_gcm_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_256_gcm = {
@@ -1217,7 +1215,6 @@ static const EVP_AEAD aead_aes_256_gcm = {
aead_aes_gcm_seal,
aead_aes_gcm_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; }
@@ -1464,8 +1461,7 @@ static const EVP_AEAD aead_aes_128_key_wrap = {
aead_aes_key_wrap_cleanup,
aead_aes_key_wrap_seal,
aead_aes_key_wrap_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
NULL, /* get_rc4_state */
};
static const EVP_AEAD aead_aes_256_key_wrap = {
@@ -1478,8 +1474,7 @@ static const EVP_AEAD aead_aes_256_key_wrap = {
aead_aes_key_wrap_cleanup,
aead_aes_key_wrap_seal,
aead_aes_key_wrap_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
NULL, /* get_rc4_state */
};
const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; }
@@ -1730,7 +1725,6 @@ static const EVP_AEAD aead_aes_128_ctr_hmac_sha256 = {
aead_aes_ctr_hmac_sha256_seal,
aead_aes_ctr_hmac_sha256_open,
NULL /* get_rc4_state */,
NULL /* get_iv */,
};
static const EVP_AEAD aead_aes_256_ctr_hmac_sha256 = {
@@ -1745,7 +1739,6 @@ static const EVP_AEAD aead_aes_256_ctr_hmac_sha256 = {
aead_aes_ctr_hmac_sha256_seal,
aead_aes_ctr_hmac_sha256_open,
NULL /* get_rc4_state */,
NULL /* get_iv */,
};
const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void) {
@@ -1760,7 +1753,7 @@ int EVP_has_aes_hardware(void) {
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
return aesni_capable() && crypto_gcm_clmul_enabled();
#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
return hwaes_capable() && CRYPTO_is_ARMv8_PMULL_capable();
return hwaes_capable() && (OPENSSL_armcap_P & ARMV8_PMULL);
#else
return 0;
#endif
crypto/cipher/e_chacha20poly1305.c
+62 -151
View File
@@ -26,6 +26,7 @@
#define POLY1305_TAG_LEN 16
#define CHACHA20_NONCE_LEN 8
struct aead_chacha20_poly1305_ctx {
unsigned char key[32];
@@ -67,15 +68,18 @@ static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {
OPENSSL_free(c20_ctx);
}
static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
static void poly1305_update_with_length(poly1305_state *poly1305,
const uint8_t *data, size_t data_len) {
size_t j = data_len;
uint8_t length_bytes[8];
unsigned i;
for (i = 0; i < sizeof(length_bytes); i++) {
length_bytes[i] = data_len;
data_len >>= 8;
length_bytes[i] = j;
j >>= 8;
}
CRYPTO_poly1305_update(poly1305, data, data_len);
CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes));
}
@@ -85,37 +89,18 @@ static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
#define ALIGNED
#endif
typedef void (*aead_poly1305_update)(poly1305_state *ctx, const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len);
/* aead_poly1305 fills |tag| with the authentication tag for the given
* inputs, using |update| to control the order and format that the inputs are
* signed/authenticated. */
static void aead_poly1305(aead_poly1305_update update,
uint8_t tag[POLY1305_TAG_LEN],
const struct aead_chacha20_poly1305_ctx *c20_ctx,
const uint8_t nonce[12], const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) {
uint8_t poly1305_key[32] ALIGNED;
memset(poly1305_key, 0, sizeof(poly1305_key));
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
c20_ctx->key, nonce, 0);
poly1305_state ctx;
CRYPTO_poly1305_init(&ctx, poly1305_key);
update(&ctx, ad, ad_len, ciphertext, ciphertext_len);
CRYPTO_poly1305_finish(&ctx, tag);
}
static int seal(aead_poly1305_update poly1305_update, const EVP_AEAD_CTX *ctx,
uint8_t *out, size_t *out_len, size_t max_out_len,
const uint8_t nonce[12], const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
uint8_t poly1305_key[32] ALIGNED;
poly1305_state poly1305;
const uint64_t in_len_64 = in_len;
/* |CRYPTO_chacha_20| uses a 32-bit block counter. Therefore we disallow
/* The underlying ChaCha implementation may not overflow the block
* counter into the second counter word. Therefore we disallow
* individual operations that work on more than 256GB at a time.
* |in_len_64| is needed because, on 32-bit platforms, size_t is only
* 32-bits and this produces a warning because it's always false.
@@ -136,22 +121,37 @@ static int seal(aead_poly1305_update poly1305_update, const EVP_AEAD_CTX *ctx,
return 0;
}
if (nonce_len != CHACHA20_NONCE_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
memset(poly1305_key, 0, sizeof(poly1305_key));
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
c20_ctx->key, nonce, 0);
CRYPTO_poly1305_init(&poly1305, poly1305_key);
poly1305_update_with_length(&poly1305, ad, ad_len);
CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
poly1305_update_with_length(&poly1305, out, in_len);
uint8_t tag[POLY1305_TAG_LEN] ALIGNED;
aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, out, in_len);
CRYPTO_poly1305_finish(&poly1305, tag);
memcpy(out + in_len, tag, c20_ctx->tag_len);
*out_len = in_len + c20_ctx->tag_len;
return 1;
}
static int open(aead_poly1305_update poly1305_update, const EVP_AEAD_CTX *ctx,
uint8_t *out, size_t *out_len, size_t max_out_len,
const uint8_t nonce[12], const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
uint8_t mac[POLY1305_TAG_LEN];
uint8_t poly1305_key[32] ALIGNED;
size_t plaintext_len;
poly1305_state poly1305;
const uint64_t in_len_64 = in_len;
if (in_len < c20_ctx->tag_len) {
@@ -159,7 +159,8 @@ static int open(aead_poly1305_update poly1305_update, const EVP_AEAD_CTX *ctx,
return 0;
}
/* |CRYPTO_chacha_20| uses a 32-bit block counter. Therefore we disallow
/* The underlying ChaCha implementation may not overflow the block
* counter into the second counter word. Therefore we disallow
* individual operations that work on more than 256GB at a time.
* |in_len_64| is needed because, on 32-bit platforms, size_t is only
* 32-bits and this produces a warning because it's always false.
@@ -170,11 +171,28 @@ static int open(aead_poly1305_update poly1305_update, const EVP_AEAD_CTX *ctx,
return 0;
}
if (nonce_len != CHACHA20_NONCE_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
plaintext_len = in_len - c20_ctx->tag_len;
uint8_t tag[POLY1305_TAG_LEN] ALIGNED;
aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, in,
plaintext_len);
if (CRYPTO_memcmp(tag, in + plaintext_len, c20_ctx->tag_len) != 0) {
if (max_out_len < plaintext_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
memset(poly1305_key, 0, sizeof(poly1305_key));
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
c20_ctx->key, nonce, 0);
CRYPTO_poly1305_init(&poly1305, poly1305_key);
poly1305_update_with_length(&poly1305, ad, ad_len);
poly1305_update_with_length(&poly1305, in, plaintext_len);
CRYPTO_poly1305_finish(&poly1305, mac);
if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -184,54 +202,9 @@ static int open(aead_poly1305_update poly1305_update, const EVP_AEAD_CTX *ctx,
return 1;
}
static void poly1305_update_padded_16(poly1305_state *poly1305,
const uint8_t *data, size_t data_len) {
static const uint8_t padding[16] = { 0 }; /* Padding is all zeros. */
CRYPTO_poly1305_update(poly1305, data, data_len);
if (data_len % 16 != 0) {
CRYPTO_poly1305_update(poly1305, padding, sizeof(padding) - (data_len % 16));
}
}
static void poly1305_update(poly1305_state *ctx, const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) {
poly1305_update_padded_16(ctx, ad, ad_len);
poly1305_update_padded_16(ctx, ciphertext, ciphertext_len);
poly1305_update_length(ctx, ad_len);
poly1305_update_length(ctx, ciphertext_len);
}
static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 12) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
return seal(poly1305_update, ctx, out, out_len, max_out_len, nonce, in,
in_len, ad, ad_len);
}
static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 12) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
return open(poly1305_update, ctx, out, out_len, max_out_len, nonce, in,
in_len, ad, ad_len);
}
static const EVP_AEAD aead_chacha20_poly1305 = {
32, /* key len */
12, /* nonce len */
CHACHA20_NONCE_LEN, /* nonce len */
POLY1305_TAG_LEN, /* overhead */
POLY1305_TAG_LEN, /* max tag length */
aead_chacha20_poly1305_init,
@@ -240,70 +213,8 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
aead_chacha20_poly1305_seal,
aead_chacha20_poly1305_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_chacha20_poly1305_rfc7539(void) {
return &aead_chacha20_poly1305;
}
static void poly1305_update_old(poly1305_state *ctx, const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) {
CRYPTO_poly1305_update(ctx, ad, ad_len);
poly1305_update_length(ctx, ad_len);
CRYPTO_poly1305_update(ctx, ciphertext, ciphertext_len);
poly1305_update_length(ctx, ciphertext_len);
}
static int aead_chacha20_poly1305_old_seal(
const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 8) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
uint8_t nonce_96[12];
memset(nonce_96, 0, 4);
memcpy(nonce_96 + 4, nonce, 8);
return seal(poly1305_update_old, ctx, out, out_len, max_out_len, nonce_96, in,
in_len, ad, ad_len);
}
static int aead_chacha20_poly1305_old_open(
const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 8) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
uint8_t nonce_96[12];
memset(nonce_96, 0, 4);
memcpy(nonce_96 + 4, nonce, 8);
return open(poly1305_update_old, ctx, out, out_len, max_out_len, nonce_96, in,
in_len, ad, ad_len);
}
static const EVP_AEAD aead_chacha20_poly1305_old = {
32, /* key len */
8, /* nonce len */
POLY1305_TAG_LEN, /* overhead */
POLY1305_TAG_LEN, /* max tag length */
aead_chacha20_poly1305_init,
NULL, /* init_with_direction */
aead_chacha20_poly1305_cleanup,
aead_chacha20_poly1305_old_seal,
aead_chacha20_poly1305_old_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void) {
return &aead_chacha20_poly1305_old;
}
const EVP_AEAD *EVP_aead_chacha20_poly1305(void) {
return &aead_chacha20_poly1305_old;
return &aead_chacha20_poly1305;
}
crypto/cipher/e_des.c
+2 -74
View File
@@ -96,31 +96,6 @@ static const EVP_CIPHER des_cbc = {
const EVP_CIPHER *EVP_des_cbc(void) { return &des_cbc; }
static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t in_len) {
if (in_len < ctx->cipher->block_size) {
return 1;
}
in_len -= ctx->cipher->block_size;
EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
size_t i;
for (i = 0; i <= in_len; i += ctx->cipher->block_size) {
DES_ecb_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
&dat->ks.ks, ctx->encrypt);
}
return 1;
}
static const EVP_CIPHER des_ecb = {
NID_des_ecb, 8 /* block_size */, 8 /* key_size */,
0 /* iv_len */, sizeof(EVP_DES_KEY), EVP_CIPH_ECB_MODE,
NULL /* app_data */, des_init_key, des_ecb_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ecb(void) { return &des_ecb; }
typedef struct {
union {
double align;
@@ -151,57 +126,10 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
return 1;
}
static const EVP_CIPHER des_ede3_cbc = {
static const EVP_CIPHER des3_cbc = {
NID_des_ede3_cbc, 8 /* block_size */, 24 /* key_size */,
8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
NULL /* app_data */, des_ede3_init_key, des_ede3_cbc_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des_ede3_cbc; }
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
DES_cblock *deskey = (DES_cblock *) key;
DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
DES_set_key(&deskey[0], &dat->ks.ks[0]);
DES_set_key(&deskey[1], &dat->ks.ks[1]);
DES_set_key(&deskey[0], &dat->ks.ks[2]);
return 1;
}
static const EVP_CIPHER des_ede_cbc = {
NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */,
8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
NULL /* app_data */, des_ede_init_key , des_ede3_cbc_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ede_cbc(void) { return &des_ede_cbc; }
static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len) {
if (in_len < ctx->cipher->block_size) {
return 1;
}
in_len -= ctx->cipher->block_size;
DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
size_t i;
for (i = 0; i <= in_len; i += ctx->cipher->block_size) {
DES_ecb3_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
&dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2],
ctx->encrypt);
}
return 1;
}
static const EVP_CIPHER des_ede_ecb = {
NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */,
0 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_ECB_MODE,
NULL /* app_data */, des_ede_init_key , des_ede_ecb_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; }
const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des3_cbc; }
crypto/cipher/e_rc4.c
-1
View File
@@ -392,7 +392,6 @@ static const EVP_AEAD aead_rc4_md5_tls = {
aead_rc4_md5_tls_seal,
aead_rc4_md5_tls_open,
aead_rc4_md5_tls_get_rc4_state,
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_rc4_md5_tls(void) { return &aead_rc4_md5_tls; }
crypto/cipher/e_ssl3.c
-41
View File
@@ -307,19 +307,6 @@ static int aead_ssl3_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_
return 1;
}
static int aead_ssl3_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_iv_len) {
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
const size_t iv_len = EVP_CIPHER_CTX_iv_length(&ssl3_ctx->cipher_ctx);
if (iv_len <= 1) {
return 0;
}
*out_iv = ssl3_ctx->cipher_ctx.iv;
*out_iv_len = iv_len;
return 1;
}
static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
@@ -353,13 +340,6 @@ static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx,
EVP_sha1());
}
static int aead_null_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(),
EVP_sha1());
}
static const EVP_AEAD aead_rc4_md5_ssl3 = {
MD5_DIGEST_LENGTH + 16, /* key len (MD5 + RC4) */
0, /* nonce len */
@@ -371,7 +351,6 @@ static const EVP_AEAD aead_rc4_md5_ssl3 = {
aead_ssl3_seal,
aead_ssl3_open,
aead_ssl3_get_rc4_state,
NULL, /* get_iv */
};
static const EVP_AEAD aead_rc4_sha1_ssl3 = {
@@ -385,7 +364,6 @@ static const EVP_AEAD aead_rc4_sha1_ssl3 = {
aead_ssl3_seal,
aead_ssl3_open,
aead_ssl3_get_rc4_state,
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = {
@@ -399,7 +377,6 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = {
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
aead_ssl3_get_iv,
};
static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = {
@@ -413,7 +390,6 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = {
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
aead_ssl3_get_iv,
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = {
@@ -427,21 +403,6 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = {
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
aead_ssl3_get_iv,
};
static const EVP_AEAD aead_null_sha1_ssl3 = {
SHA_DIGEST_LENGTH, /* key len */
0, /* nonce len */
SHA_DIGEST_LENGTH, /* overhead (SHA1) */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_null_sha1_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; }
@@ -459,5 +420,3 @@ const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void) {
const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void) {
return &aead_des_ede3_cbc_sha1_ssl3;
}
const EVP_AEAD *EVP_aead_null_sha1_ssl3(void) { return &aead_null_sha1_ssl3; }
crypto/cipher/e_tls.c
+3 -49
View File
@@ -444,26 +444,6 @@ static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx,
return 1;
}
static int aead_tls_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_iv_len) {
const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX*) ctx->aead_state;
const size_t iv_len = EVP_CIPHER_CTX_iv_length(&tls_ctx->cipher_ctx);
if (iv_len <= 1) {
return 0;
}
*out_iv = tls_ctx->cipher_ctx.iv;
*out_iv_len = iv_len;
return 1;
}
static int aead_null_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(),
EVP_sha1(), 1 /* implicit iv */);
}
static const EVP_AEAD aead_rc4_sha1_tls = {
SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */
0, /* nonce len */
@@ -475,7 +455,6 @@ static const EVP_AEAD aead_rc4_sha1_tls = {
aead_tls_seal,
aead_tls_open,
aead_rc4_sha1_tls_get_rc4_state, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_128_cbc_sha1_tls = {
@@ -489,7 +468,6 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls = {
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = {
@@ -503,21 +481,19 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = {
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
aead_tls_get_iv, /* get_iv */
};
static const EVP_AEAD aead_aes_128_cbc_sha256_tls = {
SHA256_DIGEST_LENGTH + 16, /* key len (SHA256 + AES128) */
16, /* nonce len (IV) */
16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */
SHA256_DIGEST_LENGTH, /* max tag length */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_aes_128_cbc_sha256_tls_init,
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_256_cbc_sha1_tls = {
@@ -531,7 +507,6 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls = {
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = {
@@ -545,35 +520,32 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = {
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
aead_tls_get_iv, /* get_iv */
};
static const EVP_AEAD aead_aes_256_cbc_sha256_tls = {
SHA256_DIGEST_LENGTH + 32, /* key len (SHA256 + AES256) */
16, /* nonce len (IV) */
16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */
SHA256_DIGEST_LENGTH, /* max tag length */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_aes_256_cbc_sha256_tls_init,
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_256_cbc_sha384_tls = {
SHA384_DIGEST_LENGTH + 32, /* key len (SHA384 + AES256) */
16, /* nonce len (IV) */
16 + SHA384_DIGEST_LENGTH, /* overhead (padding + SHA384) */
SHA384_DIGEST_LENGTH, /* max tag length */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_aes_256_cbc_sha384_tls_init,
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = {
@@ -587,7 +559,6 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = {
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = {
@@ -601,21 +572,6 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = {
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
aead_tls_get_iv, /* get_iv */
};
static const EVP_AEAD aead_null_sha1_tls = {
SHA_DIGEST_LENGTH, /* key len */
0, /* nonce len */
SHA_DIGEST_LENGTH, /* overhead (SHA1) */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_null_sha1_tls_init,
aead_tls_cleanup,
aead_tls_seal,
aead_tls_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; }
@@ -655,5 +611,3 @@ const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void) {
const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void) {
return &aead_des_ede3_cbc_sha1_tls_implicit_iv;
}
const EVP_AEAD *EVP_aead_null_sha1_tls(void) { return &aead_null_sha1_tls; }
crypto/cipher/internal.h
-3
View File
@@ -96,9 +96,6 @@ struct evp_aead_st {
size_t ad_len);
int (*get_rc4_state)(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key);
int (*get_iv)(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_len);
};
crypto/cipher/test/aes_128_gcm_tests.txt
-105
View File
@@ -1,6 +1,3 @@
# The AES-128-GCM test cases from cipher_test.txt have been merged into this
# file.
KEY: d480429666d48b400633921c5407d1d1
NONCE: 3388c676dc754acfa66e172a
IN:
@@ -427,105 +424,3 @@ IN: 48656c6c6f2c20576f726c64
AD:
CT: cec189d0e8419b90fb16d555
TAG: 32893832a8d609224d77c2e56a922282
# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
KEY: 00000000000000000000000000000000
NONCE: 000000000000000000000000
IN: ""
CT: ""
AD: ""
TAG: 58e2fccefa7e3061367f1d57a4e7455a
KEY: 00000000000000000000000000000000
NONCE: 000000000000000000000000
IN: 00000000000000000000000000000000
CT: 0388dace60b6a392f328c2b971b2fe78
AD: ""
TAG: ab6e47d42cec13bdf53a67b21257bddf
KEY: feffe9928665731c6d6a8f9467308308
NONCE: cafebabefacedbaddecaf888
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
CT: 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985
AD: ""
TAG: 4d5c2af327cd64a62cf35abd2ba6fab4
KEY: feffe9928665731c6d6a8f9467308308
NONCE: cafebabefacedbaddecaf888
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
CT: 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091
AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
TAG: 5bc94fbc3221a5db94fae95ae7121a47
KEY: feffe9928665731c6d6a8f9467308308
NONCE: cafebabefacedbad
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
CT: 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598
AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
TAG: 3612d2e79e3b0785561be14aaca2fccb
KEY: feffe9928665731c6d6a8f9467308308
NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
CT: 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5
AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
TAG: 619cc5aefffe0bfa462af43c1699d050
# local add-ons, primarily streaming ghash tests
# 128 bytes AD
KEY: 00000000000000000000000000000000
NONCE: 000000000000000000000000
IN: ""
CT: ""
AD: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad
TAG: 5fea793a2d6f974d37e68e0cb8ff9492
# 48 bytes plaintext
KEY: 00000000000000000000000000000000
NONCE: 000000000000000000000000
IN: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CT: 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0
AD: ""
TAG: 9dd0a376b08e40eb00c35f29f9ea61a4
# 80 bytes plaintext
KEY: 00000000000000000000000000000000
NONCE: 000000000000000000000000
IN: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CT: 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291
AD: ""
TAG: 98885a3a22bd4742fe7b72172193b163
# 128 bytes plaintext
KEY: 00000000000000000000000000000000
NONCE: 000000000000000000000000
IN: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CT: 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40
AD: ""
TAG: cac45f60e31efd3b5a43b98a22ce1aa1
# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
KEY: 00000000000000000000000000000000
NONCE: ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
IN: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CT: 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606
AD: ""
TAG: 566f8ef683078bfdeeffa869d751a017
# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF
KEY: 00000000000000000000000000000000
NONCE: ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
IN: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CT: 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c
AD: ""
TAG: 8b307f6b33286d0ab026a9ed3fe1e85f
# 80 bytes plaintext, submitted by Intel
KEY: 843ffcf5d2b72694d19ed01d01249412
NONCE: dbcca32ebf9b804617c3aa9e
IN: 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
AD: 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f
CT: 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5
TAG: 3b629ccfbc1119b7319e1dce2cd6fd6d
crypto/cipher/test/aes_256_gcm_tests.txt
-46
View File
@@ -1,6 +1,3 @@
# The AES-256-GCM test cases from cipher_test.txt have been merged into this
# file.
KEY: e5ac4a32c67e425ac4b143c83c6f161312a97d88d634afdf9f4da5bd35223f01
NONCE: 5bf11a0951f0bfc7ea5c9e58
IN:
@@ -421,46 +418,3 @@ AD: 2134f74e882a44e457c38b6580cd58ce20e81267baeb4a9d50c41ababc2a91ddf300c3996364
CT: 0fe35823610ea698aeb5b571f3ebbaf0ac3586ecb3b24fcc7c56943d4426f7fdf4e4a53fb430751456d41551f8e5502faa0e1ac5f452b27b13c1dc63e9231c6b192f8dd2978300293298acb6293459d3204429e374881085d49ed6ad76f1d85e3f6dd5455a7a5a9d7127386a30f80658395dc8eb158e5ca052a7137feef28aa247e176cceb9c031f73fb8d48139e3bdb30e2e19627f7fc3501a6d6287e2fb89ad184cefa1774585aa663586f289c778462eee3cd88071140274770e4ed98b9b83cd4fa659fcdd2d1fde7e58333c6cf7f83fe285b97ad8f276a375fafa15f88e6167f5f2bfb95af1aefee80b0620a9bc09402ab79036e716f0c8d518ae2fa15094f6ea4c5e8b283f97cc27f2f1d0b6367b4b508c7bad16f1539325751bd785e9e08cd508bdb3b84
TAG: 1976d7e121704ce463a8d4fe1b93d90f
# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
KEY: 0000000000000000000000000000000000000000000000000000000000000000
NONCE: 000000000000000000000000
IN: ""
CT: ""
AD: ""
TAG: 530f8afbc74536b9a963b4f1c4cb738b
KEY: 0000000000000000000000000000000000000000000000000000000000000000
NONCE: 000000000000000000000000
IN: 00000000000000000000000000000000
CT: cea7403d4d606b6e074ec5d3baf39d18
AD: ""
TAG: d0d1c8a799996bf0265b98b5d48ab919
KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
NONCE: cafebabefacedbaddecaf888
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
CT: 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad
AD: ""
TAG: b094dac5d93471bdec1a502270e3cc6c
KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
NONCE: cafebabefacedbaddecaf888
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
CT: 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662
AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
TAG: 76fc6ece0f4e1768cddf8853bb2d551b
KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
NONCE: cafebabefacedbad
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
CT: c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f
AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
TAG: 3a337dbf46a792c45e454913fe2ea8f2
KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
CT: 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f
AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
TAG: a44a8266ee1c8eb0c8b5d4cf5ae9f19a
crypto/cipher/test/chacha20_poly1305_old_tests.txt
-422
View File
@@ -1,422 +0,0 @@
KEY: 9a97f65b9b4c721b960a672145fca8d4e32e67f9111ea979ce9c4826806aeee6
NONCE: 3de9c0da2bd7f91e
IN: ""
AD: ""
CT: ""
TAG: 5a6e21f4ba6dbee57380e79e79c30def
KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5
NONCE: 1e8b4c510f5ca083
IN: 8c8419bc27
AD: 34ab88c265
CT: 1a7c2f33f5
TAG: 2875c659d0f2808de3a40027feff91a4
KEY: 4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007
NONCE: cd7cf67be39c794a
IN: 86d09974840bded2a5ca
AD: 87e229d4500845a079c0
CT: e3e446f7ede9a19b62a4
TAG: 677dabf4e3d24b876bb284753896e1d6
KEY: 422a5355b56dcf2b436aa8152858106a88d9ba23cdfe087b5e74e817a52388b3
NONCE: 1d12d6d91848f2ea
IN: 537a645387f22d6f6dbbea568d3feb
AD: bef267c99aec8af56bc238612bfea6
CT: 281a366705c5a24b94e56146681e44
TAG: 38f2b8ee3be44abba3c010d9cab6e042
KEY: ec7b864a078c3d05d970b6ea3ba6d33d6bb73dfa64c622a4727a96ede876f685
NONCE: 2bca0e59e39508d3
IN: b76733895c871edd728a45ed1a21f15a9597d49d
AD: cc1243ea54272db602fb0853c8e7027c56338b6c
CT: 1fb9b2958fce47a5cada9d895fbb0c00d3569858
TAG: 042ad5042c89ebc1aad57d3fb703d314
KEY: 2c4c0fdb611df2d4d5e7898c6af0022795364adb8749155e2c68776a090e7d5c
NONCE: 13ce7382734c4a71
IN: 0dc6ff21a346e1337dd0db81d8f7d9f6fd1864418b98aadcdb
AD: 0115edcb176ab8bfa947d1f7c3a86a845d310bf6706c59a8f9
CT: dad65e4244a1a17ce59d88b00af4f7434bd7830ffdd4c5558f
TAG: ac1437b45d8eacf9c0fe547c84fb82a2
KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865
NONCE: 5d9856060c54ab06
IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e
AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51
CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36
TAG: 6dd98710d8a889dceea0d0a936f98617
KEY: a8b9766f404dea8cf7d7dfaf5822f53df9ccd092e332a57f007b301b507d5e14
NONCE: c7f2f7a233104a2d
IN: 4d6faeaee39179a7c892faae3719656cc614c7e6ecd8fcb570a3b82c4dace969090338
AD: c6d83b6a56408a356e68d0494d4eff150530b09551d008373d6dee2b8d6b5619d67fdb
CT: a15443f083316eef627a371f4c9ac654d0dd75255d8a303125e9f51af4233ff4ceb7fe
TAG: 52504e880f6792a60708cc6db72eae42
KEY: 5e8d0e5f1467f7a750c55144d0c670f7d91075f386795b230c9bf1c04ba250bc
NONCE: 88049f44ba61b88f
IN: 51a1eebcc348e0582196a0bce16ed1f8ac2e91c3e8a690e04a9f4b5cf63313d7ad08d1efbff85c89
AD: 5d09bf0be90026f9fc51f73418d6d864b6d197ea030b3de072bd2c2f5cab5860a342abbd29dba9dc
CT: 35aa4bd4537aa611fd7578fc227df50ebcb00c692a1cf6f02e50ed9270bd93af3bc68f4c75b96638
TAG: ccea1cbbc83944cc66df4dbf6fb7fc46
KEY: 21a9f07ec891d488805e9b92bb1b2286f3f0410c323b07fee1dc6f7379e22e48
NONCE: 066215be6567377a
IN: c1b0affaf2b8d7ef51cca9aacf7969f92f928c2e3cc7db2e15f47ee1f65023910d09f209d007b7436ee898133d
AD: dfdfdf4d3a68b47ad0d48828dc17b2585da9c81c3a8d71d826b5fa8020fee002397e91fc9658e9d61d728b93eb
CT: 8ff4ceb600e7d45696d02467f8e30df0d33864a040a41ffb9e4c2da09b92e88b6f6b850e9f7258d827b9aaf346
TAG: 4eeddc99784011f0758ba5ebfba61827
KEY: 54c93db9aa0e00d10b45041c7a7e41ee9f90ab78ae4c1bba18d673c3b370abde
NONCE: 3f2d44e7b352360f
IN: 1241e7d6fbe5eef5d8af9c2fb8b516e0f1dd49aa4ebe5491205194fe5aea3704efaf30d392f44cc99e0925b84460d4873344
AD: f1d1b08dd6fe96c46578c1d1ad38881840b10cb5eae41e5f05fe5287223fa72242aea48cb374a80be937b541f9381efa66bb
CT: 027b86865b80b4c4da823a7d3dbcf5845bf57d58ee334eb357e82369cc628979e2947830d9d4817efd3d0bc4779f0b388943
TAG: 4303fa0174ac2b9916bf89c593baee37
KEY: 808e0e73e9bcd274d4c6f65df2fe957822a602f039d4752616ba29a28926ef4a
NONCE: 1b9cd73d2fc3cb8e
IN: 3436c7b5be2394af7e88320c82326a6db37887ff9de41961c7d654dd22dd1f7d40444d48f5c663b86ff41f3e15b5c8ca1337f97635858f
AD: d57cfbe5f2538044282e53b2f0bb4e86ea2233041fb36adb8338ded092148f8c2e894ef8766a7ec2dd02c6ac5dbab0c3703c5e9119e37c
CT: 9b950b3caf7d25eaf5fca6fa3fe12ed077d80dcd5579851233c766bb8bb613ec91d925a939bb52fb88d5eda803cfe2a8cda2e055b962fd
TAG: 6bf5b718f5bbe1395a5fdfcbbef752f5
KEY: 4adfe1a26c5636536cd7cb72aa5bded0b1aa64487ad0e4078f311e8782768e97
NONCE: d69e54badec11560
IN: 19b3f9411ce875fcb684cbdc07938c4c1347e164f9640d37b22f975b4b9a373c4302ae0e7dfdeba1e0d00ced446e338f4c5bc01b4becef5115825276
AD: bda1b0f6c2f4eb8121dcbd2eebd91a03ae1d6e0523b9b6f34b6f16ceca0d086654fb0552bfd5c8e1887730e1449ea02d7f647ae835bc2dab4bbc65b9
CT: ea765a829d961e08bacaed801237ef4067df38ad3737b7c6de4db587a102a86fc4abbaabea0ee97c95ca7f571c7bab6f38cbae60cd6e6a4ce3c7a320
TAG: b425cdf10cd0123a7e64b347c6b4b1f0
KEY: eb3db86c14b7cc2e494345d0dfb4841bbd3aa1e2bc640cca0c6c405520685639
NONCE: 88b54b28d6da8c81
IN: f75c0a357271430b1ecff07a307b6c29325c6e66935046704a19845e629f87a9e3b8aa6c1df55dd426a487d533bb333e46f0d3418464ac1bef059231f8e87e6284
AD: 34b08bb0df821c573dcb56f5b8b4a9920465067f3b5bf3e3254ea1da1a7fc9847fd38bdfe6b30927945263a91fa288c7cf1bee0fddb0fadf5948c5d83eb4623575
CT: 146ec84f5dc1c9fe9de3307a9182dbaa75965bf85f5e64563e68d039a5b659aa8863b89228edb93ff3d8c3323ab0d03300476aa4aca206d4626a6b269b2078912d
TAG: 0058a8dff32c29935c62210c359bd281
KEY: dd5b49b5953e04d926d664da3b65ebcffbbf06abbe93a3819dfc1abbecbaab13
NONCE: c5c8009459b9e31a
IN: f21f6706a4dc33a361362c214defd56d353bcb29811e5819ab3c5c2c13950c7aa0000b9d1fe69bb46454514dcce88a4a5eda097c281b81e51d6a4dba47c80326ba6cea8e2bab
AD: fe6f4cbb00794adea59e9de8b03c7fdf482e46f6c47a35f96997669c735ed5e729a49416b42468777e6a8d7aa173c18b8177418ded600124a98cbb65489f9c24a04f1e7127ce
CT: 911ead61b2aa81d00c5eff53aeea3ab713709ed571765890d558fb59d3993b45f598a39e5eff4be844c4d4bd1ef9622e60412b21140007d54dcf31b2c0e3e98cf33a00fd27f0
TAG: d38d672665e2c8c4a07954b10ecff7d9
KEY: 3b319e40148a67dc0bb19271d9272b327bc5eee087173d3d134ad56c8c7dc020
NONCE: ce5cf6fef84d0010
IN: 27b5627b17a2de31ad00fc2ecb347da0a399bb75cc6eadd4d6ee02de8fbd6a2168d4763ba9368ba982e97a2db8126df0343cdad06d2bc7d7e12eec731d130f8b8745c1954bfd1d717b4ea2
AD: a026b6638f2939ec9cc28d935fb7113157f3b5b7e26c12f8f25b36412b0cd560b7f11b62788a76bd171342e2ae858bcecb8266ff8482bbaed593afe818b9829e05e8e2b281ae7799580142
CT: 368fb69892447b75778f1c5236e1e9d5d89255c3d68d565a5bba4f524d6ad27de13087f301e2ef4c08f5e2c6128b1d3e26de845c4ac4869e4c8bd8858ad0d26dec3b5d61a9e3666a3911ba
TAG: 2e70564c3999c448d92cc6df29d095c4
KEY: 43bf97407a82d0f684bb85342380d66b85fcc81c3e22f1c0d972cd5bfdf407f4
NONCE: 8b6ba494c540fba4
IN: 4b4c7e292a357f56fdf567c32fc0f33608110d7ce5c69112987d7b5a0bd46d8627a721b0aed070b54ea9726084188c518cba829f3920365afc9382c6a5eb0dd332b84612366735be2479b63c9efc7ff5
AD: 1e0acf4070e8d6758b60d81b6d289a4ecdc30e3de4f9090c13691d5b93d5bbcef984f90956de53c5cf44be6c70440661fa58e65dec2734ff51d6d03f57bddda1f47807247e3194e2f7ddd5f3cafd250f
CT: d0076c88ad4bc12d77eb8ae8d9b5bf3a2c5888a8d4c15297b38ece5d64f673191dc81547240a0cbe066c9c563f5c3424809971b5a07dcc70b107305561ce85aecb0b0ea0e8b4ff4d1e4f84836955a945
TAG: 75c9347425b459af6d99b17345c61ff7
KEY: 12fc0bc94104ed8150bde1e56856ce3c57cd1cf633954d22552140e1f4e7c65d
NONCE: d3875d1b6c808353
IN: 24592082d6e73eb65c409b26ceae032e57f6877514947fc45eb007b8a6034494dde5563ac586ea081dc12fa6cda32266be858e4748be40bb20f71320711bf84c3f0e2783a63ad6e25a63b44c373a99af845cdf452c
AD: b8be08463e84a909d071f5ff87213391b7da889dc56fd2f1e3cf86a0a03e2c8eaa2f539bf73f90f5298c26f27ef4a673a12784833acb4d0861562142c974ee37b09ae7708a19f14d1ad8c402bd1ecf5ea280fab280
CT: 9d9ae6328711fb897a88462d20b8aa1b278134cdf7b23e1f1c809fa408b68a7bfc2be61a790008edaa98823381f45ae65f71042689d88acfa5f63332f0fba737c4772c972eba266640056452903d6522cefd3f264e
TAG: e9c982d4ade7397bcfaa1e4c5a6cd578
KEY: 7b6300f7dc21c9fddeaa71f439d53b553a7bf3e69ff515b5cb6495d652a0f99c
NONCE: 40b32e3fdc646453
IN: 572f60d98c8becc8ba80dd6b8d2d0f7b7bbfd7e4abc235f374abd44d9035c7650a79d1dd545fa2f6fb0b5eba271779913e5c5eb450528e4128909a96d11a652bf3f7ae9d0d17adbf612ec9ca32e73ef6e87d7f4e21fe3412ce14
AD: 9ff377545a35cf1bfb77c734ad900c703aee6c3174fdb3736664863036a3a9d09163c2992f093e2408911b8751f001e493decc41e4eeeed04f698b6daed48452a7e1a74ec3b4f3dcf2151ca249fa568aa084c8428a41f20be5fd
CT: 229da76844426639e2fd3ef253a195e0a93f08452ba37219b6773f103134f3f87b1345f9b4bf8cfc11277c311780a2b6e19a363b6ac2efe6c4cc54a39b144e29c94b9ebbde6fd094c30f59d1b770ebf9fcad2a5c695dc003bf51
TAG: b72acab50131a29558d56ae7b9d48e4e
KEY: 4aeb62f024e187606ee7cc9f5865c391c43df1963f459c87ba00e44bb163a866
NONCE: 9559bd08718b75af
IN: c5d586ceece6f41812c969bcf1e727fe6ff8d1ae8c8c52367c612caa7cdf50e0662f5dffc5ea7d3cc39400dfe3dc1897905f6490fd7747b5f5f9842739c67d07ce7c339a5b3997a7fb4cd0d8e4817ff8916b251c11ef919167f858e41504b9
AD: 51f5b503b73a5de8b96534c2a3f2d859ece0bd063ea6dfa486a7eec99f6c020983f7148cccb86202cf9685cc1cc266930f04e536ad8bc26094252baa4606d883bd2aeed6b430152202e9b6cc797ff24fc365315ed67391374c1357c9a845f2
CT: 252ea42b6e5740306816974a4fe67b66e793ebe0914778ef485d55288eb6c9c45fa34ac853dc7a39252520514c3cb34c72b973b14b32bc257687d398f36f64cc2a668faffa7305ab240171343b5f9f49b6c2197e4fbe187b10540d7cdcfa37
TAG: 711ff33ef8d2b067a1b85c64f32f1814
KEY: 9a19e72f005cae1ae78b8e350d7aabe59fc8845999e8c52fad545b942c225eaf
NONCE: d9dae2ea8d2ffc31
IN: 2110378d856ded07eb2be8e8f43308e0c75bc8a3fcc7b1773b0725b7de49f6a166c4528e64120bdf7c9776615d3ce6feeb03de964a7b919206a77392f80437faceb6745845cafc166e1c13b68e70ca2a1d00c71737b8fcbbbd50902565c32159e05fcd23
AD: 1cd73b72c4e103afbefd7c777e0480f3f5e68c60b85bd2e71ef5caebb175d7fc6535d39f38f92c24f2eb0fe97d878ed3d5967c0bb4394a5d41f7d34cda6e1523d3848f049cde554a7d31e1afeab5d3e6150f85858335cbd28c8a7f87d528058df50eea06
CT: 5f009fbce4ec8e4ca9d8d42258b1a3e4e920b2fbad33d5e9f07557d9595e841025193b521ba440110dd83958e8ee30219d952b418e98a6c624894aa248aedc0678f2d263e7bfaf54ca379fef6c5d2f7ac422ea4b4369408b82d6225a7a2cf9a9f46fd4ef
TAG: aa0a5fa7d3cf717a4704a59973b1cd15
KEY: ba1d0b3329ecc009f1da0fab4c854b00ad944870fdca561838e38bad364da507
NONCE: 8a81c92b37221f2f
IN: 6289944ffa3ccea4bf25cd601b271f64e6deb0eba77d65efb4d69ca93e01996e4727168b6f74f3ccf17bd44715f23ceb8fc030c0e035e77f53263db025021fd2d04b87a1b54b12229c5e860481452a80a125cb0693a2ba1b47e28ee7cbaf9e683c178232c7f6d34f97
AD: e57883961b8d041d9b9eeaddcfd61fa9f59213f66571fadffffdd1498b9b014f1ef2e7e56c3044d7f9fa7a1403a1169e86430a2a782137093f5456e142aad03a5f7a66d38009dd01b7fc02c9cf61642dedaf7cc8d46066c281ee17780674c3a36eae66c58d2d765075
CT: 9c44d9135db0dbf81c862c1f69bec55a279794cdd29a58e61909aa29ec4c120c9c5a508d856b9e56138095714a4bb58402a1ad06774cf4ecdf2273839c0007cb88b5444b25c76f6d2424281101d043fc6369ebb3b2ff63cdb0f11a6ea1b8a7dafc80cdaef2813fa661
TAG: 65c746f659bcbdcd054e768c57c848c9
KEY: 0cf8c73a6cffc1b8b2f5d320da1d859d314374e4a9468db7fd42c8d270b7613a
NONCE: 3c4c6f0281841aff
IN: 4434728d234603c916e2faa06b25d83bad3348990ecde2344368d1a7af1309bd04251bb2e0b72044948f8dea33cce2618283b6af742073a9586b26c1089335fe735141e099785a1235810a3a67ff309e2f0ce68220ba0077ad1a5dc1a4aef898a3b9ff8f5ad7fe60149bd0bd6d83
AD: a38d09a4f1c9241623c639b7688d8d35345ea5824080c9d74e4352919db63c74d318f19e1cbb9b14eebd7c74b0ad0119247651911f3551583e749ea50ff648858dcaaa789b7419d9e93a5bf6c8167188dbac2f36804380db325201982b8b06597efeb7684546b272642941591e92
CT: bdfbfea261b1f4c134445321db9e6e40476e2dd2f4e4dbe86e31d6a116d25830762e065b07b11a3799aab93a94b4f98c31c0faeb77ec52c02048e9579257e67f5a6bae9bc65210c25b37fc16ee93bda88fd5f30a533e470b6188c6ce5739fa3e90f77120b490fc1027964f277f40
TAG: 4993ee9582f58eabdb26b98c4d56a244
KEY: 69f4e5788d486a75adf9207df1bd262dd2fe3dd3a0236420390d16e2a3040466
NONCE: 6255bf5c71bb27d1
IN: c15048ca2941ef9600e767a5045aa98ac615225b805a9fbda3ac6301cd5a66aef611400fa3bc04838ead9924d382bef8251a47f1e487d2f3ca4bccd3476a6ca7f13e94fd639a259ef23cc2f8b8d248a471d30ac9219631c3e6985100dc45e0b59b8fc62046309165ddb6f092da3a4f067c8a44
AD: 0c83039504c8464b49d63b7f944802f0d39c85e9f3745e250f10119fa2c960490f75ae4dced8503b156d072a69f20400e9494ab2fa58446c255d82ff0be4b7e43046580bc1cf34060c6f076c72ea455c3687381a3b908e152b10c95c7b94155b0b4b303b7764a8a27d1db0a885f1040d5dbcc3
CT: f0bb2b73d94f2a7cef70fe77e054f206998eacf2b86c05c4fa3f40f2b8cebf034fe17bcbee4dea821f51c18c0aa85b160f8508bd1dc455cc7f49668b1fb25557cdae147bf2399e07fcacaca18eccded741e026ef25365a6b0f44a6b3dd975ee6bb580f5fccd040b73c18b0fbf8f63199ba10fe
TAG: 4236a8750f0cafee3c4a06a577a85cb3
KEY: ad7b9409147a896648a2a2fe2128f79022a70d96dc482730cd85c70db492b638
NONCE: a28a6dedf3f2b01a
IN: 791d293ff0a3b8510b4d494b30f50b38a01638bf130e58c7601904f12cb8900871e8cf3d50abd4d34fda122c76dfee5b7f82cd6e8590647535c915ae08714e427da52f80aef09f40040036034ca52718ea68313c534e7a045cd51745ec52f2e1b59463db07de7ca401c6f6453841d247f370341b2dbc1212
AD: 9a6defddb9b8d5c24a26dd8096f5b8c3af7a89e1f7d886f560fabbe64f14db838d6eb9d6879f4f0b769fe1f9eebf67fcd47b6f9ceb4840b2dba7587e98dc5cae186ef2a0f8601060e8058d9dda812d91387c583da701d2ba3347f285c5d44385a2b0bf07150cbc95e7fcfa8ae07132849a023c98817c03d2
CT: c2f109d6d94f77a7289c8a2ab33bc6a98d976554721b0c726cbf4121069473e62ba36e7090e02414f3edc25c5d83ac80b49ad528cda1e3ad815b5a8c8ae9ad0753de725319df236983abd3f69ab4465d9b806c075b1896d40bdba72d73ba84c4a530896eb94ffccf5fb67eb59119e66a1861872218f928cf
TAG: e48dc0153d5b0f7edb76fc97a0224987
KEY: 48470da98228c9b53f58747673504f74ca1737d7d4bb6dbf7c0cba6ca42f80b9
NONCE: 56fb4923a97e9320
IN: bc6626d651e2b237f22ee51608ddcffeba5f31c26df72f443f701f2b085d6f34f806e29673584cb21522179edb62a82427d946acabce065b88b2878e9eb87ed1004e55ef58f51ec46375ac542c5782725ff013136cb506fcf99496e13fcd224b8a74a971cc8ddb8b393ccc6ac910bd1906ea9f2ed8a5d066dc639c20cd
AD: df8ab634d3dca14e2e091b15ecc78f91e229a1a13cba5edd6526d182525ec575aa45bc70fb6193ffcd59bad3c347159099c4f139c323c30a230753d070018786b2e59b758dd4a97d1a88e8f672092bef780b451fd66ba7431cbb5660ea7816cdf26e19a6ebb9aadc3088e6923f29f53f877a6758068f79a6f2a182b4bf
CT: a62e313ecf258cc9087cbb94fcc12643eb722d255c3f98c39f130e10058a375f0809662442c7b18044feb1602d89be40facae8e89ca967015f0b7f8c2e4e4a3855dbb46a066e49abf9cef67e6036400c8ff46b241fc99ba1974ba3ba6ea20dc52ec6753f6fc7697adbccd02b0bbea1df8352629b03b43cc3d632576787
TAG: 675287f8143b9b976e50a80f8531bd39
KEY: b62fb85c1decd0faf242ce662140ad1b82975e99a3fa01666cac2385ab91da54
NONCE: 2f4a5ca096a4faf8
IN: 03b14f13c0065e4a4421de62ab1d842bffb80f3da30bf47d115c09857f5bdd5756fd7c9ac3d9af1c9fb94f2640f7f4386cfba74db468e5288dbe4dd78bfe4f69e41480ca6138e8beacc6eaa3374157c713cfa900c07dd836eaecc8827fa3e70e052ae09e8473e2ae1a10b1bb669ef60a8dd957f6553daa8114918e17371f2ac327bd
AD: cfe3b7ab7550b0e8e2e8235fa0dcef95647ce6814abd3dc3f5a3bd7d6d282504660c34ad8341e4d11402c7d46c83a494d7ddb105e1002979023e0e3dc2978c9ae53e10eb8567e7a02b60e51e945c7040d832ca900d132b4205a35034fed939a1b7965183c25654931a9b744401c4649c945710b0d9733b87451348b32ba81de30ea7
CT: 8965db3d3ae4fb483208f147276e7d81b71a86e7202ffc9b1eaade009bc016838dc09ca4bcf30887b2f4243fbd652cd90ebed1ceef8151ff17ea70518d03b0f2a24960aa7de9b30fa65c2e2d57360061aae6d9376e984e9fcd5e5dd0911a4bc8deca832ffb76f252bd7da523076593ba6b174f7d9fb0377e066ecbb6638036241e86
TAG: 3d0fc53e9058c2be32aa0850e0fab5a6
KEY: de9c657258774d4ebc09d109a0fc79d66493ae578797cac4eb8830a6a4b547e0
NONCE: b5e35fe3398efa34
IN: 4d68fb683aa4f4c7a16ba1114fc0b1b8d8898610fa2763e435ded8771b3651078bef73d4dfd14e76a34cd5eb9ef4db4ead4da9e83f4ce50fe059977b2d17d687c29335a04d87389d211f8215449749969f7652dc1935a0f9a94538dc81dc9a39af63446a6517609076987920547d0098a9c6766cf5e704883ea32feaea1889b1554b5eb0ce5ecc
AD: 436ea5a5fee8293b93e4e8488116c94d3269c19f1d5050def23d280515457b931bbed64a542b317cc5023d648330a4b7adca14dd6f3783207b94f86ccaa0a0ac39b7db00ac87a99e3cd8a764ed9c75da8454479636ab2b29e770b166a5b75cacc425c919bf1ce9ac34afe6b4425c3d9fd2e48bc81e7d15516d60e592bfcc2ebefb660f0995f2b5
CT: 97a97b8f0f5420845ae8d57567f9bba693d30e6db916fad0b971f553ad7d993f806f27ab8b458d8046062ced4778c004b4f958a4436141637c6039963308dea2f54008b7feab79650295ed41bf9e65e1a2d75ab1c7b2a70ebb9e9f38d07a9a672d3e95ea78afe9ac02f2566b48b0251aef6eeeca8bd15bd8d43b559426aa9d15d960ee35cb3edf
TAG: e55dbb21851e8a5b365f86d02518331c
KEY: 6885bd333c336c7672db8ebdf24c1a1b605c5a4ae279f0f698162f47e6c73401
NONCE: f0c4a213a6168aab
IN: fa905a2bfa5b5bad767239fb070a7bc0b303d1503ecd2b429418cc8feba843e5444ed89022fdb379c3b155a0f9ceab2979000a0f60292a631771f2fde4ef065aa746426609082969530a9c70ad145308c30ba389ea122fd766081511a031ce3a0bd9f9f583c7000b333b79ac004fbde6ec3eb2d905977ff95dcff77858e3c424fe8932a6a12139e6ec8d5e98
AD: 8ded368f919efb522bb6a9ad009e02ffbc6a16536e34d95cdb34f1153d7cb7b0f3c2b13dd05cedae27cfe68ec3aca8047e0930a29c9d0770c1b83c234dcb0385deae7ae85da73a5f8de3dfb28612a001f4e552c4f67ae0e2ec53853289b7017a58591fd6f70b0e954876bb2f7ec33001e298856a64bb16181017ba924648c09fc63c62eff262c80d614679bd
CT: 0cb3d6c31e0f4029eca5524f951244df042fc637c4162511fea512a52d3f7581af097eb642e79e48666cb1086edbd38c4777c535a20945fabc23e7c9277e2b960aac46865f1026eb6da82759108b9baece5da930ccfc1052b1656b0eadaa120ed0c45ad04b24ae8cdb22ceab76c5f180b46a392ab45b1b99c612546e6b947f4d5c06ad5abee92ff96345ad43
TAG: d3b541ac446c84626daf800c0172eec6
KEY: fbc978abb1240a6937ccc16735b8d6ed5411cdbc1897214165a174e16f4e699b
NONCE: 7968379a8ce88117
IN: 1a8196cd4a1389ec916ef8b7da5078a2afa8e9f1081223fa72f6524ac0a1a8019e44a09563a953615587429295052cc904b89f778ef446ed341430d7d8f747cf2db4308478524639f44457253ae5a4451c7efca8ae0b6c5c051aaa781e9c505489b381a6dcba87b157edc7f820a8fbaf2a52e484dc121f33d9d8b9ac59d4901d6ed8996ed4f62d9d4d82274c449cd74efa
AD: 3913cd01299b8a4e507f067d887d7e9a6ded16dd9f9bb3115c5779aa14239fd33ee9f25756d45262dc3011069356425b5c81a4729594e17c9747119f81463e85625d5603d05e00f568b0c800bb181eb717be8d7a93166a504ce1bc817e15530c5bd2b3df1d4222245ea78a38bc10f66c5cf68d661503131f11af885c8a910b6dce70bc3a7448dfae00595beb707fe054d3
CT: d152bcb4c24c3711b0fad28548dc4db605bbc89237cdbea7dbf956b8855d1161a0781f27bd56d798141e2ace339955efb98fe05d9b44cd011e645106bf47726183958cb6df34ce5766695f60bc70b6fe0fabb9afa009a8ef043dbf75f861881368fa07726625448fe608d578cdc48277f2dc53eaaf1bdc075269a42f9302a57cad387a82c6969608acacda20e1cac4596c
TAG: 945dca73cf2f007ae243991c4fbe0479
KEY: 77d1a857fbadfe01aba7974eea2dfb3dc7bf41de73686aece403993e5016c714
NONCE: fdd913a321c40eb0
IN: db8915bfe651e2ecb3ce0b27d99a6bfa7a7c507cfcb2987293018636c365a459c6a138b4428be538413db15bda69e697cbb92b154b7f4d2cbb07965225aa6865d7dcd1ba2c17c484b00b1986fed63e889f25a4966dc3ed4273f1577768f665362d7d3e824484f0dded7f82b8be8797ad951719719365e45abbf76324bc7d657799d4d4f4bb1dba67d96ab1c88519a5bee704f7214814
AD: 3cb2c06c20cb0832bbacebfc205d77393ca1816346ea2681de4d3ab1fadb774ad273e4713290454496f5281ebc65e04cfe84ed37cd0aedc4bbe3decbd8d79d04a4e434876650e0d64309e336bfb10e924066a64acb92260b2dbd96735d03af03909aa6a80a6e89fda81037257aec21fe9be7e91a64e88e0a58fa38ecba4c4c4cffb61958f3c486cbb0b1d0b0014a2d1d3df248eec1ca
CT: acb825e6023b44b03b2efc265603e887954e8612b2ee134bdcb61501cfb9492952bf67be597c3a005b09af74d9e421a576d2c65e98104780feab838d8cb1bd135452ea39dc8907a4c1a6a9161805e4fa3e16989e6a418a7eea2582bf895da967028eab7c95d846a6de4b9980785814cf00484baa2f6de609912fff689bce6e854261ffe866bd8e63274605c7c5ad677bd7897ade543e
TAG: 938478a41a3223a2199f9276d116210f
KEY: b7e9b90dc02b5cd6df5df7283ef293ed4dc07513d9e67331b606f4d42dec7d29
NONCE: a6c191f6d1818f8e
IN: 2ada0e3c7ca6db1f780ce8c79472af4e8e951ddc828e0d6e8a67df520638ff5f14a2f95a5e5931749ae2c4e9946ae4d5eb5de42fb5b77d2236e2e2bd817df51be40b1b8a6c21015a7c79fe06dba4a08b34013dfa02747b5f03930268404c455dc54a74d9c6e35485e10026da573cb41cd50b64cfafe4cfcdf3c9684ef877e45d84e22bd5e15fa6c8fd5be921366ff0dc6fe2df45f7252972c9b303
AD: 0f4269ed5ef0bfff7be39946a4e86e8bf79f84b70cd0b14fecb7be3c071316ce86de3d99d6871e0ba5667d9d7bba7dcaba10cb2a36668b6c3e2fb6c102938b75008bb9c213ebf9b85b5e91a802df0d31d7f11d764b2289f6225212694ab6b7c0e3ff36e84245d9f4f43fc5f98e654dea7ba9bd918658879c5bb4a1642af0d83113e3cf935d3c0d5208318f66f654eb17d8c28a602543e77ad3e815
CT: 22586fe7338e99cdaad9f85bd724ba4cfe6249b8a71399f9a3707b5c4323b8d96679568dfc8d230aefb453df596e13eb3e8a439249bd64bc93a58f95089a62b94f6562b821c83d91f56c55147381e9de4beb4ae81bd6fe7caef7e7e9a2078f2fba8f3e70d4910da9accc92b8e81a61b0fefbece4bd89443e66e8ddda8e47a66a62f17fd0e7d0a4852ce1a4d43d72a0b5e8914bbec698f060f2b092
TAG: c082470297da8c5f682a169d28bc0239
KEY: 6b2cb2678d1102f2fbbd028794a79f14585c223d405e1ae904c0361e9b241e99
NONCE: 7b3ae31f8f938251
IN: b3cb745930e05f3ab8c926c0a343a6eb14809fd21b8390a6fcc58adb5579e5432021765b2d249a0ecf6ba678634c4f53f71495865f031ee97aa159f9ead3a3fcb823ee5238bdf12706a9c6137d236e2e7110ce650c321e41daf0afd62bab2a8fe55d7018de49a14efe6d83a15b2f256d595e998d25309f23633360f5745c50c4e5af8ccc9a8a2cb47064105a023e919c7795d2dc331d3f2afb8c42e5c0bcc26d
AD: 1c32fd3df22b3e440e2a3c7a7624990194cb16a5f74af36f87fd6ca7d410ce9064316a2d091945deef7d9b35ceec8396069307caced2b80afd7d53ec479c35cedf2dfd4c95c3dd8400f71ad34028c6e4f8681d93d0774064ba38f3fb9b0c1dfa1f5f0c7d20676a5911d999fb6a1d41367a8e99d852bf3d3b7b3f4c233249ed1ca135389a674ff48232ded3f6800a97b6d409c40e6cd70d09bf9d2ad25d9b9485
CT: ef70c7de98ab1d4ad817024a970be463443640eb0cd7ff234bdd00e653074a77a1d5749e698bd526dc709f82df06f4c0e64046b3dc5f3c7044aef53aebb807d32239d0652dd990362c44ec25bf5aeae641e27bf716e0c4a1c9fbd37bbf602bb0d0c35b0638be20dd5d5891d446137e842f92c0ee075c68225e4dbacb63cc6fb32442b4bcda5e62cb500a4df2741a4059034d2ccb71b0b8b0112bf1c4ca6eec74
TAG: 393ae233848034248c191ac0e36b6123
KEY: 4dbc80a402c9fceaa755e1105dc49ef6489016776883e06fcf3aed93bf7f6af7
NONCE: 2358ae0ce3fb8e9f
IN: 197c06403eb896d2fa6465e4d64426d24cc7476aa1ae4127cd2bd8a48ce2c99c16b1cbf3064856e84073b6cf12e7406698ef3dd1240c026cbd1ab04ee603e1e6e735c9b7551fd0d355202b4f64b482dd4a7c7d82c4fe2eb494d0d5e17788982d704c1356c41a94655530deda23118cba281d0f717e149fbeb2c59b22d0c0574c1a2e640afad1a6ceb92e1bf1dde71752a1c991e9a5517fe98688a16b073dbf6884cfde61ac
AD: cf6ce7b899fb700a90d2a5466d54d31358ecf0562e02b330a27ba0138006b342b7ed6349d73c4c5c6d29bde75a25089b11dac5b27adea7e7640ca1a7ceb050e3aae84a47e11640a6e485bd54ae9fdb547edc7313d24a0328429fcffd8b18f39880edd616447344ebeec9eadb2dcb1fa7e67179e7f913c194ebd8f5a58aea73b0c5d1133561245b6d9c5cfd8bb0c25b38ffb37db5e2de5cdded6b57355e9d215cb095b8731f
CT: aa87f9a83048b6919c8f2b050315db4e2adae4a9c2ca0109b81961b520e63299dcb028cec0b9d3249a945ee67dd029b40f361245c740f004f8cf0d2214fcfa65e6124a3e74b78aa94345c46fdc158d34823ed249ee550431eaae9218367321cdd6e6a477650469bb3cc137a8f48d9cf27934b16703608b383d2145659922fb83bb2e7ee2ef938a90f2ff846a4a949129b1fb74dde55c5ae013c2f285de84f7dac7d1662f23
TAG: 06b4318ac7f65d556f781428a0514ffe
KEY: 9e4a62016dae4b3223fed1d01d0787e31d30694f79e8142224fe4c4735248a83
NONCE: 263a2fc06a2872e7
IN: 5a46946601f93a0cee5993c69575e599cc24f51aafa2d7c28d816a5b9b4decda2e59c111075fb60a903d701ad2680bb14aeda14af2ae9c07a759d8388b30446f28b85f0a05cd150050bd2e715ff550ebbd24da3ebb1eac15aba23d448659de34be962ab3ab31cb1758db76c468b5bb8ce44b06c4e4db9bd2f0615b1e727f053f6b4ffb6358d248f022bcad6ca973044bed23d3920906a89a9a9c5d8024ec67d7f061f64529a955ce16b3
AD: 4cd65f68f9f88c0516231f2a425c8f8a287de47d409d5ecde3ad151e906b3839fb01bb91a456f20ea9d394d4b06604ab1f9009ef29019af7968d965d1643161ab33a5354cda2fdc9f1d21ec9cb71c325c65964a14f9b26eb16560beb9792075a1597394000fd5f331bd8b7d20d88e5f89cf8d0b33e4e78e4904bb59c9c8d5d31ac86b893e4a0667af1be85fdb77f7ec3e2594a68048d20c2fb9422f5879078772ee26a1c560cbcbb2113
CT: e944bb2ab06d138ad633c16ce82706ecf0ef5d119be1f3460c9ce101d9c4e04ef1677707fca40d1f8ca181e07273707b06624d6d7063c3b7b0bb0151b757b3e5237fb8004c161233d8bc7e5f28ea1c18da1874b3d54c5ad6ff0835eed35c8853704585cf83996e5e7cec68180af414e04f08134d3b0384ebdf0393c9310b55d8698fe10cb362defc0995e9a13b48b42cff61ffd9fe4c3c8c6dab355713b88f6e98a02e7231a0c6644ec4
TAG: 27de0d4ca7648f6396d5419a7b1243b7
KEY: 18ca3ea3e8baeed1b341189297d33cef7f4e0a2fab40ec3b6bb67385d0969cfe
NONCE: b6aef34c75818e7c
IN: ef6d1bb4094782f602fcf41561cba4970679661c63befe35ff2ca7ad1a280bf6b1e7f153fa848edfeffe25153f540b71253e8baba9aeb719a02752cda60ea5938aab339eead5aabf81b19b0fc5c1ed556be6ad8970ea43c303d3046205b12c419dea71c4245cfedd0a31b0f4150b5a9fe80052790188529ab32f5e61d8ccde5973ed30bdf290cbfbd5f073c0c6a020eac0332fced17a9a08cef6f9217bd6bef68c1505d6eed40953e15508d87f08fc
AD: f40f03beaa023db6311bad9b4d5d0d66a58d978e0bcbbf78acebde1f4eb9a284095628955a0b15afc454152f962ec3ea2b9a3b089b99658e68ede4dee5acd56672025eb7323bcbc6ba5d91c94310f18c918e3914bbbf869e1b8721476f9def31b9d32c471a54132481aa89f6c735ab193369496d8dbeb49b130d85fbff3f9cb7dccea4c1da7a2846eef5e6929d9009a9149e39c6c8ec150c9ab49a09c18c4749a0a9fcba77057cdea6efd4d142256c
CT: c531633c0c98230dcf059c1081d1d69c96bab71c3143ae60f9fc2b9cd18762314496ab6e90bf6796252cb9f667a1f08da47fc2b0eecda813228cae00d4c0d71f5e01b6ce762fa636efffe55d0e89fdc89ba42521cc019ab9d408fcd79c14914e8bbf0ea44d8a1d35743ad628327e432fdcfeb0b6679ddca8c92b998473732abd55dba54eefff83c78488eee5f92b145a74b6866531476fc46279d4fde24d049c1ce2b42358ff3ab2ba3a8866e547af
TAG: a0a5242759a6d9b1aa5baf9a4ef895a2
KEY: 95fdd2d3d4296069055b6b79e5d1387628254a7be647baafdf99dd8af354d817
NONCE: cd7ed9e70f608613
IN: 0248284acffa4b2c46636bdf8cc70028dd151a6d8e7a5a5bc2d39acc1020e736885031b252bfe9f96490921f41d1e174bf1ac03707bc2ae5088a1208a7c664583835e8bb93c787b96dea9fc4b884930c57799e7b7a6649c61340376d042b9f5faee8956c70a63cf1cff4fc2c7cb8535c10214e73cec6b79669d824f23ff8c8a2ca1c05974dd6189cfee484d0906df487b6bd85671ce2b23825052e44b84803e2839a96391abc25945cb867b527cdd9b373fbfb83
AD: 24a45a3a0076a5bcfd5afe1c54f7b77496117d29f4c0909f1e6940b81dde3abacb71ec71f0f4db8a7e540bd4c2c60faee21dd3ce72963855be1b0ce54fb20ad82dbc45be20cd6c171e2bebb79e65e7d01567ad0eeb869883e4e814c93688607a12b3b732c1703b09566c308d29ce676a5c762a85700639b70d82aaef408cf98821a372c6a0614a73ba9918a7951ea8b2bb77cd9896d26988086d8586d72edc92af2042ff5e5f1429a22f61065e03cfcd7edc2a93
CT: 40c6318d9e383e107cdd3e1c8951562193c3ef64ee442432a63e2edefc78f32ab07772aeac172cb67ecf4d21f8b448423527bbeb9d8ddd0b46bdb27f74096ceb24e41963b4cdca176676a75bdbe3abc270b349ac0c6cbd9c3a5cd5bce20202fc5cc0c1bdd4fd25e121e0a24bd7bbeb9b19b1912467bf5338ee2ce88aa383c082b42cc399c9654ca325f35523e81438beb3f8926be79c378822d7c8f785614408a5f7cac49e4543188725643e6c1a70b46d0ec400
TAG: 5801e84192c7267f66b0e04607a39a3e
KEY: 6ae1102f84ed4dc114bb9d63f4dc78d7dbb1ab63f1659dd95f47940a7b7a811f
NONCE: c965d578ba91d227
IN: b82a8a9209618f1f5be9c2c32aba3dc45b4947007b14c851cd694456b303ad59a465662803006705673d6c3e29f1d3510dfc0405463c03414e0e07e359f1f1816c68b2434a19d3eee0464873e23c43f3ab60a3f606a0e5be81e3ab4aa27fb7707a57b949f00d6cd3a11ae4827d4889dd455a0b6d39e99012fd40db23fb50e79e11f8a6451669beb2fbd913effd49ad1b43926311f6e13a6e7a09cf4bebb1c0bf63ce59cd5a08e4b8d8dbf9d002e8a3d9e80c7995bb0b485280
AD: dfd4ac3e80b2904623ff79ea8ee87862268939decf5306c07a175b6b9da0eb13ac209b4d164755929e03240a0fe26599f136fb2afdffd12bb20354aa1d20e5799839abb68ae46d50c8974e13e361d87ef550fe6d82e8b5b172cf5cd08482efdef793ede3530d24667faf3a1e96348867c2942641f4c036981b83f50236b8e8a10b83ebf6909aad0076302f1083f72de4cf4a1a3183fe6ec6bfe2e73e2af8e1e8c9d85079083fd179ccc2ee9ff002f213dbd7333053a46c5e43
CT: a9aeb8f0a2b3ca141ac71a808dcc0c9798ac117c5d2bd09b3cfe622693a9f8ca62e841b58bddb2042f888e3099b53638b88dfc930b7a6ee4272d77e4b1d7e442bab6afbde96ab0b432f0092d9ca50eef42f63c60c09e7b8de019b32ebe4030c37b8183cc1e3b913b0ce4ee4d744398fa03f9af1c070bed8cdafd65b3a84140cb4deadc70184de757332ce3780af84353f540755227e886a8d7ad980f3dd6fd68263d82e93f883381dec888bc9f4f48349aa2b4c342cb9f48c6
TAG: f26b3af8a45c416291ce66330733b2f8
KEY: 405bb7b94715b875df068655f00513cb1ae23ffaac977ce273e57d3f83b43663
NONCE: 5c6da1259451119a
IN: f9f143c0c52c94b4ba7b0608b144156a49e7b5d27c97315743d171911e3645ab7957c80924e3c6b9c22ab7a1cac4b7e9c0de84e49fd5e4a2d1ab51d764fc5670318688ec942f7ab34c331dce8f90fea6972e07f0dadec29d8eb3b7b6521ddd678a6527a962f4d8af78c077e27f7a0b2ef7eabd19e92b7f8c1e8fb166d4763ce9c40c888cf49aa9cdfc3e997c8fe1cce3fe802441bbd698de269ff316f31c196e62d12c6bb5cd93fb3c79ca6369f8c1ac9102daf818975ea7f513bb38576a
AD: 6fe6446505677bf08b385e2f6d83ef70e1547712208d9cebc010cba8c16ea4ece058d73c72273eed650afdc9f954f35aa1bdf90f1118b1173368acbc8d38d93ebf85bd30d6dc6d1b90913790c3efa55f34d31531f70c958759b2ba6f956c6fcdd289b58cb4c26e9515bf550f0fd71ab8527f062c9505cbb16e8e037d34de1756bef02a133dbf4a9c00ac03befc3fb7f137af04e12595ce9560f98b612480fcdba3b8be01db56ebec40f9deae532c3b0370b5c23a2a6b02a4de69efa8900c
CT: 1a4b073881922c6366680cc9c2a127b26f264148651b29abb0c388cf6c9b1865dba5a991e1f8309efbdb91bce44b278772c58fd41273526c33fec84beb53d1689b9da8483f71be6db73a73417069bb4cd3f195236e8d0a00d124eed3a6b6f89415b19a27fbe35774f6a1a6ee4bd4350b252b975f0db2d2eea82f4836350850d6290901e726e8af13644e2d98bc1d569c20800521e6affe976bd407049a2e6d9dd23f88d52e651391ecd2fc45b864310824aaadfa203762a77c1d64562dae
TAG: 0060026d3efc120f11c0739959ae0066
KEY: 8c602bd94c630cd00c7a9c508067a5a9f133d12f06d9f6fe2a7b68dce4786d8a
NONCE: 760de0f7b7cb67e2
IN: c3ff559cf1d6ba6c0cc793ca09a0ba573a28359386a6ec93e1bacd8e630209e0b477a20aedec3c9cbf513ee6a1e3887112218d6155b9875f7e6c4bbba2c31972e905d19f529f4f0f9502996199f94f8728ba8d6424bb15f87fcacd88bb42c63fcc513759712bd0172b1e87c9da122f1993ffb7efd3a5c34b240dd3db89dddea36dbeb2836d9f8648f8e7cd428c0f948097af753b35f9876059e7702027bb00dc69071206e785f48fcbf81b39cc0343974ac70784a2e60c0df93b40379bea4ad8cac625
AD: 9e14907c3a8e96c2636db1f3d78eb1f673d6ef043cbbb349467f1fe29bf60f23d5d5d1c3b133a8ad72065d822347541c13d1574baf737eb3cc3382fb479e6d5193b9c8e7d2444c66971ef099dc7f37f6cd97b9f7959d46e2cf25e8a5b3111b4d9e2ef906d905f0ee2d17587f7082d7c8e9a51509bde03d3d64338e1838d71700f1b4fcb100b5e0402969da462f26f974b4f9e766121f8fd54be99fc10beb9a606e13fbb1f960062815d19e67f80093360324013095719273c65542b0e31b1a2a3d928f
CT: 2794e6e133f6892f23837fff60cf7c28ee9942f8982ef8089db117903d0143293fdf12ea1cc014bcd8806fb83c19570eed7af522db0de489bbc87133a13434518bcfb9cda4d9f6d832a69209657a447abf8afd816ae15f313c7ea95ec4bc694efc2386cdd8d915dc475e8fadf3421fbb0319a3c0b3b6dfa80ca3bb22c7aab07fe14a3fea5f0aee17ab1302338eeac010a04e505e20096a95f3347dc2b4510f62d6a4c1fae6b36939503a6ac22780a62d72f2fc3849d4ef21267fffdef23196d88fbb9b
TAG: 457cce6e075ffdb180765ab2e105c707
KEY: bd68ff5eb296c71cfe6bc903c14907f7726bcb1331f0c75f7801cd1b7948f3a1
NONCE: 65a748004b352ba6
IN: 52bf78c00f6e5dca2fc60e2e9a52e827df97808e9cf727773860cafc89f4b64178a19b30b46ed813fe00c8f09b25a6a1b6e350d5b005122934a59bfbd5e6e0c635c84a5226c3f2f7dcf951560f18ac220453d583015fdb2e446c69c6e6fdecf2e595e04fab1b0c506e3c6bd5e4414a35f15021e97f447aa334f54a8f1ef942dec6273511b5668b696fca97188ff15ed84b2f46145cce031c1a7f00bd88bb83d90797edc46161b3fda7a2299173496d73b812139556e8b4eb318078b9eb2ae5046e83b79dd3d45950
AD: 5557b08a5010cbc9f46bb140c2505f68684eb24889324bff44b27234fd7a95a99cfb4ff90a8f9982085b725f78ac42eca6ce7f3314e457dc41f404008681a9d29ba765660de2e05bb679d65b81f5e797d8417b94eb9aabbd0576b5c57f86eae25f6050a7918e4c8021a85b47f7a83b4c8446898441c5cc4e0229776ef3e809cb085d71f3c75ec03378730cb066150f07e60f96aec983c0e7e72bf6bf87ae42228dfda195f97855fcdf4e6d1c4479d978abcfa276d16ed60ecbfbfc664041335ce65a40a2ca3424df
CT: a5c8cf42287d4760fca755e2111817b981c47e85b0047de270ec301ca5f7b3679f4749210892b6ea6568f3a6a4344734a0efc0120ffedecf212d55cbcbb67815ac964875af45f735b70092a8f8435f52fc01b981ae971d486026fb69a9c3927acfe1f2eab0340ae95f8dbee41b2548e400805ece191db5fd1f0804053f1dbfaf7f8d6fded3874cb92d99a2729d3faaa60522060cf0b8101b463b3eb35b380fcddb6406c027d73fe701a5090c8dd531c203ce979e26b9ced3431e2b726a7244a20d9377bd62951bf5
TAG: 4579fa1fdb4c674cc3cd232b8da52a97
KEY: 934fd043c32d16a88fad01c3506469b077cb79d258b5664fa55ad8521afdcaa2
NONCE: c7091f6afbbeb360
IN: 2bdd1fc4f011ef97ea52ec643819941c7e0fb39023c2f3c7683804a0ddee14a5d1784a5246966d533b3538edc7d8742d27061c3cab88df0318ab242102de3a54d03632eeb871b72c7e8f8065b49f4a91e95e15f3f46b29fd76b8fcea0d23570c5530e3bbb8a6aafa9ae32c1b3eac653c5ed5fdb2da5a986075808f6385870c85b1913e26042a9d8e78f5bc2ea6de5a64f8aeafa22adcffc7f6932d543c29bb3a04614783f948680e433a71573568d2ce984d249fb4fc06a9f358c76aa3e64a357f4eae924c1356bd5baccf7e0f
AD: f737dd85638eb324dd3891219c5eef7c2dd053cfd055d447a411eba304a4b27dce981d112c4540590933c153d603022c91ebd2b4a58069d27e6ca17a462ef822ca41bffa80b43a68b1b564644cb3c5a7f0fddf7a13a30ff24437fddd8ef93c6f6f205d054f81890d982bd4d4ece0b1563677e843fe48c1f54e9a57ed4da66061482712e710a401073be5080d5b8b96525bffa67de5af31d50385fbbf1a87c21bf0e0a1fdff69ec32c7b7103e0b8ee6c844245e0fc84b9f89fcce62966cea68e2871d3b82e8df424c76309fc88d
CT: dd13fbf22c8d18354d774bcd18f7eb814e9b528e9e424abc4e3f2463195e8018576565d16ab48845d11c9277f2865ebb4dc412fd5b27078f8325eadf971e6944c66542e34d9dda971e2aba70dbd3e94a1e638d521477a027776b52acf90520ca229ebc760b73128879475d1cbe1f70fc598b549cd92d8a9ac6833e500c138c56474db84cb3d70b7aa4f293a4c2b4d818b0ff9fd85918dc590a12a8c0e375c4d98b7fc87596547eb960676aad5559834588f00f251a9d53f95c47af4df3c4299175d5211779c148cfc988a5e9d9
TAG: 476616ea15190c1093fdc4a087643cae
KEY: f9f6eb9ad736a8f66e7459fef5ec2890188dc26baf34a95f6f0384e79f5c6559
NONCE: 7858dfc084fe4b0f
IN: a644ca6e7cc076e87eb2929fd257693fce0f6fb64fd632f7f07c648ebd03696c8e262e6a810d7b7c4e5eef8c65b5323c99dbba50a70b4a9e5c2a9e7315973cd67f35d8052ce9a85a206416dd3031929f4f929b13d0a5fb10cb73c65f6c0ace019da146b51c5274a099f44e3669d26add6f2ff081e886f3cf952fe0dbbe6b0534c23e307574bd35fbd657f5fcbd5dc19fb382a1dc0a2dc8285a0350f71554e4c601497749e35567dd4a273cddc9a48ce53a5f1d297fd8baf8d1b9feb35d9151114345abada4d90db947bb9a743c175f5653d1
AD: 2048d1c2ddfb5ec385b201832c7a993f229ba72ec16d6ebf723ef0c5032b9966209a9e8a63151b40412e96b82f86728ea6588c7e8e11ac71cc8eabab8c4b54de866658d9c5011def61fb3dbe4e630158a45ea41a2ed55ebd1efb1abeda7637de6fa5fd2f151c6d2f385bf6cd002ca8b4a2896e0d65944ee913e3c784669dd201b1985ef3577f7f123a5f9bcffa176c8f557c4f729133cac518642f27d9b22ca9b97faaafe5b669a10b79ace4a7d5727df146c77ce681357d69f9c2d65b4401bd73cd113387e3b3a05d897adad7a24c485e7b
CT: 4146faffd7313f5d9f625370d20413cc62ab65f4acfa3c7ee1125b937dd7a39f638fc46c8ed004fb525698de5d8620ec153435571817c3de257b0d0e648ebb92940c86a98262d54e764f28cbdd4f7d9bea970291f2110414f62064d7229c6332236c507b3dac742e651d85a2a22fb243c0cc7cc2d016e5bea38f33f9a9ce048944a5fe8b078d71d23168e12dfe5a0f0b829771edc7073fb96032b7be471337a37aca0cf7c0cdd543eed686cd34934717fd79a3f18492eef72f9f450b880aa7e2e1b65e3b04c22e72301338b43aa32ceec2e6
TAG: 10ffaf2be316676da02d7473a9df87b9
KEY: 29b19636cdd32507fd98ec4ee26caab1a917646fb8f05b0dc01728a9f4a127f0
NONCE: 06699d245916686d
IN: 5fdf913aceab1d6dbaf7d9a29352fa8a3eb22718043a79cffa2fe8c35c820aec7c07644b8785dcf7a433b4189abb257fb12b06fae0662641011a069873c3e3c5ccc78e7358184a62c2005c44b8a92254958eb5ff460d73cd80284d6daba22c3faba046c5426fe8b7cacec64b235a8f8d3e2641e5bc378830594bcfb27c177aea745951ee5780a63705727ef42c4ad3abf556d88e3830f3db6b09e93edd09485cbf907f79de61f8dc5cb5fb7665ffa0ef53cb48702f6a81d8ad421cef20c1dbdf402b8fafed56a5361b2f93f914a2380fdd0557faf1f4de
AD: 39116c49cc13adb065b92cb7635f73d5f6bf6b5ccbf72a3f65a5df6bd4a661105015358d9e69f42e98aed795e8161282bc113058b7ef3b9e23fcd8eeab34a392e03f4d6329c112cb968385ec52a7afc98bb8695785af6b27b700973cc952630b7247ce226b4fbb99b8a486370bf6345d4516c52c64e33f407c4f2d1ba90545c88732d98bbd97972ac5e94c694624a9b3782b0099824651cb7567914d25b3e13181a791dbcd40e76e836b3350d310a52151bf835d3c357c9871482c2928e8404c6e533406d4d6fa8f63366f2c4ed828141f1ff00f01a536
CT: 01e237220b619054a1f3670928fe67d40484b5af40fbd04d032500aac5acaa3b4584dd99a58c390627636a50de5d744f76a56a33205f9e3b00e16162eb47ff3333e1e208ca200f1a5338a86e17bd92dd2d16af8bb022a7dc05b923d019e05247f1a0d0b4bfcfce58dd6d83830705707676d55739abee89fcd5cb94b8fde006a5da02df64b00a467f45970b5ca440f22319b9735a55d454b9fba0588fef0c59d3d83823eba6e0601a96e10233826c5adeea6b2a51d386a07a9e047ad405b23d4c3d89f30c31e3199f0c8f927bfac43ceea1f969de0a8c0f
TAG: 092f9f3c5d4f2570c9946c87967f4579
KEY: bae06b9b5456707551c7b0e207aae02a19b4848ad8ca4ce40705bf8c856a6e52
NONCE: 9c27065c3ef2d522
IN: 50cdd88137ff428a88e87b5845be4924f6387537bb5c0b654c80107ab5698db75b2e131848e7aec156d31aed0766d31c379fece4095d38264c6d5945974d25f729c3b0ba11ea853e9cebdb6f03bb670fce08adff74d0a8f02d633fb34e0fb7337a8e66e1c12084d914fb6173b8105684db822752c6751a372bb16690284d661b8b8bc6a6dfbddf45ebc2219596f9f2f878c118df69030de38b4d99dde43b9b9e20a3dab691645dd518342f49b06a0fe0a397adf261e99f07af5b0b3798b1022ba0939c42a54d3b93641cffa3c2e174bce9ab7ad7e7c7924308d1a77a
AD: 5d5590db1bd316eb7a0e30e4c7a6dfdbef9d3287fdb8d824389599c3c2ee262b2192eb5b9708e66e22dbc7eca83fa1a995da3ce64c86fe5aa08b826d476dc439497e2d12e2702c63c8d27aa7f09fedee816dc8bffe1351d53271a34d4292b613b7efcedb7e3cf3e6ad389eef12471e9e20e38e7ae22a323abbadfe8f2e84271bffb1819feb4f77b82843cb8757cfae293631bc6d39669107e7015c85d7343ffa6fc1bbe6f5ab4de30cd752a281e03061ea89de2a3f5e90e20da22fd6e8525c100738667f42212b2cf45fcb23bbb54b21c117484b22c6e514685314df
CT: 66b7f69ac49fab4e5975aeb6fa9287d8eac02ac312c4de78f77f59da16cbcf87274e66801c4b862c33ea79cdc76528862bb2956c06db8b8acfac4794ebf39e35ac03cc73a4351a4ff762f681a48d6f25cad36e2814c9b5c40b9ae92509e58429106847789454d376836936bebc7a80e6c66e7aa52936d6b361378a41f849ad4e48f9ee2d3e92217a908fa8eb35736ac8ada7d32ae05391f2d807be3512543c36138a5fe660dd4cd4cd184bb43b6ba6bc0bae634e2fa9669304cd510ed5103f630068ff76d3375738de60a381842b421477e25a490cdd6894b2704125
TAG: c9998a677dfb0e91924aec9de0afd585
KEY: 2cb374cb048c168f2e43597f028d9e73cade1b458284ffc260d4fc6b9011c414
NONCE: 9fb909169bc9f4e9
IN: 39eb929482784b463546f5d84f80510f2019923d465b99d194246d68c7ae343f91971d8f7059cebb86aa5dd099289aa648248b8c5ca04e66ac5e9bf06776e3883495397618a0227f035666806e636836b47d3d2d255a49db79866cf00d9ddabda259c4f968a1e01e651c7811cebbee2ee71803ea1d9d23487eb221f2d9555756800aba5e6abbefd6fb72b3151cc99ced599cd86df2a9b1ce94f89f347eeb124d9e7f0d9cc48d3dedd819e6d3dbac57ecee199547b266116a2035c9acc4c8ca3271ac74952372897c4a5f2cb84e2d81817fec9d6774f6d8a5b2021684132db4fca3
AD: 0c7bd4f3a30ee944ccf9489181e6911684dcffad4593a9b65a67dfc80718c69b35897d01281016b7731e12c15cad8482e79458e08a755622e3f3f22a23ef6c8487a36ad1771ba06c641f06f85de0db3776cc6df06ad8fe3b4d60d58508de943083f17cbb9dc0d390ac94d8429e8c6fcfe063f424fbde0f62f6a7f91a626d195dc498a6e69bd93109c4e9ba13e7330aba456d710a4b0cc279d4045660406e26d61dff70d4a33c4f1052869f9248024e7a0f85f1effb32f6f7ccb1f860f3ef04e8f7b29096e6bcf9d4b3e0ce703e9bf228fdf515c2ff9cbabd16987be0f9babd3d8a
CT: 91ddadb86b7ebef798ddaa59da51d71316fcf6c9678143178227d778750dc9827fc6cc21e605c505023e6db25849df7fb6fc1ca4d223aa215f8c85b724643c83bf8218815a9f9e2952384e0ca6a80a3760b39daf91a3c6154c4728c2371fd181fa3764753d0b0c23808a82cd8f0497246e3a0f17f8906a07c725d2891ce968a9d432c2b102d85c05510b28e715bb60d0403a77490e7f18be81218bc4f39287b9bb09f50227dd2f55e4fb70c4438da8ba3c8ffbced87d90155913faa9979fc57e6cbeddfaba3d3ab4163c0eebc7d94279c27d3ed56338893dba542eaefba30f8c3b
TAG: 728e60f8124effbac234f70da925881c
KEY: f0f16b6f12b3840bbd1c4a6a0811eef237f1521b45de9986daec9f28fca6485c
NONCE: 7ac93e754e290323
IN: 0530556424d823f90a7f1c524c4baa706aad2807e289e9479301e3e7a71f2a5e14e6232ea785f339c669af2e6d25f1d5a261096a548d23864945c3a589b67b09b0304a784d61b42b2419139485242e0d51fcbe9e8fed996d214de8717e6a71f8987ccad65eb92e66707034a5ae38e6486e26eb4374c565aad5df949dab209f7f7bcd8eb6fc52761a26cfe5d01fd349e59f4042e6dbe6b232f9301b971dee121d8aa1e62d40f043a42f3aa859d867eb809b1ced5ae1ec62cacf94a69fafd0631a8b5dfd66d855900fb295eec90ae5fcbf77beae267a79d24081bb322d8c4e0630fed252541b36
AD: 13bfcc17b810099cda31ca53a1323db9b07633ceb2088a42263a4cbd6a4d47978776005c9a20203319c3a3ae434e9a26fb541047dc9df38dc36c095267272e203d0b24d119a70a7e96041b6d82b7c4d5570e1e4a1cf2f6e44ae63fe005a1f5b900778c482f7bd89e2e02305e35b8f61b7bb2c78a13aebfce0145d1c5aa0bf1d10d23616d5a3a446de550302f56f81dc56fe4f3700f14242688d9b92d8a427979b403c8de8c493a2cde510eaf6b285e6675b173aa0314a386b635c7577d5aff0d868a0cb3f73c8d2005f8c7c9dab5a060ef80102c9d4a4af988838afe87aff04c0689e8c3c7f9
CT: 2c14c3931e98e84507c4c165c2ed47ad4a178f0e216cd7ac2453bbbf9f85dd06bd8ef54a9ff1fd3dd8e0cafb635d8f2de861a0db5b14d03f17aaea8c89b3010797c71c13a0e666899d7ff6e53c4f08be8ddb3e37688b5afa088079b6c7519b833e16560073e699530302028a3496e05edddec01a23a4c7983956250e8d9e616f7b940856955cde81c1efabf6b7b92f153d03f4cd17e7f7d2907670cfc84d45c1d7936775a3fce47968504278ffaecacea0871b227f250e2979516f6fa310fec0d8df1af7872e5a534e82870aa05f43ef0a455846b93ce938064fa33e92de262e4156dae56775
TAG: d95d73bf9aeb71eba9042396f3725424
KEY: 3792943c0396f1840496917ce8ad89608385007e796febeea3805f3f4cbeccf7
NONCE: 23b2f9068b2c4c85
IN: be6b67eb943ee7b5c785cd882f653e73a8f75b4a41a2a7c56ae5a10f729caf39948fe48ad0e51240e2e7aa43193c7ec6ce7f4909fc94c9f99e38e6a0ad7e98eb29c5c2e61c99e9cbe890f154185cec213a74725d23c1a4e4d0cb9b1a36b78c87e5eee20d2aa29aae80d4759eb0c51c5dc3a95bdbbf7e14eb434419a6c88a954ac03d0c98739f4211b8732acd71c297f578b8cb64ccac45f7235ddc7f2a3f5f997525c1ed39dc550126cdf9cedaf55425489085e91b170be6205a5a395f2dd4084a3e8dbc4fd8b13252f7effae067b571cb94a1e54aba45b1b9841308db0cc75b03cfce4ddafe89ce20f2d1
AD: 7eb6d7b7bbaaa3c202a4f0f1de2263767169eb4a64853240d48c0f8d5d31b08d5baf42977614a57aad99426cde76d242cb37d2956d8c77dc4fd62a3abf30e8ac6cd58c8ef35e67497022960138c57787818892460f3bfc16e37ff388b1edc6ce2bc53c22717edc7a03d4c78b0dbbe9121c7fd8a3e3993b87a4fe389bff13bdae3b349de0b6db561602c53f746022aeb4483c723b67825042f4af20b7dd1e6031cf54215266295c524ac8e1370424c5c5e607fb3e23e97c8eebe64656775edf616422a8b974e1acf13ab45c9a367a7dd9b2d62f48bbc05819b65eccb813ca813f57b22ee4c280dbb5a9d8d5
CT: 0b316ab2bcf5359900fa4082d5d253b49ad94b70e3fab544f98bd111cbcef6766cf953deec08cae1f489fe12f7acc0032db8a6b0c0eee0c206ea5fb973feaebf90f690e840094db5e13fdd7157ba127368c995b426529435a1bcdd1f14ce9125b8a0e4c96b6ec09e3c36a180adf81941c002d19c19d53c2009be803b987504606b7d43bdee5e0b32ff23c466b6cccfcd0d4e88fd1332e73712b5ab725c1a383e584f34f80daff29d285ae5e43cf1d0cc7a828e75c25daced3a581a93d7a50f313b33f38dddfaa23cd5b9914797db820ee2400d52bf5fa982277fe9b5881ac42981633b3957b0e935051828
TAG: 01973ee2e81cef22751a6a8831d752ef
KEY: fe4be6054773f634356ac328591fbc6f833b0d1beeb38dd5b6feb7481b4489d4
NONCE: 0b3f16f898a5a7d5
IN: 76ced1ade6d1ef4069afddb32e7432d4ff2fd06685121f7b16464e7a72d365744f547d2ccf53486310e38b42d8bacaf711e54c5458d2d68c4dbcc8de31ab6732f4430e88a64565f5b287640775aaa2af1cc461d3e415bb275c6246b1b58517aa72667eae291a2982eda175d1b22c5a58e6fec2b3743d55712f201ca24ba5c0ae8c25724871b2ec2fb914a8da5a52670ab9b43a83b8568ce74db5c634061cb80530c8070c38b8f48c33ba136cb9f2158ee7eda8b65f2192fc94d1291f182f101795b7190c74b319d2d3e02a97c824d9c9471a83797e4936310b207e3a1e0bcf75f7c3e3ee48a747641cdc4377f2d55082
AD: 834cd775cbefe4b33a3ca53a00c06a3c4a666983e4115a029f15729460daa45d1505e95172d3695625a186b28b8be173a925af04665f209267b3c5123e8be13da447ee1ae856bb0925f35aaa76e04a7bca8460f76c2024de2149f38a8cfba81694b854885d72568105571b6b213a0bc188a44cc7fe13153cbf261401b238cf12a95e23cb56f240114f16e2f1e3a514615aab4449c0c49e4d900b0e17d1a8dabb53d43dca32fa052d576b73dd9b40856b515d6d7efc2a5c17e0ebcb17bd59dc86f22ce909301a2652f134e82ef0e4519487ed12d51536024f2ae8f75d937c42d003076e5dea8de0c684cda1f34253d8fc
CT: f8defb6fe95dfec499b909996a1f75a198a90e4d6c6464d00a357a555311c42fe92dbbc4b79c935e4f0b1a95e44fdbc1380bebabca28db4dd0d2870daaafc38ef27908c3509e945714801cc51f1a07b2430c74fa64f2a7c2f7fd1551d258c9c3be020873fc1bf19f33ab6c660911dcf2317195d0efee82d20ec26d22611f9cf86c51a64e28b3a1f344500018e0855c88dae3c07acaeaa10b60388484dce93e16e6e1a6e69e899806648a92568c8780e9f4baacd98cbb353ac2f908e775d92303cfab843f15be0e0c322a958802fb1a60fcc7631f151f4c2b8cb965d2d296acef250275a2fecc0cea803ce7c058b12dd2
TAG: ade515091930dd7861b27f78a87ef60c
KEY: a288b11ce5382ec724ce4ab2d7efa8e777e91ebd04367935e15f9dac483e9596
NONCE: 874144dbf648b325
IN: 4c9195280a79a509919af4947e9e07231695fd7c5088539f23936ce88770ce07d9ad3ae4a463b3a57d0634d3a77ceaadf347a334682b04be8e58b8e86fb94a1f93255132b8cdb0df86f5bea354eea4e8315fea83e3fdf6e58aa9f26e93caa08e5e2551a94bd916a51fed29ec16f66800cda6a0aa24ec308bf5fb885afba272685de27c1edcdd3668048ef07b06e90d464a8aa28664903cac45e154e8e1e39c257e1ff506b9d95cef4f300bb73b899e7828602c3c1d290b8cf55ee5fd72ecce9e6efc9293aebf674a70e2a7673e75629c12950622dff71d3ec0992e57776c788c6927d30b4e24b749191c3ce8017f0ada6276e43720
AD: 04abe8588c8c8c39a182092e5e7840442bd1c1149da102c4ee412bd8b82baa5087ef7291b5cd077c177c42770b0023e0e462b06e7553f191bcb0315a34918dcdbffe2b99c3e011b4220cc1775debcc0db55fa60df9b52234f3d3fa9606508badc26f30b47cdb4f1c0f4708d417b6853e66c2f1f67f6200daf760ceb64ffc43db27f057ad3ee973e31d7e5d5deb050315c1c687980c0c148ee1a492d47acfcd6132334176c11258c89b19ba02e6acc55d852f87b6a2169ed34a6147caa60906ac8c0813c0f05522af7b7f0faddb4bc297405e28ecf5a0f6aac6258422d29cfe250d61402840f3c27d0ce39b3e2d5f1e520541d2965e
CT: 0afce770a12f15d67ac104ba0640aab95922390607473cbda71321156a5559906be933fb0980da56f27e89796eaa1054f5aacf1668d9f273cc69071b9e8e22af6a205a6a88f7ad918e22f616bddbb07c78913c7e056e769e6fcf91c7600c2740212e3a176e4110cac9e361a59a773457064d2dc652dd115d04f1c3756c0e1d39f6737a16b4508663e310934c49c58058b3c7b9af7bb2334c8a163608c42499658986927cda365e2aead3ac29de16e47e954383ea566f8fb245a4e5a934c767bb3bf7e0eb8a477fd0e1f61bcb238462a0d19c5cea9293ca58ade76829413216a7882cd2846323046694f78cd8b0347792ebb75abdc1
TAG: 973e58b1b8adb176a6f1e5c963bfdc5c
KEY: 65b63ed53750c88c508c44881ae59e6fff69c66288f3c14cfec503391262cafc
NONCE: 7f5e560a1de434ba
IN: 845ef27b6615fb699d37971db6b597930a7ef1e6f90054791eb04ddfe7252b5f88fd60eba5af469bc09661c0987a496fa540621afeec51bebda786826800943d977039dee76235248112ff8b743f25ed5f3cb0d3307f5e118d84fdbb9c3f5531bc177fb84549c994ea4496c65e5249da987dd755d46dc1788f582410266a10f291c1474f732183a2a39afe603771bb9c423fe3e8906f2be44a0c9a7c3f0ceb09d1d0f92d942383a875c0567c7869f045e56dd1a4d6e90c58d44fe0c5760bb4fd01de55439db52b56831e5a26a47de14249453a4f8e7da3cb3282c6622916197ebfaad85dd65c61e7d2d3ba626276366746f396394c1bf75f51ce
AD: 51a3588398808e1d6a98505c6e5601ae2a2766f1f28f8f69d1ccbcad18038c157b41525be58ae4527a073748b7a04809e52a5df0c7988417607738e63d7ead47db795a346b04e740186e73ccad79f725b58ee22dc6e30d1f0a218eda1791e2229b253d4ab2b963a43e12318c8b0785c20fca3abcf220c08745d9f9602f0ece544a05736d76b12d249699c9e3e99f3f13cf4e5dc13a04125c949a5b30d034b23cb364c8781964bc6c30e5e5ca9673d517ef5f35965d8a8cf1be017e343df97b6bee37b30638b154286d1f36d2f9a0eaa23cc484eac5a05b15d9efc537d989dbc8b3106c0dc1a56e97e6aec2eff54a82cf7ae9df2af46b4c860f83
CT: 027b14197b4012256b133b78ddc94e72fb4d724fefa4ae329f5a5fa3fa784fe6d7e1e805e3f7a75557de64de506d38237b467fa577efb59e7cfe2356bed6655c5aa4e238dcfeb75c16549a0917268768a96acb5e20546a1fb7e3a7cff887f49f2cd7a135f72a98a779150f3207bf733e88861fd79eadbf77fa3bfe97bfe8b6a991cb3bcc2cde8287f7e89384846561934b0f3e05e0646e0e1907770df67a7594161a4d0763faa6fa844080932159999d528ee0558710058ce16f97d13ac9fd9bf5044191188bbfb598d0fafbdf790b61ce0781ecc04218a30ded45efd498cc9ba03562ed2b4a993ee98876b3ab7a9bc07829f1c4ca6ead98c06b
TAG: e4d18a701b8308697b5e79141ed783c1
KEY: 4986fd62d6cb86b2eaf219174bec681bebcdef86c8be291f27d3e5dc69e2feba
NONCE: d08d486620ed2e84
IN: 3a22ad5de387db4fdd5d62a1b728c23a8dddc50b1e89f54f6198b90499f9da3122ebeb38ebf5fdfe30309734f79aff01e3de1e196b35bffa33bae451f31f74b8aec03763f9e0861a34fe5db0b40c76e57c7fc582bfa19c94ee25b5e168270f379bf9f8a0a18bed05de256f8f0dd7c23ba2ff1c7f721409462f04cc611ad9bd4c3c9acf30742acfb9518a6375cbb15d65a1bc6993ea434894f93d4f6e05996ebc1bd56579296309a2c6b8fde95072168b5fd31927c4c0abaa056bcd16221d5f220be47591f43255013a262dce439817f534830ba82155347e5fe3101f8011b89365a6568214ed0661914e8cb3431d6c8f2347dfc1209a3eca4aaf0a111f47fe
AD: 7dd3f656a03c001b45ca0680bc3ac9d68c6e96b591d3c69eb8c65e489009d845cb331c98b82e627e06d5bf01e74c573df268c2386f12628c019951d42f55991ff20d72a7b2c45f41d0be7af428c92f324aaab8df70d900301cdf09a3d93eb711c919d34a86fff9cb078322ee2e0ad48dbdf3b7884f0f2dc5c36262c59bcfd75ac6200f59c6fcd0ce10ff5005fef5df8f0432377dfbfc1db8f559e27e1aeef3380ea3864867d36a25a18654779a751586cad3b8a46b90864ee697b08605673b8d2123433c020a21c4db243dde2420c12fd4d54a2704a0c8c376454a1b5e80fd6db89aabd56d9b421f29649e474824dfa56cb5c673c504d10be52b53751709fe
CT: c40180afd53001663ff4834110f56e6b0f178cd3c0e7f7de5d0089ee41d8403ffb98e84922706544a344d7e2625b12cf66b9c966f9f57d7b94e3e4b34e6f0aaed1763ce012782e2f5e1682e6c343fc7961fedddd0919d0b910e9923c17e36406979b256b85aec24ee352f03b48c1302eab419c83dccc5372cc059e9de596224fa70098eb32fc9579e97917b923914fa2efc30ab29b457bf14e45583b3771486bdc0876f3ea6e1a646746c4f8c5cb2641a1557c8473e6ea67d4811a67485ae9a678ff3a2408ca845c3b51957e189eef47dfc1d46bde4b9d754d7df13f828ddadb06e4ebddb5f0dafbdb28de4c5e6078926f20cdf9e97ecd58e309e640f74f06
TAG: fd5e29332832a14a31a9ce2ca8568498
KEY: 7d28a60810e43d3dfa32e97c07957ec069fc80cc6a50061830aa29b3aa777dfc
NONCE: 47738ac8f10f2c3a
IN: b50278ae0f0fa2f918bb9a5ed3a0797c328e452974d33cbf26a1e213aa20c03d0d89490869754abf84dbbe231d7bccdced77d53fd4527356d8e02b681fc89a535ae87308bf7fbc26197a5ea85bdb3aa033b8da5cd197ea6d72f96f63b03f4ecc7adedf399a5043776cdb32c08f30b77f34df85f8adb8e02649a04b020b03e17d445ca63e4ed73ae432c481392e031eba2f9d2f7f981d1e50917822bd6ff71c239d33444ada3523a59dfbce5457eadec1ab926c9e6c5299c7521e3f204b96901a712504fcc782e8cea80ba12a7f7e71cec3d0871899b6ca059061da037715f7d13fed01c9cade1e687b4fbb1f4ac4b040db3b43800f112fb900e4f772d61b921cbce4da6f
AD: 324292813b7df15bc070cc5d8a4bf74ead036430be63abc43304cf653959a24a91c7de5a671c50fa8a87e21bb82b069999aadfb6895d8bda4c3083d17b8ca55b9ab1511ed8c4b39d8c28c11a22ef90c08a983e3fe2d988df9e02b16a20b24f39ddb28429625f511db08298c4dc321f6c268fc836a6191df6232f51c463a397a8d8b33374abe94e62c0f5c322387e1fc4a1c1980a04a1a3c2c31b32f183a11c3268c6dca521149dc16af120a78be6627210e8ddbc44472bc24d66ce3681c7579b3d9a425212a704a4f5105cb80f0d18ee860953d10b59c114826779bbc368d7a0eece9f223e47cd8e5fd453607d101d9d9c2bd9a658d6520b87d7b4263f6d845a524a36e4
CT: 2c217e969c04740a1acfa30117eb5b32dc573df3354f4cc3bf8f696ff905f1e640f3b2c250473b376622e0c9bda13b94640521be1ef0fc660b4c10dbe2bfc093030753e04f6aaecf813b43b61f960455974b8bb8a9b461d1e8fd3802315e863c00448f24dd38deb90e135493274eb14ccbde15c50dcad734ed815a806be6622492a84cd062e3ba567b909a205a1d0d2bedd40169697d261c7b6c2e0b1f069853fd470e8f364a142c386c439a6dbe192ded5a3d0fbf73799f588c59e58c60249d980ddcf0d9693631cd9b3f972509c3a77123d38d9e267ecad06e1208e3f1c0a69fbca7c3bb1a48fda19493d0f8f48398820057b94120f3ef97d87e9e8a1b301a2534c68f
TAG: 1fdd2dcd935f55822bf7231a516ca841
KEY: a76e9b916f5a67b78a5949651c8c3a9741a1bc3c41cdf85fd2c8f3e9a0616098
NONCE: 0808da8292dc14e0
IN: 9c149eeb09345c3c22462b03e49eb4dba6bc98b269b1086d752bcd8eea53b8977b238a04a994baf915591686baab90b79a3bf7d9adb2c6c2e31acd3e72f0813fb745aa5fb2e3da408f78001c9c09bd26a1a2646011b6120aaa2bbacc4a16c39fb5257b9b2ea2ad8bf70bcc9855cf11841116c2767310cf3cd49d1aa44cd505f079761e064d5bc7cea4a7173b086882a77d3fc179efc86fc4db8a373491d2ed81eabc63c950e832db17d09f474d4ec46bde47830caf26fabaa0372b81fccc449c0e19ccd630caf693a7b43bb1c408a54e03f50c44280a05ad89fb6e8f01d8ac278edf556e5d86ceb4b614fb2ef133819c6e1ff6abb86c54a135256204b5cd400b93624d3932e7c2b046
AD: 6aeb7031e4a2e23eea93f05fdc562aa2bf43b8998bea7344377aaddc60fbdb7bcb1491d379ed0cb613ee757cfb66490db61bb431d2fad34b38ddd55bc5b22aa6c4773b9992f34b878c5663f6e8cdb5f80a17f4d312bf342492e48d1ce4c6d754076a634fece61500acf8168d47381af4faf980c6cac2bfd5da8c09b6edb0f543bf0fe02643e38d73fa37d8ae87fb66193f22e57faf4393c007d48c8631a685d520578f8f89db684fb371ea02f3a58b1e2168f0216321139472e0d03b6d90ba8aab65402e1c1ac4f9172a60e27e3d997b9b05e2f672120d6c87bcafa6d4c9b4cf8ba8a82932d92840368fc53dc5b48526103dcab5f1531038aabe89171327ac559b98a3cf4ea70bf051
CT: 9c3faab9261a63cea9477b3269007283995b06ba77ef83d9e693f7e4ee9855550eef94855be39a7a435b6a3584b202973777c7b2482376ba47b49311947a64983b60236756ee4455d4cfada8c36af8eb06b06ba2f6b79ffb1185c89f2b2a831cfaa3855fc1841d8910908be5078352011168a67d36372d851a3217cabf593ea462dcd325cf9a4f67e85418fd5c924e9b92ab026cbee4e7ab1067066cb5949dfc699a68fe539e1abb13cec33904e5207e6963d24f5a0b770613b8b00014e791bfff88f9c25ca126127a2f8d1d1e9794efd28dce98b53e228073faae8d5047530d502184fc341321c3f55fcbf41187fc31262c325b97f519959b6a29b36c71f76f60196bb1457b77c8bb
TAG: b45df119043d29008fcef36a169ef886
KEY: 98cd2477a7a072c69f375b88d09ed9d7b9c3df3f87e36ce621726f76e3b41a1d
NONCE: 77d185aaf715aa48
IN: 42b31eefdacab0f03ef6060156000c8195adb0976cabbe1a42bfcc09f85659c60b98638401f2d2e2facfb9a97a62926bb0cecaf3af0180a01bfb6e576babf7fc43331937a92abd30cddfa3e450f895e9dd914dea3fafd759c136d685310ebce28ac0613ccdbf30115946c9634b67510b77d0e37f07714b2ddac9d7095b8d4bd887c132c4a9127eb01c8dedb4c39c87b98a741316656f9a8d5a5b0c0ac84789aa2347a5f99ca5ad55cd1bcf98f703eb4b00badb8a8555f38b3b368db8ba7ceea94e8b219f51edce75d84166b5602156ed5962a93a51db73c59d87e906179d7a74a2a2a69d8ad99f323225c87e475d3f771b4a203a2e2b03b458401044649fa6536dfab24d7037807dcbf6518e6578
AD: f5bb1496052a4361dddf72a288e36953a3d815d6876c013f1d6ba839e127f721b052b1f7d8ca20c7dc0386a7d459ebd7eb9fc8cb08941e6ca9ddb980f3115f65bc1928a414d441ae71dcb879d5bfe0cde0562bc37f8fde0d5291ad405c92fcbb860c43b55ac0fe663b54b3d0616aca13a5c82b7b5d34125a05c2acb5530141030e6f2aa0c8322b2c8fa307e7518918e550e9f48921c6168f094d8758e16b9f815fd0458095c4143f0922adb1840d0e685636825a9c90ee90ee537f4b8dceecbc4287c82dc9a00d7e51671e37ea284ee3ca501b1b2596459d3f592f70186f41125739e342c9f6be9241973b1414dfe5fb8cba1af82e679278cfcf95420df0c5364af4d7e72ad57d5c871fcbc35462
CT: 7a3bf3e3ad5ae3ab71fb1f7121c3d8fb511099484b50af7ca128ee0337ed4b828dc4cde0b88dc1e8089101fa82c9beb3eb48fdcf0f5b16da441f5a3fce9a590022af95a94aed6a3e71e505f60f303c78c356f274ea85a55354078530664ecda32c80e77dc20974b3b38f4825b8fbee8c3970769a2f42c5181608a8d7d76ef4d093961b665ee42b9708fcafe2c82d3a307173e2a25ad2528c3bf83352b9265e45b70722d7cf8c9b80826d21335234ee3db69d0d37871c83222365900c96c17a7e9f5742d0bfe383be24d0d44590d4b0f29f7abe0c65daaffb968b3f2657b1eb300534eacb52ec7a6b6f9f57a50a91b1799f491361cf613c934b7f520dc4eeeb40ffc45e10be0a95e76f366d4eac14
TAG: f613b65226afb64c614fe60d9c71ed74
KEY: 2f0f4631ab1c1bcf8f3ad0559c818d50e0af7d8cd63faa357f2069f30881d9cb
NONCE: 7d0ced2fdb1c9173
IN: 6516ba1d29357144eebfa486d21decf223da3aa76ec29bbfcbe7f1eeaf4a847710e5080177f7e5a7c8b4752c219b1cc70aef4db861ba67d0fa6222d9f4a1dc756a0ba44e62906f9374a960c16198866d867854d88f528a60e212eb91645787e75685b2e215c0a41990abc344a77236ec0186ba63a664592938cc5a8ac1d3eb99c95ce00e19fbe249263083d85b052d48bfdffc01585dc57bb2a2c6c4a819604c1ec0548c6f0f78dc05e4418b36277dc07233c7532f9c289d6aed0cc6bc7df4fd0a536c497b982e2dad2c30d2db1c6545a845c5dfa83a4ac49ef06fc9c919079d3e299e31b5c3be370814ae5022ae469d3ee55246a41bd0dc4e64351cc38c3c09af0a1aee3b388a6892deff0df3f93cd92d722b
AD: 1ccfa1ececc8de1e200d0ecc19dcf67b7c96bea3a282c2bccba61035db5c14776387b8b8f58e5757deb0129d4e5e315f64df354a5985d2e47ebbbeafe0c914f7cf1d63dd0311ace19e69a8b6ff0ab25cc8df0408d22132205e89e5eb679268d82b2913e64e3f885bbf4a6d379b760b94590e3140dd7275ab4713cb56d0b716e2718f11316640cb394802862d39e77a46d0c065af3caf7dec14e887039d8aa8c3d3a8ac1ee06026f49d00b2f59d971b54735e95a51f199389a93a4fc24ebaba1f7a2eef7412f61febf79084fbf481afc6fb6b204084e5ef5df71f30506459dea074f11fc055cd2a8c0fc922c4811a849984352a56a15659b7d07a4cc90b88623638ea00c4c8bc13884df2237b359f2877aa41d6
CT: e580093789ba17ffb46672dc326f09278aca08598d3e5458eaa53e6ed45d5c71a396e35b5ea3fe7b7c0496a734d24f1c75420694be2ff095d5172fd3407794e4b99fd7c374fbe8d1564a048614d3f355bfb5866de1a53e1a51f9f5e8312253cfd82f36efaa1898c850ca0d975ad1e8b0d9597a5a9e6516fe2a3c92efb7495557a8afc3da15b0d3e2ba58f612519836946cf2d15b898320d16a026c8c00a1be2e35f0ebe68f28d91c6c45d24c3f3c157cb132fa659b7794df883d90741fa2d2afcc4f27858e13ecd41b154a35d24947ae7361170060c107d8ecacb393ea67104b60457278a392fdf1794bab97d3b02b71a4eb015eaa38a4b4c944c2bc7cd5e329da4a1ab2937a6af81a6caa5fce752331fdefd4
TAG: 0fd7419c54bc84265ed310a3411a3f2e
KEY: a48b9b6df475e566aba7671fbd76772cb0eff0b12499967978ce3e25fac92feb
NONCE: 2ccbf0d6c40cb302
IN: 09da1cacd001dce4f7573a065a4406fe0da04ab367a2d87780a2762e168957a88d3fa78f0a4b6978d449026e5a801d32884b6e14fdaaaf864214f928ebc03dead081fee96683ebb032362d5088c4c2a3b1e242f055f2604919f4dd551db777a258cf9da6d95a2bde249247812b9efc7985cf08707620808524d6dd3079b0b63bf0f71ea5de834ccb8b7c6a97125fd6ca49148e866d3134bbf1d8a6b714e9a80fe549c8bfefe342f41be2ba2300e0028f78cefab65274632dfdbe70bf7d655ec4036df561f2d4fc4d56a482bbe2f9f2ae279b3aa216b39afee75e53602de319484db89a51e844f38c361634e474f8f1f01c340f3f3594860d671346449c6d08ee38de22d246309bc7e4a252a29c86aa6d94b5b4fa58904c70
AD: 1c2503d5aa1aad193f0da12874074ea0432bb76a61cd43a3017061514da0759846a0f3ae3a49fdb0b6d29f713de665beacb6568f2694112ca380d13f3c1698316866a7a7f87f1d7503a92176ab84fc08977b46ba664508a858e7525753c45511b3d2f407d5e993c6ede77f13d12975707e5195704970a89f71fc30828049f92f944f3aa93d6a5297e678e08952919beb7eac5919df1919cab3c3da6aa696a1eeab6371f310f7e81143e7d240b0213ae554524b52000306160dd4877bf13ba0f13bbe867da7c7d707f31335eef4cd942938ac890a0829ec66bd30ae01a2188a6e5ea0f17cd7dc875e17f03c0ab5dd18e36db8a1fc1f72859ee046b62368f168b3bea2234e0432c07b7d8e1b9277f21e692c513b9e816e6860
CT: 7d35cfe4be56bd6e0e09dedcd01735b915bc1891a4d1f6a541abc4bcd0ebe89dcb8e365e5813742e8ec65777b6159422fada747da99394252baf8a046fc1b60ad79755f545f4448627b7acaf403000894f5641e78d3f946dfca29ec617f0660dcd6e8d8827e67e1022a245c595d86e60fbd176bf721b171bbe5ecaf4ae671b9f3dd3920146e6ad431bd8fc431820e19454b6ca209723d80fdbee187fca9c937c979206ae97be55f6ba7366a5608770a11d537396485eb0a66586385f4d4cf3905d1fc90831c3e136d5d513fa22be285193142994a3ed477145bacdcbdd791e8b3b88b0d4f1d18b27382550a818c4fd8884bf36f677c6c3ff5677406e510911e696af75e5b3f859bef699bdd16e6215fdb98d874025eada50
TAG: 2aabff35611b3e0013f6ae0df130799b
KEY: 923d4b086b9e43b986f7b65e4cea6113a3d8aabefa89323c5e4d5b6f158bb7e0
NONCE: a0f73297b87f5deb
IN: 21435e8d5c8edf0684f58c2cba4070c10b4801adf46b6c4d322eb3990a38a9ad338ad704b9df6597f3e68d66cd5b56290c8466db2231e56d6bcb9c44e1bd081f42ca2a894dad369df2bd0d2c63d6c881732d6ea22bb22b5bc9a62eaffa1b094d0845f6b966d2cb095e7b3b8bcbc15e707449d35c8df4aea30c3b7243e977fffd59c80f1c5c9af4bb5a54b9c786fbbe8d21b2b906a87a786caed841a34a3e0cc0ac3209d83c58afba19edd63622dd261532d2cfb0b49d527d8eaa0887a087f5129d897f665264b229f860363d71a88b7d49c8dc6360182b357b0662391bb41337f46010ac32b9fada2d60a2efcb99365d3b27b7ac396900d1c821d0df8b86cc9cc1f2673259a33efea610bf8e1d00d7e9db2afea21da8f58c55f799999d
AD: c853a8b39c0dc597d562f123cd221e4104b65423a062a4f4ba890ba344feb84290f61817e23330c365f58c3583ce08360d3c1171982ead5496d525ac878f23a57480a6ee39d4e65afd6268245bb982a2545fa1195427cdbbcd404cdad5198f55cce2a5a028fae435f71b15921d066e8d43766c32b2f2c3f57c0674e129607dcd3703eca529414adaee79d81fed432153cceb6f3fc53404810d8ec878f7d94be5d379d0e0e1aa9bc404b4b5d396038a9d76a5ce53c9f3759b8e50fb331858ca58cee81bfc3ee58baef5d19c402a3dc8b36370ec1ace5a4aa2527fb94b4f933a4ab8ccaaf6a5af5a779eae5667c2a24ab027e781c8d4f30c377aa5885a2fdaf6507d18cd824a847c35368b4ea984d2c3c3824a5b8ba3042e1852504a21a3
CT: f2e21052eebbb86a4f5e803360855d8632aa727dca6f5e79dd74d7aff106e442001928d113005b030f8446f8eff2ee951db663978abe43090dd5ad2c51ba97a0ecf988c607d95e486d02524f690fa3c28d5c48c1f75c1f555e7b43fe7e46f2ca2b9fdb408ec4ba18b6cdde2af673183cb7b1a3c23ae77eddd4cac75e1ea14743fc571f8d31ce2e96787524cd48aadaa474181c096a032184574ddc25a6e0ac8441c212bc36298708e33c963ae931e6c6241d1affeef7b6ef759495df44b6ab647447693cf703569e69aa72f1def9a342b8978c1edea9703a421ca75b92cac4de14b88c693200022b8a2ed22b1c4678b99f4d695e080dd1196d7168e14f0d0f8ff880d742e97b9f6d00af1f7118e10b77c5ef3ea6c52f84a20fd6ea46dc
TAG: fa8ee13400fb3f63b899df582f2fec45
KEY: df73adab2768559ea983cce85453fe81d79be3b3c57f202b31b94d6635cf2e4b
NONCE: e7a87e6bf6b5a354
IN: 0032a37abf661faa18c587fd2aa88885c061deeba81105dd221969bed5d59c7204b09b1a8c4c8de3b9f748c7fc70626ebeaca060233a57b102221b1bf0f3d9fdaaad3d2b1439c24d08f9c67f49f3c47128f92ee530abf4c4f4573bc60ae4b38109f55bca3ca9e1ba9f9fd6e34ba0d174892977a53356e1f5c88c614fe3ff3b3dd0818e7a2285412e3b37444bbe8a80942efcfd03958809a6966cda9430b2f0c9e552f4bced6e19eb3e85fc5758bd7b588297ccbed37ed94c3adc8c08ea8b058462aac9d57a939ec711bc4ecfec944d2b653b7cfc7b02a65d7057c9fdadd51b9da8cc4a3c68dae9da8b9c5319c1a2baa3d6c891c5ac4a39461484b5a01abc64df447ada24c04a4363e605eaccf339a9aa515e724206206da6d22bbd2f52e64cd7c895
AD: f833e5ab4f8bc89167f80f576b1d6b22cdd0e30721f5f735799746cf645b6eff531d4c7b03584f3dfcb73cbd35ac42736216dc7f0de098a4f42c61ceb4b227ee288e47d697a0a76afc762f084e8fdbf9351c28340c324771c109a469341ab10ca10483ed2af5e878d7d3dc2bced2f72da3d1a25852b103ee9878e8158eb4309c1ce528f3a178ace153b6d3ae0af0d577cb3cb1540489e80427f792217ad8a09b84f027fca7ceb651b4264e98e94b4cb8a37b133390897233e8ba9103628d05b9609e8552c4a4b11e3f2fa8d56af36957390e88cba44656be3edace798cf8cdf7771bac338a256bc3cba6df97728f222f423ca7c6d149c9372d66163a98f79a234b00d4b75fb2ec860dcc2d1998105e4b9c01d68f079f3e0aa21cc534047fc7b858f8
CT: b842eadfdf431c135bd6581d3eccae54e2267d8890036aa33dfe2d2d9715c44625441210a3a0d666d708d30588fe851ec36e10d8fa3584ed77b095149494b7c54379d62c8935e1d2b9a8f47e4759ad0b3437fdf2cc2fb6c5ea25ad10e0bdc9dc5b0517fc237eb783cc461c46665e2b1d1a5b8008dbf409ea2a63fea0276de23a32c99d92a498807a0f95e208fc6262321a78aafaf0cc3f833fff37bd4efa66f6023a25cdc6702cee3912799563d908a5183c9956a06aa71085d855dc7c809ed6e2889592b361ab3ab39060f8e419152187a794a19c2a1128882201900ea2cd597860674bf78d9720643df8701676718fd201baed4935a88e50558daf86edd08a9ab227ac7afae55c974b68de8dacad4a4d79b13ed6dfe74017a4cb9148e033436fb6
TAG: 184095b7a8190abec08bb72d19eeb103
KEY: 55a4be2448b464c2ea52a2f2664ed6aba865c14ea1fea77f4689331fd105c8d4
NONCE: db37c0a405b4626d
IN: d266e66272e5d3462081b004cb42429c8b9741e9f678153754d726f6f9aa513464763c5e793b482fe512fece97585f1426120d4cefb3d0a8cc0a8db4bde93fc72c78f44d4fecca14650c660d3e285b327e7cdd813063e7e867b8a2d059a41bab70432b7f857199894da90dca3fe5272bae1ec694a1a07b60b05df275784d4975637e4673109f3ba846dfd1a048b202ed8e89973be608b91ee4743b1e759900f1443038951fe6189e806638985f3c16338c3c60695df58e621154d79bb973859c4558e9dca90470f77c73f004443ad5db0717abbe43266f90e57397b83ac34d1fef2e897e2483d5bcdcb627abd64b0d1aef525835f25e76d6e9158232cdde6dce970b59f58de8a98e653be32fb58edabbcefa5065d73afdf1c9c4fbf50c1022bd22bfcb98e4b422
AD: fd6a3fdd879f8880843eac20ae01c1b9dc3487d270a806572088ef2ddc1f1e0de495e71d4813bf5c501ad31e5d791c4b5b3a0a71b63fdddcc8de4b056064ef467989ecccc5d0160d403bf3a025d4892b3b1de3e062bc3581d4410f273338311eb4637529e4a680a6e4a5e26e308630a5b6d49ead6d543f8f2bf9050aa94ce091318721e1d8b96e279f34b9759b65037bec4bf6ccda6929705aeeeebe49e327e4d7a916620c9faf3765120658af34c53fbb97ec07657b3f088fcbdc401aa7949ddeda34d885018c2c23f4f0bb8218bf0d4fc90643658b4d8834f4a8c08e590c2a790995baa9e77627c342d283e454f84fcc05be15e9627a2d9be340c9d72f222bbdfc47905f56616cd9f936d49e4732f319f020513340fb8b22828db251b102b6b137c9533936d6
CT: bd11ed07b7b4b30eeaf25d6a41a549cca0a5aee71f990ac566a37265d7af2ce3c03703427ee0b2755c2bdfc29f9d826aec6ee4ad28af48079ac23db16580b97424f3a4e35cc23625d39f95699d9ff5143e9a2bc26fcfee4f125f5aa2d968ccfc2faaf9db3c28850f6757f735cbc50c94c498bcde4f23bffafa8dd5f70d1a011e35eb26e905d4e68848fedebeb197be595c085ba33f11ba8398258445051751888e9bba111f800f31b37c447074ca6dce6d54b4dfad6cee5138643d4f6ac045e8047248924e88ea4294c7878bc22c9b41924ce301f22693c33733107bf1ba85e34806c5e4366ea66fc52a5f89dd9bf213239158b3d4d2600dde696c61d76c398b9bf10de9118e812e891c8f3355c0ecc6405f79bc32a58905e37888a1d8395fbedc3ac54eca569f
TAG: f7d3b58a34a86e99267e5db206f17bbe
# BoringSSL has additional tests here for truncated tags. *ring* doesn't
# support tag truncation, so those tests were removed.
crypto/cipher/test/chacha20_poly1305_tests.txt
+226 -176
View File
@@ -1,474 +1,524 @@
# Test vector from RFC 7539 Section 2.8.1.
KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
NONCE: 070000004041424344454647
IN: "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
AD: 50515253c0c1c2c3c4c5c6c7
CT: d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116
TAG: 1ae10b594f09e26a7e902ecbd0600691
# Test padding AD with 15 zeros in the tag calculation.
KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
NONCE: 070000004041424344454647
IN: "123456789abcdef0"
AD: "1"
CT: ae49da6934cb77822c83ed9852e46c9e
TAG: dac9c841c168379dcf8f2bb8e22d6da2
# Test padding IN with 15 zeros in the tag calculation.
KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
NONCE: 070000004041424344454647
IN: "1"
AD: "123456789abcdef0"
CT: ae
TAG: 3ed2f824f901a8994052f852127c196a
# Test padding AD with 1 zero in the tag calculation.
KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
NONCE: 070000004041424344454647
IN: "123456789abcdef0"
AD: "123456789abcdef"
CT: ae49da6934cb77822c83ed9852e46c9e
TAG: 2e9c9b1689adb5ec444002eb920efb66
# Test padding IN with 1 zero in the tag calculation.
KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
NONCE: 070000004041424344454647
IN: "123456789abcdef"
AD: "123456789abcdef0"
CT: ae49da6934cb77822c83ed9852e46c
TAG: 05b2937f8bbc64fed21f0fb74cd7147c
# Test maximal nonce value.
KEY: 808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f
NONCE: ffffffffffffffffffffffff
IN: "123456789abcdef0"
AD: "123456789abcdef0"
CT: e275aeb341e1fc9a70c4fd4496fc7cdb
TAG: 41acd0560ea6843d3e5d4e5babf6e946
# Test vectors from chacha20_poly1305_deprecated_tests.txt, modified for the
# RFC 7539 AEAD construction.
KEY: 9a97f65b9b4c721b960a672145fca8d4e32e67f9111ea979ce9c4826806aeee6
NONCE: 000000003de9c0da2bd7f91e
IN: ""
AD: ""
CT: ""
NONCE: 3de9c0da2bd7f91e
IN:
AD:
CT:
TAG: 5a6e21f4ba6dbee57380e79e79c30def
KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5
NONCE: 000000001e8b4c510f5ca083
NONCE: 1e8b4c510f5ca083
IN: 8c8419bc27
AD: 34ab88c265
CT: 1a7c2f33f5
TAG: 2a63876a887f4f080c9df418813fc1fd
TAG: 2875c659d0f2808de3a40027feff91a4
KEY: 4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd1100a1007
NONCE: 00000000cd7cf67be39c794a
NONCE: cd7cf67be39c794a
IN: 86d09974840bded2a5ca
AD: 87e229d4500845a079c0
CT: e3e446f7ede9a19b62a4
TAG: 356d9eda66d08016b853d87c08b5c1b3
TAG: 677dabf4e3d24b876bb284753896e1d6
KEY: 422a5355b56dcf2b436aa8152858106a88d9ba23cdfe087b5e74e817a52388b3
NONCE: 000000001d12d6d91848f2ea
NONCE: 1d12d6d91848f2ea
IN: 537a645387f22d6f6dbbea568d3feb
AD: bef267c99aec8af56bc238612bfea6
CT: 281a366705c5a24b94e56146681e44
TAG: 59143dab187449060a3ec2a1681613cc
TAG: 38f2b8ee3be44abba3c010d9cab6e042
KEY: ec7b864a078c3d05d970b6ea3ba6d33d6bb73dfa64c622a4727a96ede876f685
NONCE: 000000002bca0e59e39508d3
NONCE: 2bca0e59e39508d3
IN: b76733895c871edd728a45ed1a21f15a9597d49d
AD: cc1243ea54272db602fb0853c8e7027c56338b6c
CT: 1fb9b2958fce47a5cada9d895fbb0c00d3569858
TAG: 219b4252deb16a43b292165aabc5d5ce
TAG: 042ad5042c89ebc1aad57d3fb703d314
KEY: 2c4c0fdb611df2d4d5e7898c6af0022795364adb8749155e2c68776a090e7d5c
NONCE: 0000000013ce7382734c4a71
NONCE: 13ce7382734c4a71
IN: 0dc6ff21a346e1337dd0db81d8f7d9f6fd1864418b98aadcdb
AD: 0115edcb176ab8bfa947d1f7c3a86a845d310bf6706c59a8f9
CT: dad65e4244a1a17ce59d88b00af4f7434bd7830ffdd4c5558f
TAG: 7ae32f186cf9ec59b41b764b34307d4f
TAG: ac1437b45d8eacf9c0fe547c84fb82a2
KEY: c66e89fbab01208f6a60847f4f34b38d27b554c119cf8d9e0b118aa7266ab865
NONCE: 000000005d9856060c54ab06
NONCE: 5d9856060c54ab06
IN: f9e3e9b5ed07b2080db8c1ffc37e4a6cb3cd544608921e18610d00b17c6e
AD: 85c112a1efe0a20ef3a550526a7afbc98f6367ebbede4e703099abd78f51
CT: b5cc754f6dd19ef2d66f90e6bc9a322ddf216ef248cbe76b5ab6dd53bc36
TAG: d3f7b9c295f374651a84138648a5919a
TAG: 6dd98710d8a889dceea0d0a936f98617
KEY: a8b9766f404dea8cf7d7dfaf5822f53df9ccd092e332a57f007b301b507d5e14
NONCE: 00000000c7f2f7a233104a2d
NONCE: c7f2f7a233104a2d
IN: 4d6faeaee39179a7c892faae3719656cc614c7e6ecd8fcb570a3b82c4dace969090338
AD: c6d83b6a56408a356e68d0494d4eff150530b09551d008373d6dee2b8d6b5619d67fdb
CT: a15443f083316eef627a371f4c9ac654d0dd75255d8a303125e9f51af4233ff4ceb7fe
TAG: 63c2b4e0973096299488b0a66ffa54c1
TAG: 52504e880f6792a60708cc6db72eae42
KEY: 5e8d0e5f1467f7a750c55144d0c670f7d91075f386795b230c9bf1c04ba250bc
NONCE: 0000000088049f44ba61b88f
NONCE: 88049f44ba61b88f
IN: 51a1eebcc348e0582196a0bce16ed1f8ac2e91c3e8a690e04a9f4b5cf63313d7ad08d1efbff85c89
AD: 5d09bf0be90026f9fc51f73418d6d864b6d197ea030b3de072bd2c2f5cab5860a342abbd29dba9dc
CT: 35aa4bd4537aa611fd7578fc227df50ebcb00c692a1cf6f02e50ed9270bd93af3bc68f4c75b96638
TAG: 4461139c4055333106cf7f7556fd4171
TAG: ccea1cbbc83944cc66df4dbf6fb7fc46
KEY: 21a9f07ec891d488805e9b92bb1b2286f3f0410c323b07fee1dc6f7379e22e48
NONCE: 00000000066215be6567377a
NONCE: 066215be6567377a
IN: c1b0affaf2b8d7ef51cca9aacf7969f92f928c2e3cc7db2e15f47ee1f65023910d09f209d007b7436ee898133d
AD: dfdfdf4d3a68b47ad0d48828dc17b2585da9c81c3a8d71d826b5fa8020fee002397e91fc9658e9d61d728b93eb
CT: 8ff4ceb600e7d45696d02467f8e30df0d33864a040a41ffb9e4c2da09b92e88b6f6b850e9f7258d827b9aaf346
TAG: b2ad07b86aca1b3ab34033c12d6a08cc
TAG: 4eeddc99784011f0758ba5ebfba61827
KEY: 54c93db9aa0e00d10b45041c7a7e41ee9f90ab78ae4c1bba18d673c3b370abde
NONCE: 000000003f2d44e7b352360f
NONCE: 3f2d44e7b352360f
IN: 1241e7d6fbe5eef5d8af9c2fb8b516e0f1dd49aa4ebe5491205194fe5aea3704efaf30d392f44cc99e0925b84460d4873344
AD: f1d1b08dd6fe96c46578c1d1ad38881840b10cb5eae41e5f05fe5287223fa72242aea48cb374a80be937b541f9381efa66bb
CT: 027b86865b80b4c4da823a7d3dbcf5845bf57d58ee334eb357e82369cc628979e2947830d9d4817efd3d0bc4779f0b388943
TAG: 6de01091d749f189c4e25aa315b31495
TAG: 4303fa0174ac2b9916bf89c593baee37
KEY: 808e0e73e9bcd274d4c6f65df2fe957822a602f039d4752616ba29a28926ef4a
NONCE: 000000001b9cd73d2fc3cb8e
NONCE: 1b9cd73d2fc3cb8e
IN: 3436c7b5be2394af7e88320c82326a6db37887ff9de41961c7d654dd22dd1f7d40444d48f5c663b86ff41f3e15b5c8ca1337f97635858f
AD: d57cfbe5f2538044282e53b2f0bb4e86ea2233041fb36adb8338ded092148f8c2e894ef8766a7ec2dd02c6ac5dbab0c3703c5e9119e37c
CT: 9b950b3caf7d25eaf5fca6fa3fe12ed077d80dcd5579851233c766bb8bb613ec91d925a939bb52fb88d5eda803cfe2a8cda2e055b962fd
TAG: 0887ec7d5e1a4e532746ec247a30825a
TAG: 6bf5b718f5bbe1395a5fdfcbbef752f5
KEY: 4adfe1a26c5636536cd7cb72aa5bded0b1aa64487ad0e4078f311e8782768e97
NONCE: 00000000d69e54badec11560
NONCE: d69e54badec11560
IN: 19b3f9411ce875fcb684cbdc07938c4c1347e164f9640d37b22f975b4b9a373c4302ae0e7dfdeba1e0d00ced446e338f4c5bc01b4becef5115825276
AD: bda1b0f6c2f4eb8121dcbd2eebd91a03ae1d6e0523b9b6f34b6f16ceca0d086654fb0552bfd5c8e1887730e1449ea02d7f647ae835bc2dab4bbc65b9
CT: ea765a829d961e08bacaed801237ef4067df38ad3737b7c6de4db587a102a86fc4abbaabea0ee97c95ca7f571c7bab6f38cbae60cd6e6a4ce3c7a320
TAG: a27f18846f5a4f7fcc724656c91cf4f3
TAG: b425cdf10cd0123a7e64b347c6b4b1f0
KEY: eb3db86c14b7cc2e494345d0dfb4841bbd3aa1e2bc640cca0c6c405520685639
NONCE: 0000000088b54b28d6da8c81
NONCE: 88b54b28d6da8c81
IN: f75c0a357271430b1ecff07a307b6c29325c6e66935046704a19845e629f87a9e3b8aa6c1df55dd426a487d533bb333e46f0d3418464ac1bef059231f8e87e6284
AD: 34b08bb0df821c573dcb56f5b8b4a9920465067f3b5bf3e3254ea1da1a7fc9847fd38bdfe6b30927945263a91fa288c7cf1bee0fddb0fadf5948c5d83eb4623575
CT: 146ec84f5dc1c9fe9de3307a9182dbaa75965bf85f5e64563e68d039a5b659aa8863b89228edb93ff3d8c3323ab0d03300476aa4aca206d4626a6b269b2078912d
TAG: 854cbb42bade86a09597482c8604681a
TAG: 0058a8dff32c29935c62210c359bd281
KEY: dd5b49b5953e04d926d664da3b65ebcffbbf06abbe93a3819dfc1abbecbaab13
NONCE: 00000000c5c8009459b9e31a
NONCE: c5c8009459b9e31a
IN: f21f6706a4dc33a361362c214defd56d353bcb29811e5819ab3c5c2c13950c7aa0000b9d1fe69bb46454514dcce88a4a5eda097c281b81e51d6a4dba47c80326ba6cea8e2bab
AD: fe6f4cbb00794adea59e9de8b03c7fdf482e46f6c47a35f96997669c735ed5e729a49416b42468777e6a8d7aa173c18b8177418ded600124a98cbb65489f9c24a04f1e7127ce
CT: 911ead61b2aa81d00c5eff53aeea3ab713709ed571765890d558fb59d3993b45f598a39e5eff4be844c4d4bd1ef9622e60412b21140007d54dcf31b2c0e3e98cf33a00fd27f0
TAG: 2865d2a26f413cc92416340f9491e1be
TAG: d38d672665e2c8c4a07954b10ecff7d9
KEY: 3b319e40148a67dc0bb19271d9272b327bc5eee087173d3d134ad56c8c7dc020
NONCE: 00000000ce5cf6fef84d0010
NONCE: ce5cf6fef84d0010
IN: 27b5627b17a2de31ad00fc2ecb347da0a399bb75cc6eadd4d6ee02de8fbd6a2168d4763ba9368ba982e97a2db8126df0343cdad06d2bc7d7e12eec731d130f8b8745c1954bfd1d717b4ea2
AD: a026b6638f2939ec9cc28d935fb7113157f3b5b7e26c12f8f25b36412b0cd560b7f11b62788a76bd171342e2ae858bcecb8266ff8482bbaed593afe818b9829e05e8e2b281ae7799580142
CT: 368fb69892447b75778f1c5236e1e9d5d89255c3d68d565a5bba4f524d6ad27de13087f301e2ef4c08f5e2c6128b1d3e26de845c4ac4869e4c8bd8858ad0d26dec3b5d61a9e3666a3911ba
TAG: 1414f1b91966340417c38226ccca9d3d
TAG: 2e70564c3999c448d92cc6df29d095c4
KEY: 43bf97407a82d0f684bb85342380d66b85fcc81c3e22f1c0d972cd5bfdf407f4
NONCE: 000000008b6ba494c540fba4
NONCE: 8b6ba494c540fba4
IN: 4b4c7e292a357f56fdf567c32fc0f33608110d7ce5c69112987d7b5a0bd46d8627a721b0aed070b54ea9726084188c518cba829f3920365afc9382c6a5eb0dd332b84612366735be2479b63c9efc7ff5
AD: 1e0acf4070e8d6758b60d81b6d289a4ecdc30e3de4f9090c13691d5b93d5bbcef984f90956de53c5cf44be6c70440661fa58e65dec2734ff51d6d03f57bddda1f47807247e3194e2f7ddd5f3cafd250f
CT: d0076c88ad4bc12d77eb8ae8d9b5bf3a2c5888a8d4c15297b38ece5d64f673191dc81547240a0cbe066c9c563f5c3424809971b5a07dcc70b107305561ce85aecb0b0ea0e8b4ff4d1e4f84836955a945
TAG: c5ca34599c6a8b357c6723ee12b24da8
TAG: 75c9347425b459af6d99b17345c61ff7
KEY: 12fc0bc94104ed8150bde1e56856ce3c57cd1cf633954d22552140e1f4e7c65d
NONCE: 00000000d3875d1b6c808353
NONCE: d3875d1b6c808353
IN: 24592082d6e73eb65c409b26ceae032e57f6877514947fc45eb007b8a6034494dde5563ac586ea081dc12fa6cda32266be858e4748be40bb20f71320711bf84c3f0e2783a63ad6e25a63b44c373a99af845cdf452c
AD: b8be08463e84a909d071f5ff87213391b7da889dc56fd2f1e3cf86a0a03e2c8eaa2f539bf73f90f5298c26f27ef4a673a12784833acb4d0861562142c974ee37b09ae7708a19f14d1ad8c402bd1ecf5ea280fab280
CT: 9d9ae6328711fb897a88462d20b8aa1b278134cdf7b23e1f1c809fa408b68a7bfc2be61a790008edaa98823381f45ae65f71042689d88acfa5f63332f0fba737c4772c972eba266640056452903d6522cefd3f264e
TAG: e84211b6cfd43543f8b1b4db07a494d1
TAG: e9c982d4ade7397bcfaa1e4c5a6cd578
KEY: 7b6300f7dc21c9fddeaa71f439d53b553a7bf3e69ff515b5cb6495d652a0f99c
NONCE: 0000000040b32e3fdc646453
NONCE: 40b32e3fdc646453
IN: 572f60d98c8becc8ba80dd6b8d2d0f7b7bbfd7e4abc235f374abd44d9035c7650a79d1dd545fa2f6fb0b5eba271779913e5c5eb450528e4128909a96d11a652bf3f7ae9d0d17adbf612ec9ca32e73ef6e87d7f4e21fe3412ce14
AD: 9ff377545a35cf1bfb77c734ad900c703aee6c3174fdb3736664863036a3a9d09163c2992f093e2408911b8751f001e493decc41e4eeeed04f698b6daed48452a7e1a74ec3b4f3dcf2151ca249fa568aa084c8428a41f20be5fd
CT: 229da76844426639e2fd3ef253a195e0a93f08452ba37219b6773f103134f3f87b1345f9b4bf8cfc11277c311780a2b6e19a363b6ac2efe6c4cc54a39b144e29c94b9ebbde6fd094c30f59d1b770ebf9fcad2a5c695dc003bf51
TAG: 55e025a1eb87bc84d4be00c775c92ad2
TAG: b72acab50131a29558d56ae7b9d48e4e
KEY: 4aeb62f024e187606ee7cc9f5865c391c43df1963f459c87ba00e44bb163a866
NONCE: 000000009559bd08718b75af
NONCE: 9559bd08718b75af
IN: c5d586ceece6f41812c969bcf1e727fe6ff8d1ae8c8c52367c612caa7cdf50e0662f5dffc5ea7d3cc39400dfe3dc1897905f6490fd7747b5f5f9842739c67d07ce7c339a5b3997a7fb4cd0d8e4817ff8916b251c11ef919167f858e41504b9
AD: 51f5b503b73a5de8b96534c2a3f2d859ece0bd063ea6dfa486a7eec99f6c020983f7148cccb86202cf9685cc1cc266930f04e536ad8bc26094252baa4606d883bd2aeed6b430152202e9b6cc797ff24fc365315ed67391374c1357c9a845f2
CT: 252ea42b6e5740306816974a4fe67b66e793ebe0914778ef485d55288eb6c9c45fa34ac853dc7a39252520514c3cb34c72b973b14b32bc257687d398f36f64cc2a668faffa7305ab240171343b5f9f49b6c2197e4fbe187b10540d7cdcfa37
TAG: ab1d8a5a1f3eda9b5609c0028737477f
TAG: 711ff33ef8d2b067a1b85c64f32f1814
KEY: 9a19e72f005cae1ae78b8e350d7aabe59fc8845999e8c52fad545b942c225eaf
NONCE: 00000000d9dae2ea8d2ffc31
NONCE: d9dae2ea8d2ffc31
IN: 2110378d856ded07eb2be8e8f43308e0c75bc8a3fcc7b1773b0725b7de49f6a166c4528e64120bdf7c9776615d3ce6feeb03de964a7b919206a77392f80437faceb6745845cafc166e1c13b68e70ca2a1d00c71737b8fcbbbd50902565c32159e05fcd23
AD: 1cd73b72c4e103afbefd7c777e0480f3f5e68c60b85bd2e71ef5caebb175d7fc6535d39f38f92c24f2eb0fe97d878ed3d5967c0bb4394a5d41f7d34cda6e1523d3848f049cde554a7d31e1afeab5d3e6150f85858335cbd28c8a7f87d528058df50eea06
CT: 5f009fbce4ec8e4ca9d8d42258b1a3e4e920b2fbad33d5e9f07557d9595e841025193b521ba440110dd83958e8ee30219d952b418e98a6c624894aa248aedc0678f2d263e7bfaf54ca379fef6c5d2f7ac422ea4b4369408b82d6225a7a2cf9a9f46fd4ef
TAG: 1c6bdff7d8b9554dc7bf40e50b37d352
TAG: aa0a5fa7d3cf717a4704a59973b1cd15
KEY: ba1d0b3329ecc009f1da0fab4c854b00ad944870fdca561838e38bad364da507
NONCE: 000000008a81c92b37221f2f
NONCE: 8a81c92b37221f2f
IN: 6289944ffa3ccea4bf25cd601b271f64e6deb0eba77d65efb4d69ca93e01996e4727168b6f74f3ccf17bd44715f23ceb8fc030c0e035e77f53263db025021fd2d04b87a1b54b12229c5e860481452a80a125cb0693a2ba1b47e28ee7cbaf9e683c178232c7f6d34f97
AD: e57883961b8d041d9b9eeaddcfd61fa9f59213f66571fadffffdd1498b9b014f1ef2e7e56c3044d7f9fa7a1403a1169e86430a2a782137093f5456e142aad03a5f7a66d38009dd01b7fc02c9cf61642dedaf7cc8d46066c281ee17780674c3a36eae66c58d2d765075
CT: 9c44d9135db0dbf81c862c1f69bec55a279794cdd29a58e61909aa29ec4c120c9c5a508d856b9e56138095714a4bb58402a1ad06774cf4ecdf2273839c0007cb88b5444b25c76f6d2424281101d043fc6369ebb3b2ff63cdb0f11a6ea1b8a7dafc80cdaef2813fa661
TAG: 689a141bc11159d306dad7a4ecf6ad9d
TAG: 65c746f659bcbdcd054e768c57c848c9
KEY: 0cf8c73a6cffc1b8b2f5d320da1d859d314374e4a9468db7fd42c8d270b7613a
NONCE: 000000003c4c6f0281841aff
NONCE: 3c4c6f0281841aff
IN: 4434728d234603c916e2faa06b25d83bad3348990ecde2344368d1a7af1309bd04251bb2e0b72044948f8dea33cce2618283b6af742073a9586b26c1089335fe735141e099785a1235810a3a67ff309e2f0ce68220ba0077ad1a5dc1a4aef898a3b9ff8f5ad7fe60149bd0bd6d83
AD: a38d09a4f1c9241623c639b7688d8d35345ea5824080c9d74e4352919db63c74d318f19e1cbb9b14eebd7c74b0ad0119247651911f3551583e749ea50ff648858dcaaa789b7419d9e93a5bf6c8167188dbac2f36804380db325201982b8b06597efeb7684546b272642941591e92
CT: bdfbfea261b1f4c134445321db9e6e40476e2dd2f4e4dbe86e31d6a116d25830762e065b07b11a3799aab93a94b4f98c31c0faeb77ec52c02048e9579257e67f5a6bae9bc65210c25b37fc16ee93bda88fd5f30a533e470b6188c6ce5739fa3e90f77120b490fc1027964f277f40
TAG: 780cc54bb6f1c9b78545c1562cd9d550
TAG: 4993ee9582f58eabdb26b98c4d56a244
KEY: 69f4e5788d486a75adf9207df1bd262dd2fe3dd3a0236420390d16e2a3040466
NONCE: 000000006255bf5c71bb27d1
NONCE: 6255bf5c71bb27d1
IN: c15048ca2941ef9600e767a5045aa98ac615225b805a9fbda3ac6301cd5a66aef611400fa3bc04838ead9924d382bef8251a47f1e487d2f3ca4bccd3476a6ca7f13e94fd639a259ef23cc2f8b8d248a471d30ac9219631c3e6985100dc45e0b59b8fc62046309165ddb6f092da3a4f067c8a44
AD: 0c83039504c8464b49d63b7f944802f0d39c85e9f3745e250f10119fa2c960490f75ae4dced8503b156d072a69f20400e9494ab2fa58446c255d82ff0be4b7e43046580bc1cf34060c6f076c72ea455c3687381a3b908e152b10c95c7b94155b0b4b303b7764a8a27d1db0a885f1040d5dbcc3
CT: f0bb2b73d94f2a7cef70fe77e054f206998eacf2b86c05c4fa3f40f2b8cebf034fe17bcbee4dea821f51c18c0aa85b160f8508bd1dc455cc7f49668b1fb25557cdae147bf2399e07fcacaca18eccded741e026ef25365a6b0f44a6b3dd975ee6bb580f5fccd040b73c18b0fbf8f63199ba10fe
TAG: 2ecccea4607d14dbb2d2475792aeb468
TAG: 4236a8750f0cafee3c4a06a577a85cb3
KEY: ad7b9409147a896648a2a2fe2128f79022a70d96dc482730cd85c70db492b638
NONCE: 00000000a28a6dedf3f2b01a
NONCE: a28a6dedf3f2b01a
IN: 791d293ff0a3b8510b4d494b30f50b38a01638bf130e58c7601904f12cb8900871e8cf3d50abd4d34fda122c76dfee5b7f82cd6e8590647535c915ae08714e427da52f80aef09f40040036034ca52718ea68313c534e7a045cd51745ec52f2e1b59463db07de7ca401c6f6453841d247f370341b2dbc1212
AD: 9a6defddb9b8d5c24a26dd8096f5b8c3af7a89e1f7d886f560fabbe64f14db838d6eb9d6879f4f0b769fe1f9eebf67fcd47b6f9ceb4840b2dba7587e98dc5cae186ef2a0f8601060e8058d9dda812d91387c583da701d2ba3347f285c5d44385a2b0bf07150cbc95e7fcfa8ae07132849a023c98817c03d2
CT: c2f109d6d94f77a7289c8a2ab33bc6a98d976554721b0c726cbf4121069473e62ba36e7090e02414f3edc25c5d83ac80b49ad528cda1e3ad815b5a8c8ae9ad0753de725319df236983abd3f69ab4465d9b806c075b1896d40bdba72d73ba84c4a530896eb94ffccf5fb67eb59119e66a1861872218f928cf
TAG: 17ec6cf2b172f01e3c456ad047196805
TAG: e48dc0153d5b0f7edb76fc97a0224987
KEY: 48470da98228c9b53f58747673504f74ca1737d7d4bb6dbf7c0cba6ca42f80b9
NONCE: 0000000056fb4923a97e9320
NONCE: 56fb4923a97e9320
IN: bc6626d651e2b237f22ee51608ddcffeba5f31c26df72f443f701f2b085d6f34f806e29673584cb21522179edb62a82427d946acabce065b88b2878e9eb87ed1004e55ef58f51ec46375ac542c5782725ff013136cb506fcf99496e13fcd224b8a74a971cc8ddb8b393ccc6ac910bd1906ea9f2ed8a5d066dc639c20cd
AD: df8ab634d3dca14e2e091b15ecc78f91e229a1a13cba5edd6526d182525ec575aa45bc70fb6193ffcd59bad3c347159099c4f139c323c30a230753d070018786b2e59b758dd4a97d1a88e8f672092bef780b451fd66ba7431cbb5660ea7816cdf26e19a6ebb9aadc3088e6923f29f53f877a6758068f79a6f2a182b4bf
CT: a62e313ecf258cc9087cbb94fcc12643eb722d255c3f98c39f130e10058a375f0809662442c7b18044feb1602d89be40facae8e89ca967015f0b7f8c2e4e4a3855dbb46a066e49abf9cef67e6036400c8ff46b241fc99ba1974ba3ba6ea20dc52ec6753f6fc7697adbccd02b0bbea1df8352629b03b43cc3d632576787
TAG: d29a8968067aeb457ffc114c3a9efb95
TAG: 675287f8143b9b976e50a80f8531bd39
KEY: b62fb85c1decd0faf242ce662140ad1b82975e99a3fa01666cac2385ab91da54
NONCE: 000000002f4a5ca096a4faf8
NONCE: 2f4a5ca096a4faf8
IN: 03b14f13c0065e4a4421de62ab1d842bffb80f3da30bf47d115c09857f5bdd5756fd7c9ac3d9af1c9fb94f2640f7f4386cfba74db468e5288dbe4dd78bfe4f69e41480ca6138e8beacc6eaa3374157c713cfa900c07dd836eaecc8827fa3e70e052ae09e8473e2ae1a10b1bb669ef60a8dd957f6553daa8114918e17371f2ac327bd
AD: cfe3b7ab7550b0e8e2e8235fa0dcef95647ce6814abd3dc3f5a3bd7d6d282504660c34ad8341e4d11402c7d46c83a494d7ddb105e1002979023e0e3dc2978c9ae53e10eb8567e7a02b60e51e945c7040d832ca900d132b4205a35034fed939a1b7965183c25654931a9b744401c4649c945710b0d9733b87451348b32ba81de30ea7
CT: 8965db3d3ae4fb483208f147276e7d81b71a86e7202ffc9b1eaade009bc016838dc09ca4bcf30887b2f4243fbd652cd90ebed1ceef8151ff17ea70518d03b0f2a24960aa7de9b30fa65c2e2d57360061aae6d9376e984e9fcd5e5dd0911a4bc8deca832ffb76f252bd7da523076593ba6b174f7d9fb0377e066ecbb6638036241e86
TAG: 28a5284696ed82714eaa94c9ebe6e815
TAG: 3d0fc53e9058c2be32aa0850e0fab5a6
KEY: de9c657258774d4ebc09d109a0fc79d66493ae578797cac4eb8830a6a4b547e0
NONCE: 00000000b5e35fe3398efa34
NONCE: b5e35fe3398efa34
IN: 4d68fb683aa4f4c7a16ba1114fc0b1b8d8898610fa2763e435ded8771b3651078bef73d4dfd14e76a34cd5eb9ef4db4ead4da9e83f4ce50fe059977b2d17d687c29335a04d87389d211f8215449749969f7652dc1935a0f9a94538dc81dc9a39af63446a6517609076987920547d0098a9c6766cf5e704883ea32feaea1889b1554b5eb0ce5ecc
AD: 436ea5a5fee8293b93e4e8488116c94d3269c19f1d5050def23d280515457b931bbed64a542b317cc5023d648330a4b7adca14dd6f3783207b94f86ccaa0a0ac39b7db00ac87a99e3cd8a764ed9c75da8454479636ab2b29e770b166a5b75cacc425c919bf1ce9ac34afe6b4425c3d9fd2e48bc81e7d15516d60e592bfcc2ebefb660f0995f2b5
CT: 97a97b8f0f5420845ae8d57567f9bba693d30e6db916fad0b971f553ad7d993f806f27ab8b458d8046062ced4778c004b4f958a4436141637c6039963308dea2f54008b7feab79650295ed41bf9e65e1a2d75ab1c7b2a70ebb9e9f38d07a9a672d3e95ea78afe9ac02f2566b48b0251aef6eeeca8bd15bd8d43b559426aa9d15d960ee35cb3edf
TAG: 4ef49e8a0c2ef85826d7f03e81c577f2
TAG: e55dbb21851e8a5b365f86d02518331c
KEY: 6885bd333c336c7672db8ebdf24c1a1b605c5a4ae279f0f698162f47e6c73401
NONCE: 00000000f0c4a213a6168aab
NONCE: f0c4a213a6168aab
IN: fa905a2bfa5b5bad767239fb070a7bc0b303d1503ecd2b429418cc8feba843e5444ed89022fdb379c3b155a0f9ceab2979000a0f60292a631771f2fde4ef065aa746426609082969530a9c70ad145308c30ba389ea122fd766081511a031ce3a0bd9f9f583c7000b333b79ac004fbde6ec3eb2d905977ff95dcff77858e3c424fe8932a6a12139e6ec8d5e98
AD: 8ded368f919efb522bb6a9ad009e02ffbc6a16536e34d95cdb34f1153d7cb7b0f3c2b13dd05cedae27cfe68ec3aca8047e0930a29c9d0770c1b83c234dcb0385deae7ae85da73a5f8de3dfb28612a001f4e552c4f67ae0e2ec53853289b7017a58591fd6f70b0e954876bb2f7ec33001e298856a64bb16181017ba924648c09fc63c62eff262c80d614679bd
CT: 0cb3d6c31e0f4029eca5524f951244df042fc637c4162511fea512a52d3f7581af097eb642e79e48666cb1086edbd38c4777c535a20945fabc23e7c9277e2b960aac46865f1026eb6da82759108b9baece5da930ccfc1052b1656b0eadaa120ed0c45ad04b24ae8cdb22ceab76c5f180b46a392ab45b1b99c612546e6b947f4d5c06ad5abee92ff96345ad43
TAG: fad7d5a5193dfb121c68529ba8c0c35d
TAG: d3b541ac446c84626daf800c0172eec6
KEY: fbc978abb1240a6937ccc16735b8d6ed5411cdbc1897214165a174e16f4e699b
NONCE: 000000007968379a8ce88117
NONCE: 7968379a8ce88117
IN: 1a8196cd4a1389ec916ef8b7da5078a2afa8e9f1081223fa72f6524ac0a1a8019e44a09563a953615587429295052cc904b89f778ef446ed341430d7d8f747cf2db4308478524639f44457253ae5a4451c7efca8ae0b6c5c051aaa781e9c505489b381a6dcba87b157edc7f820a8fbaf2a52e484dc121f33d9d8b9ac59d4901d6ed8996ed4f62d9d4d82274c449cd74efa
AD: 3913cd01299b8a4e507f067d887d7e9a6ded16dd9f9bb3115c5779aa14239fd33ee9f25756d45262dc3011069356425b5c81a4729594e17c9747119f81463e85625d5603d05e00f568b0c800bb181eb717be8d7a93166a504ce1bc817e15530c5bd2b3df1d4222245ea78a38bc10f66c5cf68d661503131f11af885c8a910b6dce70bc3a7448dfae00595beb707fe054d3
CT: d152bcb4c24c3711b0fad28548dc4db605bbc89237cdbea7dbf956b8855d1161a0781f27bd56d798141e2ace339955efb98fe05d9b44cd011e645106bf47726183958cb6df34ce5766695f60bc70b6fe0fabb9afa009a8ef043dbf75f861881368fa07726625448fe608d578cdc48277f2dc53eaaf1bdc075269a42f9302a57cad387a82c6969608acacda20e1cac4596c
TAG: 96ae06cd7c72456e5568a42317046158
TAG: 945dca73cf2f007ae243991c4fbe0479
KEY: 77d1a857fbadfe01aba7974eea2dfb3dc7bf41de73686aece403993e5016c714
NONCE: 00000000fdd913a321c40eb0
NONCE: fdd913a321c40eb0
IN: db8915bfe651e2ecb3ce0b27d99a6bfa7a7c507cfcb2987293018636c365a459c6a138b4428be538413db15bda69e697cbb92b154b7f4d2cbb07965225aa6865d7dcd1ba2c17c484b00b1986fed63e889f25a4966dc3ed4273f1577768f665362d7d3e824484f0dded7f82b8be8797ad951719719365e45abbf76324bc7d657799d4d4f4bb1dba67d96ab1c88519a5bee704f7214814
AD: 3cb2c06c20cb0832bbacebfc205d77393ca1816346ea2681de4d3ab1fadb774ad273e4713290454496f5281ebc65e04cfe84ed37cd0aedc4bbe3decbd8d79d04a4e434876650e0d64309e336bfb10e924066a64acb92260b2dbd96735d03af03909aa6a80a6e89fda81037257aec21fe9be7e91a64e88e0a58fa38ecba4c4c4cffb61958f3c486cbb0b1d0b0014a2d1d3df248eec1ca
CT: acb825e6023b44b03b2efc265603e887954e8612b2ee134bdcb61501cfb9492952bf67be597c3a005b09af74d9e421a576d2c65e98104780feab838d8cb1bd135452ea39dc8907a4c1a6a9161805e4fa3e16989e6a418a7eea2582bf895da967028eab7c95d846a6de4b9980785814cf00484baa2f6de609912fff689bce6e854261ffe866bd8e63274605c7c5ad677bd7897ade543e
TAG: bcf523a9bcf772e157941753c6d7401e
TAG: 938478a41a3223a2199f9276d116210f
KEY: b7e9b90dc02b5cd6df5df7283ef293ed4dc07513d9e67331b606f4d42dec7d29
NONCE: 00000000a6c191f6d1818f8e
NONCE: a6c191f6d1818f8e
IN: 2ada0e3c7ca6db1f780ce8c79472af4e8e951ddc828e0d6e8a67df520638ff5f14a2f95a5e5931749ae2c4e9946ae4d5eb5de42fb5b77d2236e2e2bd817df51be40b1b8a6c21015a7c79fe06dba4a08b34013dfa02747b5f03930268404c455dc54a74d9c6e35485e10026da573cb41cd50b64cfafe4cfcdf3c9684ef877e45d84e22bd5e15fa6c8fd5be921366ff0dc6fe2df45f7252972c9b303
AD: 0f4269ed5ef0bfff7be39946a4e86e8bf79f84b70cd0b14fecb7be3c071316ce86de3d99d6871e0ba5667d9d7bba7dcaba10cb2a36668b6c3e2fb6c102938b75008bb9c213ebf9b85b5e91a802df0d31d7f11d764b2289f6225212694ab6b7c0e3ff36e84245d9f4f43fc5f98e654dea7ba9bd918658879c5bb4a1642af0d83113e3cf935d3c0d5208318f66f654eb17d8c28a602543e77ad3e815
CT: 22586fe7338e99cdaad9f85bd724ba4cfe6249b8a71399f9a3707b5c4323b8d96679568dfc8d230aefb453df596e13eb3e8a439249bd64bc93a58f95089a62b94f6562b821c83d91f56c55147381e9de4beb4ae81bd6fe7caef7e7e9a2078f2fba8f3e70d4910da9accc92b8e81a61b0fefbece4bd89443e66e8ddda8e47a66a62f17fd0e7d0a4852ce1a4d43d72a0b5e8914bbec698f060f2b092
TAG: bd05336ed6426de412aac37661953052
TAG: c082470297da8c5f682a169d28bc0239
KEY: 6b2cb2678d1102f2fbbd028794a79f14585c223d405e1ae904c0361e9b241e99
NONCE: 000000007b3ae31f8f938251
NONCE: 7b3ae31f8f938251
IN: b3cb745930e05f3ab8c926c0a343a6eb14809fd21b8390a6fcc58adb5579e5432021765b2d249a0ecf6ba678634c4f53f71495865f031ee97aa159f9ead3a3fcb823ee5238bdf12706a9c6137d236e2e7110ce650c321e41daf0afd62bab2a8fe55d7018de49a14efe6d83a15b2f256d595e998d25309f23633360f5745c50c4e5af8ccc9a8a2cb47064105a023e919c7795d2dc331d3f2afb8c42e5c0bcc26d
AD: 1c32fd3df22b3e440e2a3c7a7624990194cb16a5f74af36f87fd6ca7d410ce9064316a2d091945deef7d9b35ceec8396069307caced2b80afd7d53ec479c35cedf2dfd4c95c3dd8400f71ad34028c6e4f8681d93d0774064ba38f3fb9b0c1dfa1f5f0c7d20676a5911d999fb6a1d41367a8e99d852bf3d3b7b3f4c233249ed1ca135389a674ff48232ded3f6800a97b6d409c40e6cd70d09bf9d2ad25d9b9485
CT: ef70c7de98ab1d4ad817024a970be463443640eb0cd7ff234bdd00e653074a77a1d5749e698bd526dc709f82df06f4c0e64046b3dc5f3c7044aef53aebb807d32239d0652dd990362c44ec25bf5aeae641e27bf716e0c4a1c9fbd37bbf602bb0d0c35b0638be20dd5d5891d446137e842f92c0ee075c68225e4dbacb63cc6fb32442b4bcda5e62cb500a4df2741a4059034d2ccb71b0b8b0112bf1c4ca6eec74
TAG: d48657033095db3f873c33445fec8d35
TAG: 393ae233848034248c191ac0e36b6123
KEY: 4dbc80a402c9fceaa755e1105dc49ef6489016776883e06fcf3aed93bf7f6af7
NONCE: 000000002358ae0ce3fb8e9f
NONCE: 2358ae0ce3fb8e9f
IN: 197c06403eb896d2fa6465e4d64426d24cc7476aa1ae4127cd2bd8a48ce2c99c16b1cbf3064856e84073b6cf12e7406698ef3dd1240c026cbd1ab04ee603e1e6e735c9b7551fd0d355202b4f64b482dd4a7c7d82c4fe2eb494d0d5e17788982d704c1356c41a94655530deda23118cba281d0f717e149fbeb2c59b22d0c0574c1a2e640afad1a6ceb92e1bf1dde71752a1c991e9a5517fe98688a16b073dbf6884cfde61ac
AD: cf6ce7b899fb700a90d2a5466d54d31358ecf0562e02b330a27ba0138006b342b7ed6349d73c4c5c6d29bde75a25089b11dac5b27adea7e7640ca1a7ceb050e3aae84a47e11640a6e485bd54ae9fdb547edc7313d24a0328429fcffd8b18f39880edd616447344ebeec9eadb2dcb1fa7e67179e7f913c194ebd8f5a58aea73b0c5d1133561245b6d9c5cfd8bb0c25b38ffb37db5e2de5cdded6b57355e9d215cb095b8731f
CT: aa87f9a83048b6919c8f2b050315db4e2adae4a9c2ca0109b81961b520e63299dcb028cec0b9d3249a945ee67dd029b40f361245c740f004f8cf0d2214fcfa65e6124a3e74b78aa94345c46fdc158d34823ed249ee550431eaae9218367321cdd6e6a477650469bb3cc137a8f48d9cf27934b16703608b383d2145659922fb83bb2e7ee2ef938a90f2ff846a4a949129b1fb74dde55c5ae013c2f285de84f7dac7d1662f23
TAG: 298f84c8312029a7b1f38c5ea6021f57
TAG: 06b4318ac7f65d556f781428a0514ffe
KEY: 9e4a62016dae4b3223fed1d01d0787e31d30694f79e8142224fe4c4735248a83
NONCE: 00000000263a2fc06a2872e7
NONCE: 263a2fc06a2872e7
IN: 5a46946601f93a0cee5993c69575e599cc24f51aafa2d7c28d816a5b9b4decda2e59c111075fb60a903d701ad2680bb14aeda14af2ae9c07a759d8388b30446f28b85f0a05cd150050bd2e715ff550ebbd24da3ebb1eac15aba23d448659de34be962ab3ab31cb1758db76c468b5bb8ce44b06c4e4db9bd2f0615b1e727f053f6b4ffb6358d248f022bcad6ca973044bed23d3920906a89a9a9c5d8024ec67d7f061f64529a955ce16b3
AD: 4cd65f68f9f88c0516231f2a425c8f8a287de47d409d5ecde3ad151e906b3839fb01bb91a456f20ea9d394d4b06604ab1f9009ef29019af7968d965d1643161ab33a5354cda2fdc9f1d21ec9cb71c325c65964a14f9b26eb16560beb9792075a1597394000fd5f331bd8b7d20d88e5f89cf8d0b33e4e78e4904bb59c9c8d5d31ac86b893e4a0667af1be85fdb77f7ec3e2594a68048d20c2fb9422f5879078772ee26a1c560cbcbb2113
CT: e944bb2ab06d138ad633c16ce82706ecf0ef5d119be1f3460c9ce101d9c4e04ef1677707fca40d1f8ca181e07273707b06624d6d7063c3b7b0bb0151b757b3e5237fb8004c161233d8bc7e5f28ea1c18da1874b3d54c5ad6ff0835eed35c8853704585cf83996e5e7cec68180af414e04f08134d3b0384ebdf0393c9310b55d8698fe10cb362defc0995e9a13b48b42cff61ffd9fe4c3c8c6dab355713b88f6e98a02e7231a0c6644ec4
TAG: 6234e81e089b779d0d509d14e566b5d7
TAG: 27de0d4ca7648f6396d5419a7b1243b7
KEY: 18ca3ea3e8baeed1b341189297d33cef7f4e0a2fab40ec3b6bb67385d0969cfe
NONCE: 00000000b6aef34c75818e7c
NONCE: b6aef34c75818e7c
IN: ef6d1bb4094782f602fcf41561cba4970679661c63befe35ff2ca7ad1a280bf6b1e7f153fa848edfeffe25153f540b71253e8baba9aeb719a02752cda60ea5938aab339eead5aabf81b19b0fc5c1ed556be6ad8970ea43c303d3046205b12c419dea71c4245cfedd0a31b0f4150b5a9fe80052790188529ab32f5e61d8ccde5973ed30bdf290cbfbd5f073c0c6a020eac0332fced17a9a08cef6f9217bd6bef68c1505d6eed40953e15508d87f08fc
AD: f40f03beaa023db6311bad9b4d5d0d66a58d978e0bcbbf78acebde1f4eb9a284095628955a0b15afc454152f962ec3ea2b9a3b089b99658e68ede4dee5acd56672025eb7323bcbc6ba5d91c94310f18c918e3914bbbf869e1b8721476f9def31b9d32c471a54132481aa89f6c735ab193369496d8dbeb49b130d85fbff3f9cb7dccea4c1da7a2846eef5e6929d9009a9149e39c6c8ec150c9ab49a09c18c4749a0a9fcba77057cdea6efd4d142256c
CT: c531633c0c98230dcf059c1081d1d69c96bab71c3143ae60f9fc2b9cd18762314496ab6e90bf6796252cb9f667a1f08da47fc2b0eecda813228cae00d4c0d71f5e01b6ce762fa636efffe55d0e89fdc89ba42521cc019ab9d408fcd79c14914e8bbf0ea44d8a1d35743ad628327e432fdcfeb0b6679ddca8c92b998473732abd55dba54eefff83c78488eee5f92b145a74b6866531476fc46279d4fde24d049c1ce2b42358ff3ab2ba3a8866e547af
TAG: e3b4192f6e50528c4f4f70267f094c56
TAG: a0a5242759a6d9b1aa5baf9a4ef895a2
KEY: 95fdd2d3d4296069055b6b79e5d1387628254a7be647baafdf99dd8af354d817
NONCE: 00000000cd7ed9e70f608613
NONCE: cd7ed9e70f608613
IN: 0248284acffa4b2c46636bdf8cc70028dd151a6d8e7a5a5bc2d39acc1020e736885031b252bfe9f96490921f41d1e174bf1ac03707bc2ae5088a1208a7c664583835e8bb93c787b96dea9fc4b884930c57799e7b7a6649c61340376d042b9f5faee8956c70a63cf1cff4fc2c7cb8535c10214e73cec6b79669d824f23ff8c8a2ca1c05974dd6189cfee484d0906df487b6bd85671ce2b23825052e44b84803e2839a96391abc25945cb867b527cdd9b373fbfb83
AD: 24a45a3a0076a5bcfd5afe1c54f7b77496117d29f4c0909f1e6940b81dde3abacb71ec71f0f4db8a7e540bd4c2c60faee21dd3ce72963855be1b0ce54fb20ad82dbc45be20cd6c171e2bebb79e65e7d01567ad0eeb869883e4e814c93688607a12b3b732c1703b09566c308d29ce676a5c762a85700639b70d82aaef408cf98821a372c6a0614a73ba9918a7951ea8b2bb77cd9896d26988086d8586d72edc92af2042ff5e5f1429a22f61065e03cfcd7edc2a93
CT: 40c6318d9e383e107cdd3e1c8951562193c3ef64ee442432a63e2edefc78f32ab07772aeac172cb67ecf4d21f8b448423527bbeb9d8ddd0b46bdb27f74096ceb24e41963b4cdca176676a75bdbe3abc270b349ac0c6cbd9c3a5cd5bce20202fc5cc0c1bdd4fd25e121e0a24bd7bbeb9b19b1912467bf5338ee2ce88aa383c082b42cc399c9654ca325f35523e81438beb3f8926be79c378822d7c8f785614408a5f7cac49e4543188725643e6c1a70b46d0ec400
TAG: 874875c9a0ba3060a0680291c3dc85a2
TAG: 5801e84192c7267f66b0e04607a39a3e
KEY: 6ae1102f84ed4dc114bb9d63f4dc78d7dbb1ab63f1659dd95f47940a7b7a811f
NONCE: 00000000c965d578ba91d227
NONCE: c965d578ba91d227
IN: b82a8a9209618f1f5be9c2c32aba3dc45b4947007b14c851cd694456b303ad59a465662803006705673d6c3e29f1d3510dfc0405463c03414e0e07e359f1f1816c68b2434a19d3eee0464873e23c43f3ab60a3f606a0e5be81e3ab4aa27fb7707a57b949f00d6cd3a11ae4827d4889dd455a0b6d39e99012fd40db23fb50e79e11f8a6451669beb2fbd913effd49ad1b43926311f6e13a6e7a09cf4bebb1c0bf63ce59cd5a08e4b8d8dbf9d002e8a3d9e80c7995bb0b485280
AD: dfd4ac3e80b2904623ff79ea8ee87862268939decf5306c07a175b6b9da0eb13ac209b4d164755929e03240a0fe26599f136fb2afdffd12bb20354aa1d20e5799839abb68ae46d50c8974e13e361d87ef550fe6d82e8b5b172cf5cd08482efdef793ede3530d24667faf3a1e96348867c2942641f4c036981b83f50236b8e8a10b83ebf6909aad0076302f1083f72de4cf4a1a3183fe6ec6bfe2e73e2af8e1e8c9d85079083fd179ccc2ee9ff002f213dbd7333053a46c5e43
CT: a9aeb8f0a2b3ca141ac71a808dcc0c9798ac117c5d2bd09b3cfe622693a9f8ca62e841b58bddb2042f888e3099b53638b88dfc930b7a6ee4272d77e4b1d7e442bab6afbde96ab0b432f0092d9ca50eef42f63c60c09e7b8de019b32ebe4030c37b8183cc1e3b913b0ce4ee4d744398fa03f9af1c070bed8cdafd65b3a84140cb4deadc70184de757332ce3780af84353f540755227e886a8d7ad980f3dd6fd68263d82e93f883381dec888bc9f4f48349aa2b4c342cb9f48c6
TAG: f6dcad5412b95994f5e4d6829c2eba98
TAG: f26b3af8a45c416291ce66330733b2f8
KEY: 405bb7b94715b875df068655f00513cb1ae23ffaac977ce273e57d3f83b43663
NONCE: 000000005c6da1259451119a
NONCE: 5c6da1259451119a
IN: f9f143c0c52c94b4ba7b0608b144156a49e7b5d27c97315743d171911e3645ab7957c80924e3c6b9c22ab7a1cac4b7e9c0de84e49fd5e4a2d1ab51d764fc5670318688ec942f7ab34c331dce8f90fea6972e07f0dadec29d8eb3b7b6521ddd678a6527a962f4d8af78c077e27f7a0b2ef7eabd19e92b7f8c1e8fb166d4763ce9c40c888cf49aa9cdfc3e997c8fe1cce3fe802441bbd698de269ff316f31c196e62d12c6bb5cd93fb3c79ca6369f8c1ac9102daf818975ea7f513bb38576a
AD: 6fe6446505677bf08b385e2f6d83ef70e1547712208d9cebc010cba8c16ea4ece058d73c72273eed650afdc9f954f35aa1bdf90f1118b1173368acbc8d38d93ebf85bd30d6dc6d1b90913790c3efa55f34d31531f70c958759b2ba6f956c6fcdd289b58cb4c26e9515bf550f0fd71ab8527f062c9505cbb16e8e037d34de1756bef02a133dbf4a9c00ac03befc3fb7f137af04e12595ce9560f98b612480fcdba3b8be01db56ebec40f9deae532c3b0370b5c23a2a6b02a4de69efa8900c
CT: 1a4b073881922c6366680cc9c2a127b26f264148651b29abb0c388cf6c9b1865dba5a991e1f8309efbdb91bce44b278772c58fd41273526c33fec84beb53d1689b9da8483f71be6db73a73417069bb4cd3f195236e8d0a00d124eed3a6b6f89415b19a27fbe35774f6a1a6ee4bd4350b252b975f0db2d2eea82f4836350850d6290901e726e8af13644e2d98bc1d569c20800521e6affe976bd407049a2e6d9dd23f88d52e651391ecd2fc45b864310824aaadfa203762a77c1d64562dae
TAG: 90fcc2544880250f1c3abe8a3761ba08
TAG: 0060026d3efc120f11c0739959ae0066
KEY: 8c602bd94c630cd00c7a9c508067a5a9f133d12f06d9f6fe2a7b68dce4786d8a
NONCE: 00000000760de0f7b7cb67e2
NONCE: 760de0f7b7cb67e2
IN: c3ff559cf1d6ba6c0cc793ca09a0ba573a28359386a6ec93e1bacd8e630209e0b477a20aedec3c9cbf513ee6a1e3887112218d6155b9875f7e6c4bbba2c31972e905d19f529f4f0f9502996199f94f8728ba8d6424bb15f87fcacd88bb42c63fcc513759712bd0172b1e87c9da122f1993ffb7efd3a5c34b240dd3db89dddea36dbeb2836d9f8648f8e7cd428c0f948097af753b35f9876059e7702027bb00dc69071206e785f48fcbf81b39cc0343974ac70784a2e60c0df93b40379bea4ad8cac625
AD: 9e14907c3a8e96c2636db1f3d78eb1f673d6ef043cbbb349467f1fe29bf60f23d5d5d1c3b133a8ad72065d822347541c13d1574baf737eb3cc3382fb479e6d5193b9c8e7d2444c66971ef099dc7f37f6cd97b9f7959d46e2cf25e8a5b3111b4d9e2ef906d905f0ee2d17587f7082d7c8e9a51509bde03d3d64338e1838d71700f1b4fcb100b5e0402969da462f26f974b4f9e766121f8fd54be99fc10beb9a606e13fbb1f960062815d19e67f80093360324013095719273c65542b0e31b1a2a3d928f
CT: 2794e6e133f6892f23837fff60cf7c28ee9942f8982ef8089db117903d0143293fdf12ea1cc014bcd8806fb83c19570eed7af522db0de489bbc87133a13434518bcfb9cda4d9f6d832a69209657a447abf8afd816ae15f313c7ea95ec4bc694efc2386cdd8d915dc475e8fadf3421fbb0319a3c0b3b6dfa80ca3bb22c7aab07fe14a3fea5f0aee17ab1302338eeac010a04e505e20096a95f3347dc2b4510f62d6a4c1fae6b36939503a6ac22780a62d72f2fc3849d4ef21267fffdef23196d88fbb9b
TAG: 7fa630c9bcb455e89f13d7a99d5e8dbe
TAG: 457cce6e075ffdb180765ab2e105c707
KEY: bd68ff5eb296c71cfe6bc903c14907f7726bcb1331f0c75f7801cd1b7948f3a1
NONCE: 0000000065a748004b352ba6
NONCE: 65a748004b352ba6
IN: 52bf78c00f6e5dca2fc60e2e9a52e827df97808e9cf727773860cafc89f4b64178a19b30b46ed813fe00c8f09b25a6a1b6e350d5b005122934a59bfbd5e6e0c635c84a5226c3f2f7dcf951560f18ac220453d583015fdb2e446c69c6e6fdecf2e595e04fab1b0c506e3c6bd5e4414a35f15021e97f447aa334f54a8f1ef942dec6273511b5668b696fca97188ff15ed84b2f46145cce031c1a7f00bd88bb83d90797edc46161b3fda7a2299173496d73b812139556e8b4eb318078b9eb2ae5046e83b79dd3d45950
AD: 5557b08a5010cbc9f46bb140c2505f68684eb24889324bff44b27234fd7a95a99cfb4ff90a8f9982085b725f78ac42eca6ce7f3314e457dc41f404008681a9d29ba765660de2e05bb679d65b81f5e797d8417b94eb9aabbd0576b5c57f86eae25f6050a7918e4c8021a85b47f7a83b4c8446898441c5cc4e0229776ef3e809cb085d71f3c75ec03378730cb066150f07e60f96aec983c0e7e72bf6bf87ae42228dfda195f97855fcdf4e6d1c4479d978abcfa276d16ed60ecbfbfc664041335ce65a40a2ca3424df
CT: a5c8cf42287d4760fca755e2111817b981c47e85b0047de270ec301ca5f7b3679f4749210892b6ea6568f3a6a4344734a0efc0120ffedecf212d55cbcbb67815ac964875af45f735b70092a8f8435f52fc01b981ae971d486026fb69a9c3927acfe1f2eab0340ae95f8dbee41b2548e400805ece191db5fd1f0804053f1dbfaf7f8d6fded3874cb92d99a2729d3faaa60522060cf0b8101b463b3eb35b380fcddb6406c027d73fe701a5090c8dd531c203ce979e26b9ced3431e2b726a7244a20d9377bd62951bf5
TAG: 82c6194de4d27aac4c54b023b9831634
TAG: 4579fa1fdb4c674cc3cd232b8da52a97
KEY: 934fd043c32d16a88fad01c3506469b077cb79d258b5664fa55ad8521afdcaa2
NONCE: 00000000c7091f6afbbeb360
NONCE: c7091f6afbbeb360
IN: 2bdd1fc4f011ef97ea52ec643819941c7e0fb39023c2f3c7683804a0ddee14a5d1784a5246966d533b3538edc7d8742d27061c3cab88df0318ab242102de3a54d03632eeb871b72c7e8f8065b49f4a91e95e15f3f46b29fd76b8fcea0d23570c5530e3bbb8a6aafa9ae32c1b3eac653c5ed5fdb2da5a986075808f6385870c85b1913e26042a9d8e78f5bc2ea6de5a64f8aeafa22adcffc7f6932d543c29bb3a04614783f948680e433a71573568d2ce984d249fb4fc06a9f358c76aa3e64a357f4eae924c1356bd5baccf7e0f
AD: f737dd85638eb324dd3891219c5eef7c2dd053cfd055d447a411eba304a4b27dce981d112c4540590933c153d603022c91ebd2b4a58069d27e6ca17a462ef822ca41bffa80b43a68b1b564644cb3c5a7f0fddf7a13a30ff24437fddd8ef93c6f6f205d054f81890d982bd4d4ece0b1563677e843fe48c1f54e9a57ed4da66061482712e710a401073be5080d5b8b96525bffa67de5af31d50385fbbf1a87c21bf0e0a1fdff69ec32c7b7103e0b8ee6c844245e0fc84b9f89fcce62966cea68e2871d3b82e8df424c76309fc88d
CT: dd13fbf22c8d18354d774bcd18f7eb814e9b528e9e424abc4e3f2463195e8018576565d16ab48845d11c9277f2865ebb4dc412fd5b27078f8325eadf971e6944c66542e34d9dda971e2aba70dbd3e94a1e638d521477a027776b52acf90520ca229ebc760b73128879475d1cbe1f70fc598b549cd92d8a9ac6833e500c138c56474db84cb3d70b7aa4f293a4c2b4d818b0ff9fd85918dc590a12a8c0e375c4d98b7fc87596547eb960676aad5559834588f00f251a9d53f95c47af4df3c4299175d5211779c148cfc988a5e9d9
TAG: aeb0a4eb29886f0a7a12ec0516bd4af5
TAG: 476616ea15190c1093fdc4a087643cae
KEY: f9f6eb9ad736a8f66e7459fef5ec2890188dc26baf34a95f6f0384e79f5c6559
NONCE: 000000007858dfc084fe4b0f
NONCE: 7858dfc084fe4b0f
IN: a644ca6e7cc076e87eb2929fd257693fce0f6fb64fd632f7f07c648ebd03696c8e262e6a810d7b7c4e5eef8c65b5323c99dbba50a70b4a9e5c2a9e7315973cd67f35d8052ce9a85a206416dd3031929f4f929b13d0a5fb10cb73c65f6c0ace019da146b51c5274a099f44e3669d26add6f2ff081e886f3cf952fe0dbbe6b0534c23e307574bd35fbd657f5fcbd5dc19fb382a1dc0a2dc8285a0350f71554e4c601497749e35567dd4a273cddc9a48ce53a5f1d297fd8baf8d1b9feb35d9151114345abada4d90db947bb9a743c175f5653d1
AD: 2048d1c2ddfb5ec385b201832c7a993f229ba72ec16d6ebf723ef0c5032b9966209a9e8a63151b40412e96b82f86728ea6588c7e8e11ac71cc8eabab8c4b54de866658d9c5011def61fb3dbe4e630158a45ea41a2ed55ebd1efb1abeda7637de6fa5fd2f151c6d2f385bf6cd002ca8b4a2896e0d65944ee913e3c784669dd201b1985ef3577f7f123a5f9bcffa176c8f557c4f729133cac518642f27d9b22ca9b97faaafe5b669a10b79ace4a7d5727df146c77ce681357d69f9c2d65b4401bd73cd113387e3b3a05d897adad7a24c485e7b
CT: 4146faffd7313f5d9f625370d20413cc62ab65f4acfa3c7ee1125b937dd7a39f638fc46c8ed004fb525698de5d8620ec153435571817c3de257b0d0e648ebb92940c86a98262d54e764f28cbdd4f7d9bea970291f2110414f62064d7229c6332236c507b3dac742e651d85a2a22fb243c0cc7cc2d016e5bea38f33f9a9ce048944a5fe8b078d71d23168e12dfe5a0f0b829771edc7073fb96032b7be471337a37aca0cf7c0cdd543eed686cd34934717fd79a3f18492eef72f9f450b880aa7e2e1b65e3b04c22e72301338b43aa32ceec2e6
TAG: 61c6d4d6918b04fc1b72a7a0e9a3b799
TAG: 10ffaf2be316676da02d7473a9df87b9
KEY: 29b19636cdd32507fd98ec4ee26caab1a917646fb8f05b0dc01728a9f4a127f0
NONCE: 0000000006699d245916686d
NONCE: 06699d245916686d
IN: 5fdf913aceab1d6dbaf7d9a29352fa8a3eb22718043a79cffa2fe8c35c820aec7c07644b8785dcf7a433b4189abb257fb12b06fae0662641011a069873c3e3c5ccc78e7358184a62c2005c44b8a92254958eb5ff460d73cd80284d6daba22c3faba046c5426fe8b7cacec64b235a8f8d3e2641e5bc378830594bcfb27c177aea745951ee5780a63705727ef42c4ad3abf556d88e3830f3db6b09e93edd09485cbf907f79de61f8dc5cb5fb7665ffa0ef53cb48702f6a81d8ad421cef20c1dbdf402b8fafed56a5361b2f93f914a2380fdd0557faf1f4de
AD: 39116c49cc13adb065b92cb7635f73d5f6bf6b5ccbf72a3f65a5df6bd4a661105015358d9e69f42e98aed795e8161282bc113058b7ef3b9e23fcd8eeab34a392e03f4d6329c112cb968385ec52a7afc98bb8695785af6b27b700973cc952630b7247ce226b4fbb99b8a486370bf6345d4516c52c64e33f407c4f2d1ba90545c88732d98bbd97972ac5e94c694624a9b3782b0099824651cb7567914d25b3e13181a791dbcd40e76e836b3350d310a52151bf835d3c357c9871482c2928e8404c6e533406d4d6fa8f63366f2c4ed828141f1ff00f01a536
CT: 01e237220b619054a1f3670928fe67d40484b5af40fbd04d032500aac5acaa3b4584dd99a58c390627636a50de5d744f76a56a33205f9e3b00e16162eb47ff3333e1e208ca200f1a5338a86e17bd92dd2d16af8bb022a7dc05b923d019e05247f1a0d0b4bfcfce58dd6d83830705707676d55739abee89fcd5cb94b8fde006a5da02df64b00a467f45970b5ca440f22319b9735a55d454b9fba0588fef0c59d3d83823eba6e0601a96e10233826c5adeea6b2a51d386a07a9e047ad405b23d4c3d89f30c31e3199f0c8f927bfac43ceea1f969de0a8c0f
TAG: b9fec6da464c7b85b2a4726694562fe9
TAG: 092f9f3c5d4f2570c9946c87967f4579
KEY: bae06b9b5456707551c7b0e207aae02a19b4848ad8ca4ce40705bf8c856a6e52
NONCE: 000000009c27065c3ef2d522
NONCE: 9c27065c3ef2d522
IN: 50cdd88137ff428a88e87b5845be4924f6387537bb5c0b654c80107ab5698db75b2e131848e7aec156d31aed0766d31c379fece4095d38264c6d5945974d25f729c3b0ba11ea853e9cebdb6f03bb670fce08adff74d0a8f02d633fb34e0fb7337a8e66e1c12084d914fb6173b8105684db822752c6751a372bb16690284d661b8b8bc6a6dfbddf45ebc2219596f9f2f878c118df69030de38b4d99dde43b9b9e20a3dab691645dd518342f49b06a0fe0a397adf261e99f07af5b0b3798b1022ba0939c42a54d3b93641cffa3c2e174bce9ab7ad7e7c7924308d1a77a
AD: 5d5590db1bd316eb7a0e30e4c7a6dfdbef9d3287fdb8d824389599c3c2ee262b2192eb5b9708e66e22dbc7eca83fa1a995da3ce64c86fe5aa08b826d476dc439497e2d12e2702c63c8d27aa7f09fedee816dc8bffe1351d53271a34d4292b613b7efcedb7e3cf3e6ad389eef12471e9e20e38e7ae22a323abbadfe8f2e84271bffb1819feb4f77b82843cb8757cfae293631bc6d39669107e7015c85d7343ffa6fc1bbe6f5ab4de30cd752a281e03061ea89de2a3f5e90e20da22fd6e8525c100738667f42212b2cf45fcb23bbb54b21c117484b22c6e514685314df
CT: 66b7f69ac49fab4e5975aeb6fa9287d8eac02ac312c4de78f77f59da16cbcf87274e66801c4b862c33ea79cdc76528862bb2956c06db8b8acfac4794ebf39e35ac03cc73a4351a4ff762f681a48d6f25cad36e2814c9b5c40b9ae92509e58429106847789454d376836936bebc7a80e6c66e7aa52936d6b361378a41f849ad4e48f9ee2d3e92217a908fa8eb35736ac8ada7d32ae05391f2d807be3512543c36138a5fe660dd4cd4cd184bb43b6ba6bc0bae634e2fa9669304cd510ed5103f630068ff76d3375738de60a381842b421477e25a490cdd6894b2704125
TAG: 94118ccc68de1921d480aab43d1ef0d1
TAG: c9998a677dfb0e91924aec9de0afd585
KEY: 2cb374cb048c168f2e43597f028d9e73cade1b458284ffc260d4fc6b9011c414
NONCE: 000000009fb909169bc9f4e9
NONCE: 9fb909169bc9f4e9
IN: 39eb929482784b463546f5d84f80510f2019923d465b99d194246d68c7ae343f91971d8f7059cebb86aa5dd099289aa648248b8c5ca04e66ac5e9bf06776e3883495397618a0227f035666806e636836b47d3d2d255a49db79866cf00d9ddabda259c4f968a1e01e651c7811cebbee2ee71803ea1d9d23487eb221f2d9555756800aba5e6abbefd6fb72b3151cc99ced599cd86df2a9b1ce94f89f347eeb124d9e7f0d9cc48d3dedd819e6d3dbac57ecee199547b266116a2035c9acc4c8ca3271ac74952372897c4a5f2cb84e2d81817fec9d6774f6d8a5b2021684132db4fca3
AD: 0c7bd4f3a30ee944ccf9489181e6911684dcffad4593a9b65a67dfc80718c69b35897d01281016b7731e12c15cad8482e79458e08a755622e3f3f22a23ef6c8487a36ad1771ba06c641f06f85de0db3776cc6df06ad8fe3b4d60d58508de943083f17cbb9dc0d390ac94d8429e8c6fcfe063f424fbde0f62f6a7f91a626d195dc498a6e69bd93109c4e9ba13e7330aba456d710a4b0cc279d4045660406e26d61dff70d4a33c4f1052869f9248024e7a0f85f1effb32f6f7ccb1f860f3ef04e8f7b29096e6bcf9d4b3e0ce703e9bf228fdf515c2ff9cbabd16987be0f9babd3d8a
CT: 91ddadb86b7ebef798ddaa59da51d71316fcf6c9678143178227d778750dc9827fc6cc21e605c505023e6db25849df7fb6fc1ca4d223aa215f8c85b724643c83bf8218815a9f9e2952384e0ca6a80a3760b39daf91a3c6154c4728c2371fd181fa3764753d0b0c23808a82cd8f0497246e3a0f17f8906a07c725d2891ce968a9d432c2b102d85c05510b28e715bb60d0403a77490e7f18be81218bc4f39287b9bb09f50227dd2f55e4fb70c4438da8ba3c8ffbced87d90155913faa9979fc57e6cbeddfaba3d3ab4163c0eebc7d94279c27d3ed56338893dba542eaefba30f8c3b
TAG: 8980e8e4fe796428b733f4f8e1954a45
TAG: 728e60f8124effbac234f70da925881c
KEY: f0f16b6f12b3840bbd1c4a6a0811eef237f1521b45de9986daec9f28fca6485c
NONCE: 000000007ac93e754e290323
NONCE: 7ac93e754e290323
IN: 0530556424d823f90a7f1c524c4baa706aad2807e289e9479301e3e7a71f2a5e14e6232ea785f339c669af2e6d25f1d5a261096a548d23864945c3a589b67b09b0304a784d61b42b2419139485242e0d51fcbe9e8fed996d214de8717e6a71f8987ccad65eb92e66707034a5ae38e6486e26eb4374c565aad5df949dab209f7f7bcd8eb6fc52761a26cfe5d01fd349e59f4042e6dbe6b232f9301b971dee121d8aa1e62d40f043a42f3aa859d867eb809b1ced5ae1ec62cacf94a69fafd0631a8b5dfd66d855900fb295eec90ae5fcbf77beae267a79d24081bb322d8c4e0630fed252541b36
AD: 13bfcc17b810099cda31ca53a1323db9b07633ceb2088a42263a4cbd6a4d47978776005c9a20203319c3a3ae434e9a26fb541047dc9df38dc36c095267272e203d0b24d119a70a7e96041b6d82b7c4d5570e1e4a1cf2f6e44ae63fe005a1f5b900778c482f7bd89e2e02305e35b8f61b7bb2c78a13aebfce0145d1c5aa0bf1d10d23616d5a3a446de550302f56f81dc56fe4f3700f14242688d9b92d8a427979b403c8de8c493a2cde510eaf6b285e6675b173aa0314a386b635c7577d5aff0d868a0cb3f73c8d2005f8c7c9dab5a060ef80102c9d4a4af988838afe87aff04c0689e8c3c7f9
CT: 2c14c3931e98e84507c4c165c2ed47ad4a178f0e216cd7ac2453bbbf9f85dd06bd8ef54a9ff1fd3dd8e0cafb635d8f2de861a0db5b14d03f17aaea8c89b3010797c71c13a0e666899d7ff6e53c4f08be8ddb3e37688b5afa088079b6c7519b833e16560073e699530302028a3496e05edddec01a23a4c7983956250e8d9e616f7b940856955cde81c1efabf6b7b92f153d03f4cd17e7f7d2907670cfc84d45c1d7936775a3fce47968504278ffaecacea0871b227f250e2979516f6fa310fec0d8df1af7872e5a534e82870aa05f43ef0a455846b93ce938064fa33e92de262e4156dae56775
TAG: 16c972829819b8fb030b2c5f40dab717
TAG: d95d73bf9aeb71eba9042396f3725424
KEY: 3792943c0396f1840496917ce8ad89608385007e796febeea3805f3f4cbeccf7
NONCE: 0000000023b2f9068b2c4c85
NONCE: 23b2f9068b2c4c85
IN: be6b67eb943ee7b5c785cd882f653e73a8f75b4a41a2a7c56ae5a10f729caf39948fe48ad0e51240e2e7aa43193c7ec6ce7f4909fc94c9f99e38e6a0ad7e98eb29c5c2e61c99e9cbe890f154185cec213a74725d23c1a4e4d0cb9b1a36b78c87e5eee20d2aa29aae80d4759eb0c51c5dc3a95bdbbf7e14eb434419a6c88a954ac03d0c98739f4211b8732acd71c297f578b8cb64ccac45f7235ddc7f2a3f5f997525c1ed39dc550126cdf9cedaf55425489085e91b170be6205a5a395f2dd4084a3e8dbc4fd8b13252f7effae067b571cb94a1e54aba45b1b9841308db0cc75b03cfce4ddafe89ce20f2d1
AD: 7eb6d7b7bbaaa3c202a4f0f1de2263767169eb4a64853240d48c0f8d5d31b08d5baf42977614a57aad99426cde76d242cb37d2956d8c77dc4fd62a3abf30e8ac6cd58c8ef35e67497022960138c57787818892460f3bfc16e37ff388b1edc6ce2bc53c22717edc7a03d4c78b0dbbe9121c7fd8a3e3993b87a4fe389bff13bdae3b349de0b6db561602c53f746022aeb4483c723b67825042f4af20b7dd1e6031cf54215266295c524ac8e1370424c5c5e607fb3e23e97c8eebe64656775edf616422a8b974e1acf13ab45c9a367a7dd9b2d62f48bbc05819b65eccb813ca813f57b22ee4c280dbb5a9d8d5
CT: 0b316ab2bcf5359900fa4082d5d253b49ad94b70e3fab544f98bd111cbcef6766cf953deec08cae1f489fe12f7acc0032db8a6b0c0eee0c206ea5fb973feaebf90f690e840094db5e13fdd7157ba127368c995b426529435a1bcdd1f14ce9125b8a0e4c96b6ec09e3c36a180adf81941c002d19c19d53c2009be803b987504606b7d43bdee5e0b32ff23c466b6cccfcd0d4e88fd1332e73712b5ab725c1a383e584f34f80daff29d285ae5e43cf1d0cc7a828e75c25daced3a581a93d7a50f313b33f38dddfaa23cd5b9914797db820ee2400d52bf5fa982277fe9b5881ac42981633b3957b0e935051828
TAG: c549aa944d6d97e52e0793ed572682c0
TAG: 01973ee2e81cef22751a6a8831d752ef
KEY: fe4be6054773f634356ac328591fbc6f833b0d1beeb38dd5b6feb7481b4489d4
NONCE: 000000000b3f16f898a5a7d5
NONCE: 0b3f16f898a5a7d5
IN: 76ced1ade6d1ef4069afddb32e7432d4ff2fd06685121f7b16464e7a72d365744f547d2ccf53486310e38b42d8bacaf711e54c5458d2d68c4dbcc8de31ab6732f4430e88a64565f5b287640775aaa2af1cc461d3e415bb275c6246b1b58517aa72667eae291a2982eda175d1b22c5a58e6fec2b3743d55712f201ca24ba5c0ae8c25724871b2ec2fb914a8da5a52670ab9b43a83b8568ce74db5c634061cb80530c8070c38b8f48c33ba136cb9f2158ee7eda8b65f2192fc94d1291f182f101795b7190c74b319d2d3e02a97c824d9c9471a83797e4936310b207e3a1e0bcf75f7c3e3ee48a747641cdc4377f2d55082
AD: 834cd775cbefe4b33a3ca53a00c06a3c4a666983e4115a029f15729460daa45d1505e95172d3695625a186b28b8be173a925af04665f209267b3c5123e8be13da447ee1ae856bb0925f35aaa76e04a7bca8460f76c2024de2149f38a8cfba81694b854885d72568105571b6b213a0bc188a44cc7fe13153cbf261401b238cf12a95e23cb56f240114f16e2f1e3a514615aab4449c0c49e4d900b0e17d1a8dabb53d43dca32fa052d576b73dd9b40856b515d6d7efc2a5c17e0ebcb17bd59dc86f22ce909301a2652f134e82ef0e4519487ed12d51536024f2ae8f75d937c42d003076e5dea8de0c684cda1f34253d8fc
CT: f8defb6fe95dfec499b909996a1f75a198a90e4d6c6464d00a357a555311c42fe92dbbc4b79c935e4f0b1a95e44fdbc1380bebabca28db4dd0d2870daaafc38ef27908c3509e945714801cc51f1a07b2430c74fa64f2a7c2f7fd1551d258c9c3be020873fc1bf19f33ab6c660911dcf2317195d0efee82d20ec26d22611f9cf86c51a64e28b3a1f344500018e0855c88dae3c07acaeaa10b60388484dce93e16e6e1a6e69e899806648a92568c8780e9f4baacd98cbb353ac2f908e775d92303cfab843f15be0e0c322a958802fb1a60fcc7631f151f4c2b8cb965d2d296acef250275a2fecc0cea803ce7c058b12dd2
TAG: baf9a51180f172e5c0cc2c946ce55055
TAG: ade515091930dd7861b27f78a87ef60c
KEY: a288b11ce5382ec724ce4ab2d7efa8e777e91ebd04367935e15f9dac483e9596
NONCE: 00000000874144dbf648b325
NONCE: 874144dbf648b325
IN: 4c9195280a79a509919af4947e9e07231695fd7c5088539f23936ce88770ce07d9ad3ae4a463b3a57d0634d3a77ceaadf347a334682b04be8e58b8e86fb94a1f93255132b8cdb0df86f5bea354eea4e8315fea83e3fdf6e58aa9f26e93caa08e5e2551a94bd916a51fed29ec16f66800cda6a0aa24ec308bf5fb885afba272685de27c1edcdd3668048ef07b06e90d464a8aa28664903cac45e154e8e1e39c257e1ff506b9d95cef4f300bb73b899e7828602c3c1d290b8cf55ee5fd72ecce9e6efc9293aebf674a70e2a7673e75629c12950622dff71d3ec0992e57776c788c6927d30b4e24b749191c3ce8017f0ada6276e43720
AD: 04abe8588c8c8c39a182092e5e7840442bd1c1149da102c4ee412bd8b82baa5087ef7291b5cd077c177c42770b0023e0e462b06e7553f191bcb0315a34918dcdbffe2b99c3e011b4220cc1775debcc0db55fa60df9b52234f3d3fa9606508badc26f30b47cdb4f1c0f4708d417b6853e66c2f1f67f6200daf760ceb64ffc43db27f057ad3ee973e31d7e5d5deb050315c1c687980c0c148ee1a492d47acfcd6132334176c11258c89b19ba02e6acc55d852f87b6a2169ed34a6147caa60906ac8c0813c0f05522af7b7f0faddb4bc297405e28ecf5a0f6aac6258422d29cfe250d61402840f3c27d0ce39b3e2d5f1e520541d2965e
CT: 0afce770a12f15d67ac104ba0640aab95922390607473cbda71321156a5559906be933fb0980da56f27e89796eaa1054f5aacf1668d9f273cc69071b9e8e22af6a205a6a88f7ad918e22f616bddbb07c78913c7e056e769e6fcf91c7600c2740212e3a176e4110cac9e361a59a773457064d2dc652dd115d04f1c3756c0e1d39f6737a16b4508663e310934c49c58058b3c7b9af7bb2334c8a163608c42499658986927cda365e2aead3ac29de16e47e954383ea566f8fb245a4e5a934c767bb3bf7e0eb8a477fd0e1f61bcb238462a0d19c5cea9293ca58ade76829413216a7882cd2846323046694f78cd8b0347792ebb75abdc1
TAG: eb9b2ee43e9a3ae1e33561800169d868
TAG: 973e58b1b8adb176a6f1e5c963bfdc5c
KEY: 65b63ed53750c88c508c44881ae59e6fff69c66288f3c14cfec503391262cafc
NONCE: 000000007f5e560a1de434ba
NONCE: 7f5e560a1de434ba
IN: 845ef27b6615fb699d37971db6b597930a7ef1e6f90054791eb04ddfe7252b5f88fd60eba5af469bc09661c0987a496fa540621afeec51bebda786826800943d977039dee76235248112ff8b743f25ed5f3cb0d3307f5e118d84fdbb9c3f5531bc177fb84549c994ea4496c65e5249da987dd755d46dc1788f582410266a10f291c1474f732183a2a39afe603771bb9c423fe3e8906f2be44a0c9a7c3f0ceb09d1d0f92d942383a875c0567c7869f045e56dd1a4d6e90c58d44fe0c5760bb4fd01de55439db52b56831e5a26a47de14249453a4f8e7da3cb3282c6622916197ebfaad85dd65c61e7d2d3ba626276366746f396394c1bf75f51ce
AD: 51a3588398808e1d6a98505c6e5601ae2a2766f1f28f8f69d1ccbcad18038c157b41525be58ae4527a073748b7a04809e52a5df0c7988417607738e63d7ead47db795a346b04e740186e73ccad79f725b58ee22dc6e30d1f0a218eda1791e2229b253d4ab2b963a43e12318c8b0785c20fca3abcf220c08745d9f9602f0ece544a05736d76b12d249699c9e3e99f3f13cf4e5dc13a04125c949a5b30d034b23cb364c8781964bc6c30e5e5ca9673d517ef5f35965d8a8cf1be017e343df97b6bee37b30638b154286d1f36d2f9a0eaa23cc484eac5a05b15d9efc537d989dbc8b3106c0dc1a56e97e6aec2eff54a82cf7ae9df2af46b4c860f83
CT: 027b14197b4012256b133b78ddc94e72fb4d724fefa4ae329f5a5fa3fa784fe6d7e1e805e3f7a75557de64de506d38237b467fa577efb59e7cfe2356bed6655c5aa4e238dcfeb75c16549a0917268768a96acb5e20546a1fb7e3a7cff887f49f2cd7a135f72a98a779150f3207bf733e88861fd79eadbf77fa3bfe97bfe8b6a991cb3bcc2cde8287f7e89384846561934b0f3e05e0646e0e1907770df67a7594161a4d0763faa6fa844080932159999d528ee0558710058ce16f97d13ac9fd9bf5044191188bbfb598d0fafbdf790b61ce0781ecc04218a30ded45efd498cc9ba03562ed2b4a993ee98876b3ab7a9bc07829f1c4ca6ead98c06b
TAG: e0bf9b6837428843f5a233ee5ddb8a1e
TAG: e4d18a701b8308697b5e79141ed783c1
KEY: 4986fd62d6cb86b2eaf219174bec681bebcdef86c8be291f27d3e5dc69e2feba
NONCE: 00000000d08d486620ed2e84
NONCE: d08d486620ed2e84
IN: 3a22ad5de387db4fdd5d62a1b728c23a8dddc50b1e89f54f6198b90499f9da3122ebeb38ebf5fdfe30309734f79aff01e3de1e196b35bffa33bae451f31f74b8aec03763f9e0861a34fe5db0b40c76e57c7fc582bfa19c94ee25b5e168270f379bf9f8a0a18bed05de256f8f0dd7c23ba2ff1c7f721409462f04cc611ad9bd4c3c9acf30742acfb9518a6375cbb15d65a1bc6993ea434894f93d4f6e05996ebc1bd56579296309a2c6b8fde95072168b5fd31927c4c0abaa056bcd16221d5f220be47591f43255013a262dce439817f534830ba82155347e5fe3101f8011b89365a6568214ed0661914e8cb3431d6c8f2347dfc1209a3eca4aaf0a111f47fe
AD: 7dd3f656a03c001b45ca0680bc3ac9d68c6e96b591d3c69eb8c65e489009d845cb331c98b82e627e06d5bf01e74c573df268c2386f12628c019951d42f55991ff20d72a7b2c45f41d0be7af428c92f324aaab8df70d900301cdf09a3d93eb711c919d34a86fff9cb078322ee2e0ad48dbdf3b7884f0f2dc5c36262c59bcfd75ac6200f59c6fcd0ce10ff5005fef5df8f0432377dfbfc1db8f559e27e1aeef3380ea3864867d36a25a18654779a751586cad3b8a46b90864ee697b08605673b8d2123433c020a21c4db243dde2420c12fd4d54a2704a0c8c376454a1b5e80fd6db89aabd56d9b421f29649e474824dfa56cb5c673c504d10be52b53751709fe
CT: c40180afd53001663ff4834110f56e6b0f178cd3c0e7f7de5d0089ee41d8403ffb98e84922706544a344d7e2625b12cf66b9c966f9f57d7b94e3e4b34e6f0aaed1763ce012782e2f5e1682e6c343fc7961fedddd0919d0b910e9923c17e36406979b256b85aec24ee352f03b48c1302eab419c83dccc5372cc059e9de596224fa70098eb32fc9579e97917b923914fa2efc30ab29b457bf14e45583b3771486bdc0876f3ea6e1a646746c4f8c5cb2641a1557c8473e6ea67d4811a67485ae9a678ff3a2408ca845c3b51957e189eef47dfc1d46bde4b9d754d7df13f828ddadb06e4ebddb5f0dafbdb28de4c5e6078926f20cdf9e97ecd58e309e640f74f06
TAG: 2e8eb9ff4467c0f61c2abf6ca10893ef
TAG: fd5e29332832a14a31a9ce2ca8568498
KEY: 7d28a60810e43d3dfa32e97c07957ec069fc80cc6a50061830aa29b3aa777dfc
NONCE: 0000000047738ac8f10f2c3a
NONCE: 47738ac8f10f2c3a
IN: b50278ae0f0fa2f918bb9a5ed3a0797c328e452974d33cbf26a1e213aa20c03d0d89490869754abf84dbbe231d7bccdced77d53fd4527356d8e02b681fc89a535ae87308bf7fbc26197a5ea85bdb3aa033b8da5cd197ea6d72f96f63b03f4ecc7adedf399a5043776cdb32c08f30b77f34df85f8adb8e02649a04b020b03e17d445ca63e4ed73ae432c481392e031eba2f9d2f7f981d1e50917822bd6ff71c239d33444ada3523a59dfbce5457eadec1ab926c9e6c5299c7521e3f204b96901a712504fcc782e8cea80ba12a7f7e71cec3d0871899b6ca059061da037715f7d13fed01c9cade1e687b4fbb1f4ac4b040db3b43800f112fb900e4f772d61b921cbce4da6f
AD: 324292813b7df15bc070cc5d8a4bf74ead036430be63abc43304cf653959a24a91c7de5a671c50fa8a87e21bb82b069999aadfb6895d8bda4c3083d17b8ca55b9ab1511ed8c4b39d8c28c11a22ef90c08a983e3fe2d988df9e02b16a20b24f39ddb28429625f511db08298c4dc321f6c268fc836a6191df6232f51c463a397a8d8b33374abe94e62c0f5c322387e1fc4a1c1980a04a1a3c2c31b32f183a11c3268c6dca521149dc16af120a78be6627210e8ddbc44472bc24d66ce3681c7579b3d9a425212a704a4f5105cb80f0d18ee860953d10b59c114826779bbc368d7a0eece9f223e47cd8e5fd453607d101d9d9c2bd9a658d6520b87d7b4263f6d845a524a36e4
CT: 2c217e969c04740a1acfa30117eb5b32dc573df3354f4cc3bf8f696ff905f1e640f3b2c250473b376622e0c9bda13b94640521be1ef0fc660b4c10dbe2bfc093030753e04f6aaecf813b43b61f960455974b8bb8a9b461d1e8fd3802315e863c00448f24dd38deb90e135493274eb14ccbde15c50dcad734ed815a806be6622492a84cd062e3ba567b909a205a1d0d2bedd40169697d261c7b6c2e0b1f069853fd470e8f364a142c386c439a6dbe192ded5a3d0fbf73799f588c59e58c60249d980ddcf0d9693631cd9b3f972509c3a77123d38d9e267ecad06e1208e3f1c0a69fbca7c3bb1a48fda19493d0f8f48398820057b94120f3ef97d87e9e8a1b301a2534c68f
TAG: ce507bdb0c71f8e89f5078495f7995b8
TAG: 1fdd2dcd935f55822bf7231a516ca841
KEY: a76e9b916f5a67b78a5949651c8c3a9741a1bc3c41cdf85fd2c8f3e9a0616098
NONCE: 000000000808da8292dc14e0
NONCE: 0808da8292dc14e0
IN: 9c149eeb09345c3c22462b03e49eb4dba6bc98b269b1086d752bcd8eea53b8977b238a04a994baf915591686baab90b79a3bf7d9adb2c6c2e31acd3e72f0813fb745aa5fb2e3da408f78001c9c09bd26a1a2646011b6120aaa2bbacc4a16c39fb5257b9b2ea2ad8bf70bcc9855cf11841116c2767310cf3cd49d1aa44cd505f079761e064d5bc7cea4a7173b086882a77d3fc179efc86fc4db8a373491d2ed81eabc63c950e832db17d09f474d4ec46bde47830caf26fabaa0372b81fccc449c0e19ccd630caf693a7b43bb1c408a54e03f50c44280a05ad89fb6e8f01d8ac278edf556e5d86ceb4b614fb2ef133819c6e1ff6abb86c54a135256204b5cd400b93624d3932e7c2b046
AD: 6aeb7031e4a2e23eea93f05fdc562aa2bf43b8998bea7344377aaddc60fbdb7bcb1491d379ed0cb613ee757cfb66490db61bb431d2fad34b38ddd55bc5b22aa6c4773b9992f34b878c5663f6e8cdb5f80a17f4d312bf342492e48d1ce4c6d754076a634fece61500acf8168d47381af4faf980c6cac2bfd5da8c09b6edb0f543bf0fe02643e38d73fa37d8ae87fb66193f22e57faf4393c007d48c8631a685d520578f8f89db684fb371ea02f3a58b1e2168f0216321139472e0d03b6d90ba8aab65402e1c1ac4f9172a60e27e3d997b9b05e2f672120d6c87bcafa6d4c9b4cf8ba8a82932d92840368fc53dc5b48526103dcab5f1531038aabe89171327ac559b98a3cf4ea70bf051
CT: 9c3faab9261a63cea9477b3269007283995b06ba77ef83d9e693f7e4ee9855550eef94855be39a7a435b6a3584b202973777c7b2482376ba47b49311947a64983b60236756ee4455d4cfada8c36af8eb06b06ba2f6b79ffb1185c89f2b2a831cfaa3855fc1841d8910908be5078352011168a67d36372d851a3217cabf593ea462dcd325cf9a4f67e85418fd5c924e9b92ab026cbee4e7ab1067066cb5949dfc699a68fe539e1abb13cec33904e5207e6963d24f5a0b770613b8b00014e791bfff88f9c25ca126127a2f8d1d1e9794efd28dce98b53e228073faae8d5047530d502184fc341321c3f55fcbf41187fc31262c325b97f519959b6a29b36c71f76f60196bb1457b77c8bb
TAG: 73b00b1705602479aab944dcc1b282a2
TAG: b45df119043d29008fcef36a169ef886
KEY: 98cd2477a7a072c69f375b88d09ed9d7b9c3df3f87e36ce621726f76e3b41a1d
NONCE: 0000000077d185aaf715aa48
NONCE: 77d185aaf715aa48
IN: 42b31eefdacab0f03ef6060156000c8195adb0976cabbe1a42bfcc09f85659c60b98638401f2d2e2facfb9a97a62926bb0cecaf3af0180a01bfb6e576babf7fc43331937a92abd30cddfa3e450f895e9dd914dea3fafd759c136d685310ebce28ac0613ccdbf30115946c9634b67510b77d0e37f07714b2ddac9d7095b8d4bd887c132c4a9127eb01c8dedb4c39c87b98a741316656f9a8d5a5b0c0ac84789aa2347a5f99ca5ad55cd1bcf98f703eb4b00badb8a8555f38b3b368db8ba7ceea94e8b219f51edce75d84166b5602156ed5962a93a51db73c59d87e906179d7a74a2a2a69d8ad99f323225c87e475d3f771b4a203a2e2b03b458401044649fa6536dfab24d7037807dcbf6518e6578
AD: f5bb1496052a4361dddf72a288e36953a3d815d6876c013f1d6ba839e127f721b052b1f7d8ca20c7dc0386a7d459ebd7eb9fc8cb08941e6ca9ddb980f3115f65bc1928a414d441ae71dcb879d5bfe0cde0562bc37f8fde0d5291ad405c92fcbb860c43b55ac0fe663b54b3d0616aca13a5c82b7b5d34125a05c2acb5530141030e6f2aa0c8322b2c8fa307e7518918e550e9f48921c6168f094d8758e16b9f815fd0458095c4143f0922adb1840d0e685636825a9c90ee90ee537f4b8dceecbc4287c82dc9a00d7e51671e37ea284ee3ca501b1b2596459d3f592f70186f41125739e342c9f6be9241973b1414dfe5fb8cba1af82e679278cfcf95420df0c5364af4d7e72ad57d5c871fcbc35462
CT: 7a3bf3e3ad5ae3ab71fb1f7121c3d8fb511099484b50af7ca128ee0337ed4b828dc4cde0b88dc1e8089101fa82c9beb3eb48fdcf0f5b16da441f5a3fce9a590022af95a94aed6a3e71e505f60f303c78c356f274ea85a55354078530664ecda32c80e77dc20974b3b38f4825b8fbee8c3970769a2f42c5181608a8d7d76ef4d093961b665ee42b9708fcafe2c82d3a307173e2a25ad2528c3bf83352b9265e45b70722d7cf8c9b80826d21335234ee3db69d0d37871c83222365900c96c17a7e9f5742d0bfe383be24d0d44590d4b0f29f7abe0c65daaffb968b3f2657b1eb300534eacb52ec7a6b6f9f57a50a91b1799f491361cf613c934b7f520dc4eeeb40ffc45e10be0a95e76f366d4eac14
TAG: 69302888812eea030d621b640e7bcf7c
TAG: f613b65226afb64c614fe60d9c71ed74
KEY: 2f0f4631ab1c1bcf8f3ad0559c818d50e0af7d8cd63faa357f2069f30881d9cb
NONCE: 000000007d0ced2fdb1c9173
NONCE: 7d0ced2fdb1c9173
IN: 6516ba1d29357144eebfa486d21decf223da3aa76ec29bbfcbe7f1eeaf4a847710e5080177f7e5a7c8b4752c219b1cc70aef4db861ba67d0fa6222d9f4a1dc756a0ba44e62906f9374a960c16198866d867854d88f528a60e212eb91645787e75685b2e215c0a41990abc344a77236ec0186ba63a664592938cc5a8ac1d3eb99c95ce00e19fbe249263083d85b052d48bfdffc01585dc57bb2a2c6c4a819604c1ec0548c6f0f78dc05e4418b36277dc07233c7532f9c289d6aed0cc6bc7df4fd0a536c497b982e2dad2c30d2db1c6545a845c5dfa83a4ac49ef06fc9c919079d3e299e31b5c3be370814ae5022ae469d3ee55246a41bd0dc4e64351cc38c3c09af0a1aee3b388a6892deff0df3f93cd92d722b
AD: 1ccfa1ececc8de1e200d0ecc19dcf67b7c96bea3a282c2bccba61035db5c14776387b8b8f58e5757deb0129d4e5e315f64df354a5985d2e47ebbbeafe0c914f7cf1d63dd0311ace19e69a8b6ff0ab25cc8df0408d22132205e89e5eb679268d82b2913e64e3f885bbf4a6d379b760b94590e3140dd7275ab4713cb56d0b716e2718f11316640cb394802862d39e77a46d0c065af3caf7dec14e887039d8aa8c3d3a8ac1ee06026f49d00b2f59d971b54735e95a51f199389a93a4fc24ebaba1f7a2eef7412f61febf79084fbf481afc6fb6b204084e5ef5df71f30506459dea074f11fc055cd2a8c0fc922c4811a849984352a56a15659b7d07a4cc90b88623638ea00c4c8bc13884df2237b359f2877aa41d6
CT: e580093789ba17ffb46672dc326f09278aca08598d3e5458eaa53e6ed45d5c71a396e35b5ea3fe7b7c0496a734d24f1c75420694be2ff095d5172fd3407794e4b99fd7c374fbe8d1564a048614d3f355bfb5866de1a53e1a51f9f5e8312253cfd82f36efaa1898c850ca0d975ad1e8b0d9597a5a9e6516fe2a3c92efb7495557a8afc3da15b0d3e2ba58f612519836946cf2d15b898320d16a026c8c00a1be2e35f0ebe68f28d91c6c45d24c3f3c157cb132fa659b7794df883d90741fa2d2afcc4f27858e13ecd41b154a35d24947ae7361170060c107d8ecacb393ea67104b60457278a392fdf1794bab97d3b02b71a4eb015eaa38a4b4c944c2bc7cd5e329da4a1ab2937a6af81a6caa5fce752331fdefd4
TAG: 19bbacfac768bb0ce71e39c5d4d3e9a0
TAG: 0fd7419c54bc84265ed310a3411a3f2e
KEY: a48b9b6df475e566aba7671fbd76772cb0eff0b12499967978ce3e25fac92feb
NONCE: 000000002ccbf0d6c40cb302
NONCE: 2ccbf0d6c40cb302
IN: 09da1cacd001dce4f7573a065a4406fe0da04ab367a2d87780a2762e168957a88d3fa78f0a4b6978d449026e5a801d32884b6e14fdaaaf864214f928ebc03dead081fee96683ebb032362d5088c4c2a3b1e242f055f2604919f4dd551db777a258cf9da6d95a2bde249247812b9efc7985cf08707620808524d6dd3079b0b63bf0f71ea5de834ccb8b7c6a97125fd6ca49148e866d3134bbf1d8a6b714e9a80fe549c8bfefe342f41be2ba2300e0028f78cefab65274632dfdbe70bf7d655ec4036df561f2d4fc4d56a482bbe2f9f2ae279b3aa216b39afee75e53602de319484db89a51e844f38c361634e474f8f1f01c340f3f3594860d671346449c6d08ee38de22d246309bc7e4a252a29c86aa6d94b5b4fa58904c70
AD: 1c2503d5aa1aad193f0da12874074ea0432bb76a61cd43a3017061514da0759846a0f3ae3a49fdb0b6d29f713de665beacb6568f2694112ca380d13f3c1698316866a7a7f87f1d7503a92176ab84fc08977b46ba664508a858e7525753c45511b3d2f407d5e993c6ede77f13d12975707e5195704970a89f71fc30828049f92f944f3aa93d6a5297e678e08952919beb7eac5919df1919cab3c3da6aa696a1eeab6371f310f7e81143e7d240b0213ae554524b52000306160dd4877bf13ba0f13bbe867da7c7d707f31335eef4cd942938ac890a0829ec66bd30ae01a2188a6e5ea0f17cd7dc875e17f03c0ab5dd18e36db8a1fc1f72859ee046b62368f168b3bea2234e0432c07b7d8e1b9277f21e692c513b9e816e6860
CT: 7d35cfe4be56bd6e0e09dedcd01735b915bc1891a4d1f6a541abc4bcd0ebe89dcb8e365e5813742e8ec65777b6159422fada747da99394252baf8a046fc1b60ad79755f545f4448627b7acaf403000894f5641e78d3f946dfca29ec617f0660dcd6e8d8827e67e1022a245c595d86e60fbd176bf721b171bbe5ecaf4ae671b9f3dd3920146e6ad431bd8fc431820e19454b6ca209723d80fdbee187fca9c937c979206ae97be55f6ba7366a5608770a11d537396485eb0a66586385f4d4cf3905d1fc90831c3e136d5d513fa22be285193142994a3ed477145bacdcbdd791e8b3b88b0d4f1d18b27382550a818c4fd8884bf36f677c6c3ff5677406e510911e696af75e5b3f859bef699bdd16e6215fdb98d874025eada50
TAG: 0fa4cb2bab84336409aa4349ab99a8bd
TAG: 2aabff35611b3e0013f6ae0df130799b
KEY: 923d4b086b9e43b986f7b65e4cea6113a3d8aabefa89323c5e4d5b6f158bb7e0
NONCE: 00000000a0f73297b87f5deb
NONCE: a0f73297b87f5deb
IN: 21435e8d5c8edf0684f58c2cba4070c10b4801adf46b6c4d322eb3990a38a9ad338ad704b9df6597f3e68d66cd5b56290c8466db2231e56d6bcb9c44e1bd081f42ca2a894dad369df2bd0d2c63d6c881732d6ea22bb22b5bc9a62eaffa1b094d0845f6b966d2cb095e7b3b8bcbc15e707449d35c8df4aea30c3b7243e977fffd59c80f1c5c9af4bb5a54b9c786fbbe8d21b2b906a87a786caed841a34a3e0cc0ac3209d83c58afba19edd63622dd261532d2cfb0b49d527d8eaa0887a087f5129d897f665264b229f860363d71a88b7d49c8dc6360182b357b0662391bb41337f46010ac32b9fada2d60a2efcb99365d3b27b7ac396900d1c821d0df8b86cc9cc1f2673259a33efea610bf8e1d00d7e9db2afea21da8f58c55f799999d
AD: c853a8b39c0dc597d562f123cd221e4104b65423a062a4f4ba890ba344feb84290f61817e23330c365f58c3583ce08360d3c1171982ead5496d525ac878f23a57480a6ee39d4e65afd6268245bb982a2545fa1195427cdbbcd404cdad5198f55cce2a5a028fae435f71b15921d066e8d43766c32b2f2c3f57c0674e129607dcd3703eca529414adaee79d81fed432153cceb6f3fc53404810d8ec878f7d94be5d379d0e0e1aa9bc404b4b5d396038a9d76a5ce53c9f3759b8e50fb331858ca58cee81bfc3ee58baef5d19c402a3dc8b36370ec1ace5a4aa2527fb94b4f933a4ab8ccaaf6a5af5a779eae5667c2a24ab027e781c8d4f30c377aa5885a2fdaf6507d18cd824a847c35368b4ea984d2c3c3824a5b8ba3042e1852504a21a3
CT: f2e21052eebbb86a4f5e803360855d8632aa727dca6f5e79dd74d7aff106e442001928d113005b030f8446f8eff2ee951db663978abe43090dd5ad2c51ba97a0ecf988c607d95e486d02524f690fa3c28d5c48c1f75c1f555e7b43fe7e46f2ca2b9fdb408ec4ba18b6cdde2af673183cb7b1a3c23ae77eddd4cac75e1ea14743fc571f8d31ce2e96787524cd48aadaa474181c096a032184574ddc25a6e0ac8441c212bc36298708e33c963ae931e6c6241d1affeef7b6ef759495df44b6ab647447693cf703569e69aa72f1def9a342b8978c1edea9703a421ca75b92cac4de14b88c693200022b8a2ed22b1c4678b99f4d695e080dd1196d7168e14f0d0f8ff880d742e97b9f6d00af1f7118e10b77c5ef3ea6c52f84a20fd6ea46dc
TAG: 9bd8b7743c056bb2334833afd6143e18
TAG: fa8ee13400fb3f63b899df582f2fec45
KEY: df73adab2768559ea983cce85453fe81d79be3b3c57f202b31b94d6635cf2e4b
NONCE: 00000000e7a87e6bf6b5a354
NONCE: e7a87e6bf6b5a354
IN: 0032a37abf661faa18c587fd2aa88885c061deeba81105dd221969bed5d59c7204b09b1a8c4c8de3b9f748c7fc70626ebeaca060233a57b102221b1bf0f3d9fdaaad3d2b1439c24d08f9c67f49f3c47128f92ee530abf4c4f4573bc60ae4b38109f55bca3ca9e1ba9f9fd6e34ba0d174892977a53356e1f5c88c614fe3ff3b3dd0818e7a2285412e3b37444bbe8a80942efcfd03958809a6966cda9430b2f0c9e552f4bced6e19eb3e85fc5758bd7b588297ccbed37ed94c3adc8c08ea8b058462aac9d57a939ec711bc4ecfec944d2b653b7cfc7b02a65d7057c9fdadd51b9da8cc4a3c68dae9da8b9c5319c1a2baa3d6c891c5ac4a39461484b5a01abc64df447ada24c04a4363e605eaccf339a9aa515e724206206da6d22bbd2f52e64cd7c895
AD: f833e5ab4f8bc89167f80f576b1d6b22cdd0e30721f5f735799746cf645b6eff531d4c7b03584f3dfcb73cbd35ac42736216dc7f0de098a4f42c61ceb4b227ee288e47d697a0a76afc762f084e8fdbf9351c28340c324771c109a469341ab10ca10483ed2af5e878d7d3dc2bced2f72da3d1a25852b103ee9878e8158eb4309c1ce528f3a178ace153b6d3ae0af0d577cb3cb1540489e80427f792217ad8a09b84f027fca7ceb651b4264e98e94b4cb8a37b133390897233e8ba9103628d05b9609e8552c4a4b11e3f2fa8d56af36957390e88cba44656be3edace798cf8cdf7771bac338a256bc3cba6df97728f222f423ca7c6d149c9372d66163a98f79a234b00d4b75fb2ec860dcc2d1998105e4b9c01d68f079f3e0aa21cc534047fc7b858f8
CT: b842eadfdf431c135bd6581d3eccae54e2267d8890036aa33dfe2d2d9715c44625441210a3a0d666d708d30588fe851ec36e10d8fa3584ed77b095149494b7c54379d62c8935e1d2b9a8f47e4759ad0b3437fdf2cc2fb6c5ea25ad10e0bdc9dc5b0517fc237eb783cc461c46665e2b1d1a5b8008dbf409ea2a63fea0276de23a32c99d92a498807a0f95e208fc6262321a78aafaf0cc3f833fff37bd4efa66f6023a25cdc6702cee3912799563d908a5183c9956a06aa71085d855dc7c809ed6e2889592b361ab3ab39060f8e419152187a794a19c2a1128882201900ea2cd597860674bf78d9720643df8701676718fd201baed4935a88e50558daf86edd08a9ab227ac7afae55c974b68de8dacad4a4d79b13ed6dfe74017a4cb9148e033436fb6
TAG: ee1ec36804e1d5cdbddb52608c711fd8
TAG: 184095b7a8190abec08bb72d19eeb103
KEY: 55a4be2448b464c2ea52a2f2664ed6aba865c14ea1fea77f4689331fd105c8d4
NONCE: 00000000db37c0a405b4626d
NONCE: db37c0a405b4626d
IN: d266e66272e5d3462081b004cb42429c8b9741e9f678153754d726f6f9aa513464763c5e793b482fe512fece97585f1426120d4cefb3d0a8cc0a8db4bde93fc72c78f44d4fecca14650c660d3e285b327e7cdd813063e7e867b8a2d059a41bab70432b7f857199894da90dca3fe5272bae1ec694a1a07b60b05df275784d4975637e4673109f3ba846dfd1a048b202ed8e89973be608b91ee4743b1e759900f1443038951fe6189e806638985f3c16338c3c60695df58e621154d79bb973859c4558e9dca90470f77c73f004443ad5db0717abbe43266f90e57397b83ac34d1fef2e897e2483d5bcdcb627abd64b0d1aef525835f25e76d6e9158232cdde6dce970b59f58de8a98e653be32fb58edabbcefa5065d73afdf1c9c4fbf50c1022bd22bfcb98e4b422
AD: fd6a3fdd879f8880843eac20ae01c1b9dc3487d270a806572088ef2ddc1f1e0de495e71d4813bf5c501ad31e5d791c4b5b3a0a71b63fdddcc8de4b056064ef467989ecccc5d0160d403bf3a025d4892b3b1de3e062bc3581d4410f273338311eb4637529e4a680a6e4a5e26e308630a5b6d49ead6d543f8f2bf9050aa94ce091318721e1d8b96e279f34b9759b65037bec4bf6ccda6929705aeeeebe49e327e4d7a916620c9faf3765120658af34c53fbb97ec07657b3f088fcbdc401aa7949ddeda34d885018c2c23f4f0bb8218bf0d4fc90643658b4d8834f4a8c08e590c2a790995baa9e77627c342d283e454f84fcc05be15e9627a2d9be340c9d72f222bbdfc47905f56616cd9f936d49e4732f319f020513340fb8b22828db251b102b6b137c9533936d6
CT: bd11ed07b7b4b30eeaf25d6a41a549cca0a5aee71f990ac566a37265d7af2ce3c03703427ee0b2755c2bdfc29f9d826aec6ee4ad28af48079ac23db16580b97424f3a4e35cc23625d39f95699d9ff5143e9a2bc26fcfee4f125f5aa2d968ccfc2faaf9db3c28850f6757f735cbc50c94c498bcde4f23bffafa8dd5f70d1a011e35eb26e905d4e68848fedebeb197be595c085ba33f11ba8398258445051751888e9bba111f800f31b37c447074ca6dce6d54b4dfad6cee5138643d4f6ac045e8047248924e88ea4294c7878bc22c9b41924ce301f22693c33733107bf1ba85e34806c5e4366ea66fc52a5f89dd9bf213239158b3d4d2600dde696c61d76c398b9bf10de9118e812e891c8f3355c0ecc6405f79bc32a58905e37888a1d8395fbedc3ac54eca569f
TAG: 296a397d280d026fc3627f4718971be9
TAG: f7d3b58a34a86e99267e5db206f17bbe
# BoringSSL has additional tests here for truncated tags. *ring* doesn't
# support tag truncation, so those tests were removed.
KEY: 3304e4917ad7777b86c26a636292c9cc4c10d32003c49e07209eb0ef8505031a
NONCE: 4d572d116fbd8c4d
IN: 2f242c2ba33790ecef862b0e077ff8b15eb9d10cf2ff621ed65902494431dcbd
AD: e699bbf250cdd93d229d0740e433897e2d19132e2b722df8b69bb6a7c2cf3b93
CT: fb81e30436e437c7f686f86b1b65c73549a9d09db810d320785c3634934150b3
TAG: 8b
KEY: ed6057bb163f1609ff28b938122f495e3d5ae4ec3dbd7456c9b5c82e28e952dc
NONCE: e6ff6852f3a3afde
IN: 3c50edc967eb0b3b2355f6400e0a036e796c8b7d72c5e583a86e820d53e76c43
AD: 2441db55148e14e9e241d68296eb60d529408f0534143089671bce546db96d88
CT: 6ecabccee31519374d4bed11296e7483d1cb759bea3f4446a96bda8b4ca6d7ac
TAG: 355f
KEY: 73568183c1f9725af30e0f2067606ce802c3fe3ab5cff8d02b3db8c35176ee0d
NONCE: 0bc9e19321b3d00a
IN: ec2590af5ccd226a32ff750c1b029c11e3dd76c469a5579da9418e4c3fdc0d41
AD: df30160ae0cbf2cf8992221bd62dffe691dd602afa784ca691479e957af3acf1
CT: 9e8d8ac30626f8b831448d6976933aa5bb8c6dbc794e1f4b7eeb0e4a59342c07
TAG: 9fd36a
KEY: 273bcb3f8c067da4ec3418799ad40e7e4aee74ad7e629499d646df4a7e585025
NONCE: f60be3eb894b4030
IN: 697498ba964d5ef401da4d94844fab1efc635e7157d0831a325bb5a4cf1fbd34
AD: 9129715deab14f02c76ba8172571b1fa9d50365cd795bfccdfc28e7e7b4f66fc
CT: bd4cd5af83be1c13933302675d9fcaf1c4cacdf269f6ff441d1ea2211c54e7ed
TAG: 7ab12a37
KEY: ad39610c2e6a6d0961207390e076e972c2edadca885c92965fa648b2ce34fdbf
NONCE: a90db690bba83b78
IN: 31c49e3cd3d80a82e6b90316dfb94b38b8a23042519bf40c8181fec873c99002
AD: ddbd7d821d18d44c66295abf245b227b5cf4366811b7b34c07679600abdbfc29
CT: 94628fc303a0546edd51e966f2bd87968f37800c607d5e5a91f727fc1fec406f
TAG: c22ec4e4c8
KEY: 29984954060ba06ece1bcfc0e50195f4632c6df48da1e02ae6c14f7065668971
NONCE: cce53a25aeeaf747
IN: b9b87433a9894f3c9ca8212623d62369a565a2edcddd276e07d611eda3597426
AD: 19fa9aa59697559d8b46d9cd49c3b763c0b73b26b9e334a3eeac2c86fdbaca8d
CT: b68c83397770c36f073710882fa86d43b0e54e8efef0ff75075604d0d7ec4e1b
TAG: 40d4ab752f3d
KEY: 5c3b838b84100b2a818c0842e9fe19a7c50cf5f3ea73364c816ef588e500ff3f
NONCE: fdf6b0229e4bcc2a
IN: 2ba91904c143be99297b39f52856904af41705c176c8c6554b6bc89bddffbcc1
AD: 3539d9dd821f004f4ced1637071f4be6abd7fe98f017f0a8ce3f49dc8d496f46
CT: ff9d6d924e737a1df8c2bd3047e40ab401f903aa0e5b51acb991bac38ac2cc4d
TAG: 1bcaa415a6a3c7
KEY: 6d65e627cab6d5eb1a088b25bd6c3a8a004a7a19cccae909d62fed3559c812f7
NONCE: 7ff00a8798b792de
IN: 6848ee4ac820291a2e1dc3baad97f1ad8b7160dfeaa1bc83b2700ae42b5a366b
AD: d2437b1306bf0ea211449fac863ca0d1074d84caee9009c5d54b9e9bdc8de6b1
CT: 2da0abe2a71e1c0b1ab309c160a8cebe45c6e16170aa5561806484ba2b5b9a9a
TAG: 566003e1f78d2a90
KEY: 63401046a96efbc8c6483a2c396b2a593d3fae0db565525b85999fae13a46b6a
NONCE: 051393d775e635ee
IN: 2b4b6477580382aae782f8b5772c0948a444d8d95caacd85c0856c7e4393fe09
AD: 3d84d2e70e9c062d1f511eb685a9a90c8d5fa50eadf8455c7148666b3e7155e0
CT: 880c1123e54fd8ffb3c293720dd174913572e619ef46504cdaa64fc451b0ec1c
TAG: 339274339c88d50ac0
KEY: 291fccfce0782f1787d62d4b9293d2ada4c04d37a8288ba9ba9aae0d31aad204
NONCE: 7450bbd62e4aba7b
IN: adc251e793181e5d4c4bd983b853eb13f2096ccb340996b6eca4cd2157efcec7
AD: 4c598f6deedc8c1d97da33654763495cca3517430eec4edb006b10c95e031ae6
CT: 28bda22e4922cd8ff6739cd8a6bdafce036d9c61a145a65ca1b86f6d4d3206a1
TAG: d98fd43fe7ac74d4b016
KEY: fa3a9674d4a0eb36b2f7547c956443d09e6b4e4acfc9deda838eb7ebdb999a8d
NONCE: 0a2572592c3bbbf6
IN: ae27f70fda9f5a5be0f704a27f0b8a9c04ce83d3c2e0d7ec152da25f473b0c8a
AD: 6ee8705a9a3655d198497ad410da02005872ecbe397824851b80f4050bfdd311
CT: f356cbd88e4e2aff62d91e3f914032085388955bbba995fde013758b8702e38f
TAG: 00324c76fecd3f50e1e3b8
KEY: 471ec87b992b104d369748d96856b5f66149cb45ca05c17f29d24eb9526fe6db
NONCE: 23a2df9ed0b47439
IN: 2b9452bca0f48e5519ec3d0736597608df6ad9ce799eba913cff71573d79c092
AD: a56722ddfaee5f1b64398c225ee8bcdcfde5c2127101c363bfac52bc409c1082
CT: 7bbc464aac5dd29c25262fe0b116c176d827c2cc8dd63428393b0a9110f3c194
TAG: 2e87f4a6663a62e47c7e197f
KEY: a29d1cfd4ccdc18803fbca9500f4bb29ce99cfcbf8acc41b8208dae4b7ee5d64
NONCE: 634f99e88e237ef0
IN: 09ee5982c5743f396d0c29c13e3fbb8fb89f61705da05466291e010effd51a5c
AD: 564dddfcc3227b413244f1105b610f192decf15c4cfa067f4d7fcd6bd7af11b8
CT: 32916b67a6f32733623344c98c49773f3e721dc2ded105fb245799525bc9c84c
TAG: ff463c07e7ef831321d3fd775f
KEY: 08ba23616d911188f91da063278bef1237dcbf17f52585e53c2c4b6cf3ac9f0d
NONCE: 989ae593eddd3874
IN: 749152c9478944c8271c0c11e07bc1c569eec01493e65b3b94842a1bf5d721f8
AD: a12d1a45b7c9b91ab08751a70b753714052ad24e0b2619fe8c3be303c65f2dbc
CT: 34c40538ee1d22ddf8ac290dd7d423dfc622b5cf8f3412a5343e277822aea713
TAG: 014c7c678e0949e88071d1fe3531
KEY: c2ba8bed8634156afc6bfe3754c91744d4131de39d059f3a866399f916553b5c
NONCE: 80fbf7b433a4cd9c
IN: 419be6623e7964f9f26068dd969e4a139617e67c5ffb269b3013c433fe771c77
AD: 3937592db78a61ff469691b6800792019bc2b3d42512f23c1b1a66a8274495cb
CT: 9d5bd1c7e766763eb00684c038043111d8c6390a8d6e17a15ef97c02ab16f09c
TAG: a64d0eeb4a01481ec0cee8c1c357e3
crypto/cipher/test/cipher_test.txt
-53
View File
@@ -38,22 +38,6 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
# DES EDE CBC tests
Cipher = DES-EDE-CBC
Key = 0123456789abcdeff1e0d3c2b5a49786
IV = fedcba9876543210
Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
Ciphertext = 7948C0DA4FE91CD815DCA96DBC9B60A857EB954F4DEB08EB98722642AE69257B
# DES EDE tests
Cipher = DES-EDE
Key = 0123456789abcdeff1e0d3c2b5a49786
IV = fedcba9876543210
Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
Ciphertext = 22E889402E28422F8167AD279D90A566DA75B734E12C671FC2669AECB3E4FE8F
# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
Cipher = AES-128-ECB
Key = 000102030405060708090A0B0C0D0E0F
@@ -558,40 +542,3 @@ Cipher = AES-192-ECB
Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E
# DES ECB tests
Cipher = DES-ECB
Key = 0000000000000000
Plaintext = 0000000000000000
Ciphertext = 8CA64DE9C1B123A7
Cipher = DES-ECB
Key = FFFFFFFFFFFFFFFF
Plaintext = FFFFFFFFFFFFFFFF
Ciphertext = 7359B2163E4EDC58
Cipher = DES-ECB
Key = 3000000000000000
Plaintext = 1000000000000001
Ciphertext = 958E6E627A05557B
Cipher = DES-ECB
Key = 1111111111111111
Plaintext = 1111111111111111
Ciphertext = F40379AB9E0EC533
Cipher = DES-ECB
Key = 0123456789ABCDEF
Plaintext = 1111111111111111
Ciphertext = 17668DFC7292532D
Cipher = DES-ECB
Key = 1111111111111111
Plaintext = 0123456789ABCDEF
Ciphertext = 8A5AE1F81AB8F2DD
Cipher = DES-ECB
Key = FEDCBA9876543210
Plaintext = 0123456789ABCDEF
Ciphertext = ED39D950FA74BCC4
crypto/cipher/tls_cbc.c
+5 -5
View File
@@ -229,11 +229,11 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size,
* typically does. */
static void tls1_sha1_final_raw(void *ctx, uint8_t *md_out) {
SHA_CTX *sha1 = ctx;
u32toBE(sha1->h[0], md_out);
u32toBE(sha1->h[1], md_out);
u32toBE(sha1->h[2], md_out);
u32toBE(sha1->h[3], md_out);
u32toBE(sha1->h[4], md_out);
u32toBE(sha1->h0, md_out);
u32toBE(sha1->h1, md_out);
u32toBE(sha1->h2, md_out);
u32toBE(sha1->h3, md_out);
u32toBE(sha1->h4, md_out);
}
#define LARGEST_DIGEST_CTX SHA_CTX
crypto/cmac/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
cmac
@@ -17,4 +17,3 @@ add_executable(
)
target_link_libraries(cmac_test crypto)
add_dependencies(all_tests cmac_test)
crypto/conf/CMakeLists.txt
+1 -1
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
conf
crypto/conf/conf.c
+16 -20
View File
@@ -111,16 +111,6 @@ CONF *NCONF_new(void *method) {
return conf;
}
CONF_VALUE *CONF_VALUE_new(void) {
CONF_VALUE *v = OPENSSL_malloc(sizeof(CONF_VALUE));
if (!v) {
OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset(v, 0, sizeof(CONF_VALUE));
return v;
}
static void value_free_contents(CONF_VALUE *value) {
if (value->section) {
OPENSSL_free(value->section);
@@ -147,26 +137,29 @@ void NCONF_free(CONF *conf) {
return;
}
lh_CONF_VALUE_doall(conf->data, value_free);
lh_CONF_VALUE_doall(conf->data, value_free_contents);
lh_CONF_VALUE_free(conf->data);
OPENSSL_free(conf);
}
CONF_VALUE *NCONF_new_section(const CONF *conf, const char *section) {
STACK_OF(CONF_VALUE) *sk = NULL;
int ok = 0;
int ok = 0, i;
CONF_VALUE *v = NULL, *old_value;
sk = sk_CONF_VALUE_new_null();
v = CONF_VALUE_new();
v = OPENSSL_malloc(sizeof(CONF_VALUE));
if (sk == NULL || v == NULL) {
goto err;
}
v->section = OPENSSL_strdup(section);
i = strlen(section) + 1;
v->section = OPENSSL_malloc(i);
if (v->section == NULL) {
goto err;
}
memcpy(v->section, section, i);
v->section[i-1] = 0;
v->name = NULL;
v->value = (char *)sk;
@@ -379,12 +372,11 @@ const char *NCONF_get_string(const CONF *conf, const char *section,
return value->value;
}
static int add_string(const CONF *conf, CONF_VALUE *section,
CONF_VALUE *value) {
int add_string(const CONF *conf, CONF_VALUE *section, CONF_VALUE *value) {
STACK_OF(CONF_VALUE) *section_stack = (STACK_OF(CONF_VALUE)*) section->value;
CONF_VALUE *old_value;
value->section = OPENSSL_strdup(section->section);
value->section = section->section;
if (!sk_CONF_VALUE_push(section_stack, value)) {
return 0;
}
@@ -517,11 +509,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
goto err;
}
section = OPENSSL_strdup("default");
section = (char *)OPENSSL_malloc(10);
if (section == NULL) {
OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(section, "default", 10);
sv = NCONF_new_section(conf, section);
if (sv == NULL) {
@@ -646,17 +639,20 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
p++;
*p = '\0';
if (!(v = CONF_VALUE_new())) {
if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) {
OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
goto err;
}
if (psection == NULL) {
psection = section;
}
v->name = OPENSSL_strdup(pname);
v->name = (char *)OPENSSL_malloc(strlen(pname) + 1);
v->value = NULL;
if (v->name == NULL) {
OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(v->name, pname, strlen(pname) + 1);
if (!str_copy(conf, psection, &(v->value), start)) {
goto err;
}
crypto/conf/internal.h
-31
View File
@@ -1,31 +0,0 @@
/* Copyright (c) 2015, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H
#define OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H
#if defined(__cplusplus)
extern "C" {
#endif
/* CONF_VALUE_new returns a freshly allocated and zeroed |CONF_VALUE|. */
CONF_VALUE *CONF_VALUE_new(void);
#if defined(__cplusplus)
} /* extern C */
#endif
#endif /* OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H */
crypto/cpu-arm.c
+7 -17
View File
@@ -14,16 +14,17 @@
#include <openssl/cpu.h>
#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
!defined(OPENSSL_STATIC_ARMCAP)
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
#include <inttypes.h>
#include <string.h>
#if !defined(OPENSSL_TRUSTY)
#include <setjmp.h>
#include <signal.h>
#endif
#include <openssl/arm_arch.h>
#include "arm_arch.h"
/* We can't include <sys/auxv.h> because the Android SDK version against which
@@ -32,8 +33,6 @@
unsigned long getauxval(unsigned long type) __attribute__((weak));
extern uint32_t OPENSSL_armcap_P;
char CRYPTO_is_NEON_capable(void) {
return (OPENSSL_armcap_P & ARMV7_NEON) != 0;
}
@@ -63,15 +62,7 @@ void CRYPTO_set_NEON_functional(char neon_functional) {
}
}
int CRYPTO_is_ARMv8_AES_capable(void) {
return (OPENSSL_armcap_P & ARMV8_AES) != 0;
}
int CRYPTO_is_ARMv8_PMULL_capable(void) {
return (OPENSSL_armcap_P & ARMV8_PMULL) != 0;
}
#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM)
#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && !defined(OPENSSL_TRUSTY)
static sigjmp_buf sigill_jmp;
@@ -129,7 +120,7 @@ static int probe_for_NEON(void) {
return 0;
}
#endif /* !OPENSSL_NO_ASM && OPENSSL_ARM */
#endif /* !OPENSSL_NO_ASM && OPENSSL_ARM && !OPENSSL_TRUSTY */
void OPENSSL_cpuid_setup(void) {
if (getauxval == NULL) {
@@ -195,5 +186,4 @@ void OPENSSL_cpuid_setup(void) {
}
}
#endif /* (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) &&
!defined(OPENSSL_STATIC_ARMCAP) */
#endif /* defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) */
crypto/crypto.c
+3 -29
View File
@@ -17,7 +17,7 @@
#include "internal.h"
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
#if !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
/* x86, x86_64 and the ARMs need to record the result of a cpuid call for the
@@ -55,29 +55,9 @@
uint32_t OPENSSL_ia32cap_P[4] = {0};
#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
#include <openssl/arm_arch.h>
#include "arm_arch.h"
#if defined(OPENSSL_STATIC_ARMCAP)
uint32_t OPENSSL_armcap_P =
#if defined(OPENSSL_STATIC_ARMCAP_NEON) || defined(__ARM_NEON__)
ARMV7_NEON | ARMV7_NEON_FUNCTIONAL |
#endif
#if defined(OPENSSL_STATIC_ARMCAP_AES)
ARMV8_AES |
#endif
#if defined(OPENSSL_STATIC_ARMCAP_SHA1)
ARMV8_SHA1 |
#endif
#if defined(OPENSSL_STATIC_ARMCAP_SHA256)
ARMV8_SHA256 |
#endif
#if defined(OPENSSL_STATIC_ARMCAP_PMULL)
ARMV8_PMULL |
#endif
0;
#elif defined(__ARM_NEON__)
#if defined(__ARM_NEON__)
uint32_t OPENSSL_armcap_P = ARMV7_NEON | ARMV7_NEON_FUNCTIONAL;
#else
uint32_t OPENSSL_armcap_P = ARMV7_NEON_FUNCTIONAL;
@@ -130,9 +110,3 @@ const char *SSLeay_version(int unused) {
unsigned long SSLeay(void) {
return OPENSSL_VERSION_NUMBER;
}
int CRYPTO_malloc_init(void) {
return 1;
}
void ENGINE_load_builtin_engines(void) {}
crypto/des/CMakeLists.txt
+1 -1
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
des
crypto/des/des.c
+2
View File
@@ -499,6 +499,7 @@ static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
data[1] = ROTATE(r, 3) & 0xffffffffL;
}
/* DES_encrypt3 is not static because it's used in decrepit. */
void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
uint32_t l, r;
@@ -518,6 +519,7 @@ void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
data[1] = r;
}
/* DES_decrypt3 is not static because it's used in decrepit. */
void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
uint32_t l, r;
crypto/dh/CMakeLists.txt
+2 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
dh
@@ -6,6 +6,7 @@ add_library(
OBJECT
dh.c
dh_impl.c
params.c
check.c
dh_asn1.c
@@ -20,4 +21,3 @@ add_executable(
)
target_link_libraries(dh_test crypto)
add_dependencies(all_tests dh_test)
crypto/dh/dh.c
+45 -260
View File
@@ -69,11 +69,13 @@
#include "../internal.h"
#define OPENSSL_DH_MAX_MODULUS_BITS 10000
extern const DH_METHOD DH_default_method;
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
DH *DH_new(void) {
DH *DH_new(void) { return DH_new_method(NULL); }
DH *DH_new_method(const ENGINE *engine) {
DH *dh = (DH *)OPENSSL_malloc(sizeof(DH));
if (dh == NULL) {
OPENSSL_PUT_ERROR(DH, ERR_R_MALLOC_FAILURE);
@@ -82,11 +84,26 @@ DH *DH_new(void) {
memset(dh, 0, sizeof(DH));
if (engine) {
dh->meth = ENGINE_get_DH_method(engine);
}
if (dh->meth == NULL) {
dh->meth = (DH_METHOD*) &DH_default_method;
}
METHOD_ref(dh->meth);
CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
dh->references = 1;
if (!CRYPTO_new_ex_data(&g_ex_data_class, dh, &dh->ex_data)) {
CRYPTO_MUTEX_cleanup(&dh->method_mont_p_lock);
OPENSSL_free(dh);
return NULL;
}
if (dh->meth->init && !dh->meth->init(dh)) {
CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data);
METHOD_unref(dh->meth);
OPENSSL_free(dh);
return NULL;
}
@@ -103,278 +120,46 @@ void DH_free(DH *dh) {
return;
}
if (dh->meth->finish) {
dh->meth->finish(dh);
}
METHOD_unref(dh->meth);
CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data);
BN_MONT_CTX_free(dh->method_mont_p);
BN_clear_free(dh->p);
BN_clear_free(dh->g);
BN_clear_free(dh->q);
BN_clear_free(dh->j);
OPENSSL_free(dh->seed);
BN_clear_free(dh->counter);
BN_clear_free(dh->pub_key);
BN_clear_free(dh->priv_key);
if (dh->method_mont_p) BN_MONT_CTX_free(dh->method_mont_p);
if (dh->p != NULL) BN_clear_free(dh->p);
if (dh->g != NULL) BN_clear_free(dh->g);
if (dh->q != NULL) BN_clear_free(dh->q);
if (dh->j != NULL) BN_clear_free(dh->j);
if (dh->seed) OPENSSL_free(dh->seed);
if (dh->counter != NULL) BN_clear_free(dh->counter);
if (dh->pub_key != NULL) BN_clear_free(dh->pub_key);
if (dh->priv_key != NULL) BN_clear_free(dh->priv_key);
CRYPTO_MUTEX_cleanup(&dh->method_mont_p_lock);
OPENSSL_free(dh);
}
int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator, BN_GENCB *cb) {
/* We generate DH parameters as follows
* find a prime q which is prime_bits/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
* g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
* Since the factors of p-1 are q and 2, we just need to check
* g^2 mod p != 1 and g^q mod p != 1.
*
* Having said all that,
* there is another special case method for the generators 2, 3 and 5.
* for 2, p mod 24 == 11
* for 3, p mod 12 == 5 <<<<< does not work for safe primes.
* for 5, p mod 10 == 3 or 7
*
* Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
* special generators and for answering some of my questions.
*
* I've implemented the second simple method :-).
* Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
/* Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
BIGNUM *t1, *t2;
int g, ok = 0;
BN_CTX *ctx = NULL;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
if (dh->meth->generate_parameters) {
return dh->meth->generate_parameters(dh, prime_bits, generator, cb);
}
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
t2 = BN_CTX_get(ctx);
if (t1 == NULL || t2 == NULL) {
goto err;
}
/* Make sure |dh| has the necessary elements */
if (dh->p == NULL) {
dh->p = BN_new();
if (dh->p == NULL) {
goto err;
}
}
if (dh->g == NULL) {
dh->g = BN_new();
if (dh->g == NULL) {
goto err;
}
}
if (generator <= 1) {
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
goto err;
}
if (generator == DH_GENERATOR_2) {
if (!BN_set_word(t1, 24)) {
goto err;
}
if (!BN_set_word(t2, 11)) {
goto err;
}
g = 2;
} else if (generator == DH_GENERATOR_5) {
if (!BN_set_word(t1, 10)) {
goto err;
}
if (!BN_set_word(t2, 3)) {
goto err;
}
/* BN_set_word(t3,7); just have to miss
* out on these ones :-( */
g = 5;
} else {
/* in the general case, don't worry if 'generator' is a
* generator or not: since we are using safe primes,
* it will generate either an order-q or an order-2q group,
* which both is OK */
if (!BN_set_word(t1, 2)) {
goto err;
}
if (!BN_set_word(t2, 1)) {
goto err;
}
g = generator;
}
if (!BN_generate_prime_ex(dh->p, prime_bits, 1, t1, t2, cb)) {
goto err;
}
if (!BN_GENCB_call(cb, 3, 0)) {
goto err;
}
if (!BN_set_word(dh->g, g)) {
goto err;
}
ok = 1;
err:
if (!ok) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
}
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ok;
return DH_default_method.generate_parameters(dh, prime_bits, generator, cb);
}
int DH_generate_key(DH *dh) {
int ok = 0;
int generate_new_key = 0;
unsigned l;
BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
BIGNUM local_priv;
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
goto err;
if (dh->meth->generate_key) {
return dh->meth->generate_key(dh);
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
if (dh->priv_key == NULL) {
priv_key = BN_new();
if (priv_key == NULL) {
goto err;
}
generate_new_key = 1;
} else {
priv_key = dh->priv_key;
}
if (dh->pub_key == NULL) {
pub_key = BN_new();
if (pub_key == NULL) {
goto err;
}
} else {
pub_key = dh->pub_key;
}
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock,
dh->p, ctx);
if (!mont) {
goto err;
}
if (generate_new_key) {
if (dh->q) {
do {
if (!BN_rand_range(priv_key, dh->q)) {
goto err;
}
} while (BN_is_zero(priv_key) || BN_is_one(priv_key));
} else {
/* secret exponent length */
DH_check_standard_parameters(dh);
l = dh->priv_length ? dh->priv_length : BN_num_bits(dh->p) - 1;
if (!BN_rand(priv_key, l, 0, 0)) {
goto err;
}
}
}
BN_with_flags(&local_priv, priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont(pub_key, dh->g, &local_priv, dh->p, ctx, mont)) {
goto err;
}
dh->pub_key = pub_key;
dh->priv_key = priv_key;
ok = 1;
err:
if (ok != 1) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
}
if (dh->pub_key == NULL) {
BN_free(pub_key);
}
if (dh->priv_key == NULL) {
BN_free(priv_key);
}
BN_CTX_free(ctx);
return ok;
return DH_default_method.generate_key(dh);
}
int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) {
BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL;
BIGNUM *shared_key;
int ret = -1;
int check_result;
BIGNUM local_priv;
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
goto err;
if (dh->meth->compute_key) {
return dh->meth->compute_key(dh, out, peers_key);
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
shared_key = BN_CTX_get(ctx);
if (shared_key == NULL) {
goto err;
}
if (dh->priv_key == NULL) {
OPENSSL_PUT_ERROR(DH, DH_R_NO_PRIVATE_VALUE);
goto err;
}
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock,
dh->p, ctx);
if (!mont) {
goto err;
}
if (!DH_check_pub_key(dh, peers_key, &check_result) || check_result) {
OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY);
goto err;
}
BN_with_flags(&local_priv, dh->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont(shared_key, peers_key, &local_priv, dh->p, ctx,
mont)) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
goto err;
}
ret = BN_bn2bin(shared_key, out);
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ret;
return DH_default_method.compute_key(dh, out, peers_key);
}
int DH_size(const DH *dh) { return BN_num_bytes(dh->p); }
@@ -459,9 +244,9 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
}
int DH_set_ex_data(DH *d, int idx, void *arg) {
return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
}
void *DH_get_ex_data(DH *d, int idx) {
return CRYPTO_get_ex_data(&d->ex_data, idx);
return (CRYPTO_get_ex_data(&d->ex_data, idx));
}
crypto/dh/dh_impl.c
+326
View File
@@ -0,0 +1,326 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/thread.h>
#include "internal.h"
#define OPENSSL_DH_MAX_MODULUS_BITS 10000
static int generate_parameters(DH *ret, int prime_bits, int generator, BN_GENCB *cb) {
/* We generate DH parameters as follows
* find a prime q which is prime_bits/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
* g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
* Since the factors of p-1 are q and 2, we just need to check
* g^2 mod p != 1 and g^q mod p != 1.
*
* Having said all that,
* there is another special case method for the generators 2, 3 and 5.
* for 2, p mod 24 == 11
* for 3, p mod 12 == 5 <<<<< does not work for safe primes.
* for 5, p mod 10 == 3 or 7
*
* Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
* special generators and for answering some of my questions.
*
* I've implemented the second simple method :-).
* Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
/* Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
BIGNUM *t1, *t2;
int g, ok = 0;
BN_CTX *ctx = NULL;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
t2 = BN_CTX_get(ctx);
if (t1 == NULL || t2 == NULL) {
goto err;
}
/* Make sure 'ret' has the necessary elements */
if (!ret->p && ((ret->p = BN_new()) == NULL)) {
goto err;
}
if (!ret->g && ((ret->g = BN_new()) == NULL)) {
goto err;
}
if (generator <= 1) {
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
goto err;
}
if (generator == DH_GENERATOR_2) {
if (!BN_set_word(t1, 24)) {
goto err;
}
if (!BN_set_word(t2, 11)) {
goto err;
}
g = 2;
} else if (generator == DH_GENERATOR_5) {
if (!BN_set_word(t1, 10)) {
goto err;
}
if (!BN_set_word(t2, 3)) {
goto err;
}
/* BN_set_word(t3,7); just have to miss
* out on these ones :-( */
g = 5;
} else {
/* in the general case, don't worry if 'generator' is a
* generator or not: since we are using safe primes,
* it will generate either an order-q or an order-2q group,
* which both is OK */
if (!BN_set_word(t1, 2)) {
goto err;
}
if (!BN_set_word(t2, 1)) {
goto err;
}
g = generator;
}
if (!BN_generate_prime_ex(ret->p, prime_bits, 1, t1, t2, cb)) {
goto err;
}
if (!BN_GENCB_call(cb, 3, 0)) {
goto err;
}
if (!BN_set_word(ret->g, g)) {
goto err;
}
ok = 1;
err:
if (!ok) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
}
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ok;
}
static int generate_key(DH *dh) {
int ok = 0;
int generate_new_key = 0;
unsigned l;
BN_CTX *ctx;
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
BIGNUM local_priv;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
if (dh->priv_key == NULL) {
priv_key = BN_new();
if (priv_key == NULL) {
goto err;
}
generate_new_key = 1;
} else {
priv_key = dh->priv_key;
}
if (dh->pub_key == NULL) {
pub_key = BN_new();
if (pub_key == NULL) {
goto err;
}
} else {
pub_key = dh->pub_key;
}
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock,
dh->p, ctx);
if (!mont) {
goto err;
}
if (generate_new_key) {
if (dh->q) {
do {
if (!BN_rand_range(priv_key, dh->q)) {
goto err;
}
} while (BN_is_zero(priv_key) || BN_is_one(priv_key));
} else {
/* secret exponent length */
DH_check_standard_parameters(dh);
l = dh->priv_length ? dh->priv_length : BN_num_bits(dh->p) - 1;
if (!BN_rand(priv_key, l, 0, 0)) {
goto err;
}
}
}
BN_with_flags(&local_priv, priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont(pub_key, dh->g, &local_priv, dh->p, ctx, mont)) {
goto err;
}
dh->pub_key = pub_key;
dh->priv_key = priv_key;
ok = 1;
err:
if (ok != 1) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
}
if (dh->pub_key == NULL) {
BN_free(pub_key);
}
if (dh->priv_key == NULL) {
BN_free(priv_key);
}
BN_CTX_free(ctx);
return ok;
}
static int compute_key(DH *dh, unsigned char *out, const BIGNUM *pub_key) {
BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL;
BIGNUM *shared_key;
int ret = -1;
int check_result;
BIGNUM local_priv;
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
goto err;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
shared_key = BN_CTX_get(ctx);
if (shared_key == NULL) {
goto err;
}
if (dh->priv_key == NULL) {
OPENSSL_PUT_ERROR(DH, DH_R_NO_PRIVATE_VALUE);
goto err;
}
mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock,
dh->p, ctx);
if (!mont) {
goto err;
}
if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY);
goto err;
}
BN_with_flags(&local_priv, dh->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp_mont(shared_key, pub_key, &local_priv, dh->p, ctx,
mont)) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
goto err;
}
ret = BN_bn2bin(shared_key, out);
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
return ret;
}
const struct dh_method DH_default_method = {
{
0 /* references */,
1 /* is_static */,
},
NULL /* app_data */,
NULL /* init */,
NULL /* finish */,
generate_parameters,
generate_key,
compute_key,
};
crypto/dh/dh_test.cc
+7 -6
View File
@@ -68,6 +68,7 @@
#include "internal.h"
#include "../test/scoped_types.h"
#include "../test/stl_compat.h"
static bool RunBasicTests();
@@ -166,7 +167,7 @@ static bool RunBasicTests() {
printf("\n");
std::vector<uint8_t> key1(DH_size(a.get()));
int ret = DH_compute_key(key1.data(), b->pub_key, a.get());
int ret = DH_compute_key(bssl::vector_data(&key1), b->pub_key, a.get());
if (ret < 0) {
return false;
}
@@ -179,7 +180,7 @@ static bool RunBasicTests() {
printf("\n");
std::vector<uint8_t> key2(DH_size(b.get()));
ret = DH_compute_key(key2.data(), a->pub_key, b.get());
ret = DH_compute_key(bssl::vector_data(&key2), a->pub_key, b.get());
if (ret < 0) {
return false;
}
@@ -457,17 +458,17 @@ static bool RunRFC5114Tests() {
std::vector<uint8_t> Z2(DH_size(dhB.get()));
/* Work out shared secrets using both sides and compare
* with expected values. */
int ret1 = DH_compute_key(Z1.data(), dhB->pub_key, dhA.get());
int ret2 = DH_compute_key(Z2.data(), dhA->pub_key, dhB.get());
int ret1 = DH_compute_key(bssl::vector_data(&Z1), dhB->pub_key, dhA.get());
int ret2 = DH_compute_key(bssl::vector_data(&Z2), dhA->pub_key, dhB.get());
if (ret1 < 0 || ret2 < 0) {
fprintf(stderr, "DH_compute_key error RFC5114 set %u\n", i + 1);
return false;
}
if (static_cast<size_t>(ret1) != td->Z_len ||
memcmp(Z1.data(), td->Z, td->Z_len) != 0 ||
memcmp(bssl::vector_data(&Z1), td->Z, td->Z_len) != 0 ||
static_cast<size_t>(ret2) != td->Z_len ||
memcmp(Z2.data(), td->Z, td->Z_len) != 0) {
memcmp(bssl::vector_data(&Z2), td->Z, td->Z_len) != 0) {
fprintf(stderr, "Test failed RFC5114 set %u\n", i + 1);
return false;
}
crypto/dh/params.c
+4 -2
View File
@@ -264,7 +264,9 @@ BIGNUM bn_two = STATIC_BIGNUM(bn_two_data);
static DH *get_standard_parameters(const struct standard_parameters *params,
const ENGINE *engine) {
DH *dh = DH_new();
DH *dh;
dh = DH_new_method(engine);
if (!dh) {
return NULL;
}
@@ -293,7 +295,7 @@ DH *DH_get_2048_256(const ENGINE *engine) {
}
void DH_check_standard_parameters(DH *dh) {
unsigned i;
int i;
if (dh->p == NULL ||
dh->g == NULL ||
crypto/digest/CMakeLists.txt
+1 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
digest
@@ -18,4 +18,3 @@ add_executable(
)
target_link_libraries(digest_test crypto)
add_dependencies(all_tests digest_test)
crypto/digest/digest.c
+1 -2
View File
@@ -129,8 +129,8 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
}
EVP_MD_CTX_cleanup(out);
memcpy(out, in, sizeof(EVP_MD_CTX));
out->digest = in->digest;
if (in->md_data && in->digest->ctx_size) {
if (tmp_buf) {
out->md_data = tmp_buf;
@@ -145,7 +145,6 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
}
assert(in->pctx == NULL || in->pctx_ops != NULL);
out->pctx_ops = in->pctx_ops;
if (in->pctx && in->pctx_ops) {
out->pctx = in->pctx_ops->dup(in->pctx);
if (!out->pctx) {
crypto/digest/md32_common.h
+50 -52
View File
@@ -58,54 +58,49 @@ extern "C" {
#define asm __asm__
/* This is a generic 32-bit "collector" for message digest algorithms. It
* collects input character stream into chunks of 32-bit values and invokes the
* block function that performs the actual hash calculations. To make use of
* this mechanism, the following macros must be defined before including
* md32_common.h.
/* This is a generic 32 bit "collector" for message digest algorithms.
* Whenever needed it collects input character stream into chunks of
* 32 bit values and invokes a block function that performs actual hash
* calculations.
*
* One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
* defined to specify the byte order of the input stream.
* Porting guide.
*
* |HASH_CBLOCK| must be defined as the integer block size, in bytes.
* Obligatory macros:
*
* |HASH_CTX| must be defined as the name of the context structure, which must
* have at least the following members:
* DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
* this macro defines byte order of input stream.
* HASH_CBLOCK
* size of a unit chunk HASH_BLOCK operates on.
* HASH_LONG
* has to be at least 32 bit wide.
* HASH_CTX
* context structure that at least contains following
* members:
* typedef struct {
* ...
* HASH_LONG Nl,Nh;
* either {
* HASH_LONG data[HASH_LBLOCK];
* unsigned char data[HASH_CBLOCK];
* };
* unsigned int num;
* ...
* } HASH_CTX;
* data[] vector is expected to be zeroed upon first call to
* HASH_UPDATE.
* HASH_UPDATE
* name of "Update" function, implemented here.
* HASH_TRANSFORM
* name of "Transform" function, implemented here.
* HASH_FINAL
* name of "Final" function, implemented here.
* HASH_BLOCK_DATA_ORDER
* name of "block" function capable of treating *unaligned* input
* message in original (data) byte order, implemented externally.
* HASH_MAKE_STRING
* macro convering context variables to an ASCII hash string.
*
* typedef struct <name>_state_st {
* uint32_t h[<chaining length> / sizeof(uint32_t)];
* uint32_t Nl,Nh;
* uint32_t data[HASH_CBLOCK / sizeof(uint32_t)];
* unsigned int num
* ...
* } <NAME>_CTX;
*
* <chaining length> is the output length of the hash in bytes, before
* any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and SHA-512).
*
* |HASH_UPDATE| must be defined as the name of the "Update" function to
* generate.
*
* |HASH_TRANSFORM| must be defined as the the name of the "Transform"
* function to generate.
*
* |HASH_FINAL| must be defined as the name of "Final" function to generate.
*
* |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
* That function must be implemented manually. It must be capable of operating
* on *unaligned* input data in its original (data) byte order. It must have
* this signature:
*
* void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
* size_t num);
*
* It must update the hash state |state| with |num| blocks of data from |data|,
* where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
* |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
* and so will have |<chaining length> / sizeof(uint32_t)| elements.
*
* |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
* the hash state |c->h| into the output byte order, storing the result in |s|.
* <appro@fy.chalmers.se>
*/
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
@@ -115,6 +110,9 @@ extern "C" {
#ifndef HASH_CBLOCK
#error "HASH_CBLOCK must be defined!"
#endif
#ifndef HASH_LONG
#error "HASH_LONG must be defined!"
#endif
#ifndef HASH_CTX
#error "HASH_CTX must be defined!"
#endif
@@ -245,17 +243,17 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
{
const uint8_t *data=data_;
uint8_t *p;
uint32_t l;
HASH_LONG l;
size_t n;
if (len==0) return 1;
l=(c->Nl+(((uint32_t)len)<<3))&0xffffffffUL;
l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;
/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
* Wei Dai <weidai@eskimo.com> for pointing it out. */
if (l < c->Nl) /* overflow */
c->Nh++;
c->Nh+=(uint32_t)(len>>29); /* might cause compiler warning on 16-bit */
c->Nh+=(HASH_LONG)(len>>29); /* might cause compiler warning on 16-bit */
c->Nl=l;
n = c->num;
@@ -266,7 +264,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK)
{
memcpy (p+n,data,HASH_CBLOCK-n);
HASH_BLOCK_DATA_ORDER (c->h,p,1);
HASH_BLOCK_DATA_ORDER (c,p,1);
n = HASH_CBLOCK-n;
data += n;
len -= n;
@@ -284,7 +282,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
n = len/HASH_CBLOCK;
if (n > 0)
{
HASH_BLOCK_DATA_ORDER (c->h,data,n);
HASH_BLOCK_DATA_ORDER (c,data,n);
n *= HASH_CBLOCK;
data += n;
len -= n;
@@ -302,7 +300,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
void HASH_TRANSFORM (HASH_CTX *c, const uint8_t *data)
{
HASH_BLOCK_DATA_ORDER (c->h,data,1);
HASH_BLOCK_DATA_ORDER (c,data,1);
}
@@ -318,7 +316,7 @@ int HASH_FINAL (uint8_t *md, HASH_CTX *c)
{
memset (p+n,0,HASH_CBLOCK-n);
n=0;
HASH_BLOCK_DATA_ORDER (c->h,p,1);
HASH_BLOCK_DATA_ORDER (c,p,1);
}
memset (p+n,0,HASH_CBLOCK-8-n);
@@ -331,7 +329,7 @@ int HASH_FINAL (uint8_t *md, HASH_CTX *c)
(void)HOST_l2c(c->Nh,p);
#endif
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER (c->h,p,1);
HASH_BLOCK_DATA_ORDER (c,p,1);
c->num=0;
memset (p,0,HASH_CBLOCK);
crypto/dsa/CMakeLists.txt
+2 -2
View File
@@ -1,4 +1,4 @@
include_directories(../../include)
include_directories(. .. ../../include)
add_library(
dsa
@@ -6,6 +6,7 @@ add_library(
OBJECT
dsa.c
dsa_impl.c
dsa_asn1.c
)
@@ -18,4 +19,3 @@ add_executable(
)
target_link_libraries(dsa_test crypto)
add_dependencies(all_tests dsa_test)
crypto/dsa/dsa.c
+44 -609
View File
@@ -62,30 +62,24 @@
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/digest.h>
#include <openssl/engine.h>
#include <openssl/err.h>
#include <openssl/ex_data.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <openssl/thread.h>
#include "internal.h"
#include "../internal.h"
#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
* Rabin-Miller */
#define DSS_prime_checks 50
extern const DSA_METHOD DSA_default_method;
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
DSA *DSA_new(void) {
DSA *DSA_new(void) { return DSA_new_method(NULL); }
DSA *DSA_new_method(const ENGINE *engine) {
DSA *dsa = (DSA *)OPENSSL_malloc(sizeof(DSA));
if (dsa == NULL) {
OPENSSL_PUT_ERROR(DSA, ERR_R_MALLOC_FAILURE);
@@ -94,13 +88,29 @@ DSA *DSA_new(void) {
memset(dsa, 0, sizeof(DSA));
if (engine) {
dsa->meth = ENGINE_get_DSA_method(engine);
}
if (dsa->meth == NULL) {
dsa->meth = (DSA_METHOD*) &DSA_default_method;
}
METHOD_ref(dsa->meth);
dsa->write_params = 1;
dsa->references = 1;
CRYPTO_MUTEX_init(&dsa->method_mont_p_lock);
if (!CRYPTO_new_ex_data(&g_ex_data_class, dsa, &dsa->ex_data)) {
CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock);
METHOD_unref(dsa->meth);
OPENSSL_free(dsa);
return NULL;
}
if (dsa->meth->init && !dsa->meth->init(dsa)) {
CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);
METHOD_unref(dsa->meth);
OPENSSL_free(dsa);
return NULL;
}
@@ -117,6 +127,11 @@ void DSA_free(DSA *dsa) {
return;
}
if (dsa->meth->finish) {
dsa->meth->finish(dsa);
}
METHOD_unref(dsa->meth);
CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);
BN_clear_free(dsa->p);
@@ -126,7 +141,6 @@ void DSA_free(DSA *dsa) {
BN_clear_free(dsa->priv_key);
BN_clear_free(dsa->kinv);
BN_clear_free(dsa->r);
BN_MONT_CTX_free(dsa->method_mont_p);
CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock);
OPENSSL_free(dsa);
}
@@ -139,319 +153,19 @@ int DSA_up_ref(DSA *dsa) {
int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
size_t seed_len, int *out_counter,
unsigned long *out_h, BN_GENCB *cb) {
int ok = 0;
unsigned char seed[SHA256_DIGEST_LENGTH];
unsigned char md[SHA256_DIGEST_LENGTH];
unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
BIGNUM *r0, *W, *X, *c, *test;
BIGNUM *g = NULL, *q = NULL, *p = NULL;
BN_MONT_CTX *mont = NULL;
int k, n = 0, m = 0;
unsigned i;
int counter = 0;
int r = 0;
BN_CTX *ctx = NULL;
unsigned int h = 2;
unsigned qsize;
const EVP_MD *evpmd;
evpmd = (bits >= 2048) ? EVP_sha256() : EVP_sha1();
qsize = EVP_MD_size(evpmd);
if (bits < 512) {
bits = 512;
if (dsa->meth->generate_parameters) {
return dsa->meth->generate_parameters(dsa, bits, seed_in, seed_len,
out_counter, out_h, cb);
}
bits = (bits + 63) / 64 * 64;
if (seed_in != NULL) {
if (seed_len < (size_t)qsize) {
return 0;
}
if (seed_len > (size_t)qsize) {
/* Only consume as much seed as is expected. */
seed_len = qsize;
}
memcpy(seed, seed_in, seed_len);
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
mont = BN_MONT_CTX_new();
if (mont == NULL) {
goto err;
}
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
c = BN_CTX_get(ctx);
p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
if (test == NULL || !BN_lshift(test, BN_value_one(), bits - 1)) {
goto err;
}
for (;;) {
/* Find q. */
for (;;) {
/* step 1 */
if (!BN_GENCB_call(cb, 0, m++)) {
goto err;
}
int use_random_seed = (seed_in == NULL);
if (use_random_seed) {
if (!RAND_bytes(seed, qsize)) {
goto err;
}
} else {
/* If we come back through, use random seed next time. */
seed_in = NULL;
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
/* precompute "SEED + 1" for step 7: */
for (i = qsize - 1; i < qsize; i--) {
buf[i]++;
if (buf[i] != 0) {
break;
}
}
/* step 2 */
if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL) ||
!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) {
goto err;
}
for (i = 0; i < qsize; i++) {
md[i] ^= buf2[i];
}
/* step 3 */
md[0] |= 0x80;
md[qsize - 1] |= 0x01;
if (!BN_bin2bn(md, qsize, q)) {
goto err;
}
/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb);
if (r > 0) {
break;
}
if (r != 0) {
goto err;
}
/* do a callback call */
/* step 5 */
}
if (!BN_GENCB_call(cb, 2, 0) || !BN_GENCB_call(cb, 3, 0)) {
goto err;
}
/* step 6 */
counter = 0;
/* "offset = 2" */
n = (bits - 1) / 160;
for (;;) {
if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) {
goto err;
}
/* step 7 */
BN_zero(W);
/* now 'buf' contains "SEED + offset - 1" */
for (k = 0; k <= n; k++) {
/* obtain "SEED + offset + k" by incrementing: */
for (i = qsize - 1; i < qsize; i--) {
buf[i]++;
if (buf[i] != 0) {
break;
}
}
if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) {
goto err;
}
/* step 8 */
if (!BN_bin2bn(md, qsize, r0) ||
!BN_lshift(r0, r0, (qsize << 3) * k) ||
!BN_add(W, W, r0)) {
goto err;
}
}
/* more of step 8 */
if (!BN_mask_bits(W, bits - 1) ||
!BN_copy(X, W) ||
!BN_add(X, X, test)) {
goto err;
}
/* step 9 */
if (!BN_lshift1(r0, q) ||
!BN_mod(c, X, r0, ctx) ||
!BN_sub(r0, c, BN_value_one()) ||
!BN_sub(p, X, r0)) {
goto err;
}
/* step 10 */
if (BN_cmp(p, test) >= 0) {
/* step 11 */
r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
if (r > 0) {
goto end; /* found it */
}
if (r != 0) {
goto err;
}
}
/* step 13 */
counter++;
/* "offset = offset + n + 1" */
/* step 14 */
if (counter >= 4096) {
break;
}
}
}
end:
if (!BN_GENCB_call(cb, 2, 1)) {
goto err;
}
/* We now need to generate g */
/* Set r0=(p-1)/q */
if (!BN_sub(test, p, BN_value_one()) ||
!BN_div(r0, NULL, test, q, ctx)) {
goto err;
}
if (!BN_set_word(test, h) ||
!BN_MONT_CTX_set(mont, p, ctx)) {
goto err;
}
for (;;) {
/* g=test^r0%p */
if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) {
goto err;
}
if (!BN_is_one(g)) {
break;
}
if (!BN_add(test, test, BN_value_one())) {
goto err;
}
h++;
}
if (!BN_GENCB_call(cb, 3, 1)) {
goto err;
}
ok = 1;
err:
if (ok) {
BN_free(dsa->p);
BN_free(dsa->q);
BN_free(dsa->g);
dsa->p = BN_dup(p);
dsa->q = BN_dup(q);
dsa->g = BN_dup(g);
if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
ok = 0;
goto err;
}
if (out_counter != NULL) {
*out_counter = counter;
}
if (out_h != NULL) {
*out_h = h;
}
}
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_MONT_CTX_free(mont);
return ok;
return DSA_default_method.generate_parameters(dsa, bits, seed_in, seed_len,
out_counter, out_h, cb);
}
int DSA_generate_key(DSA *dsa) {
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
BIGNUM prk;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
if (dsa->meth->keygen) {
return dsa->meth->keygen(dsa);
}
priv_key = dsa->priv_key;
if (priv_key == NULL) {
priv_key = BN_new();
if (priv_key == NULL) {
goto err;
}
}
do {
if (!BN_rand_range(priv_key, dsa->q)) {
goto err;
}
} while (BN_is_zero(priv_key));
pub_key = dsa->pub_key;
if (pub_key == NULL) {
pub_key = BN_new();
if (pub_key == NULL) {
goto err;
}
}
BN_init(&prk);
BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(pub_key, dsa->g, &prk, dsa->p, ctx)) {
goto err;
}
dsa->priv_key = priv_key;
dsa->pub_key = pub_key;
ok = 1;
err:
if (dsa->pub_key == NULL) {
BN_free(pub_key);
}
if (dsa->priv_key == NULL) {
BN_free(priv_key);
}
BN_CTX_free(ctx);
return ok;
return DSA_default_method.keygen(dsa);
}
DSA_SIG *DSA_SIG_new(void) {
@@ -476,99 +190,10 @@ void DSA_SIG_free(DSA_SIG *sig) {
}
DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, DSA *dsa) {
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
BIGNUM m;
BIGNUM xr;
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
int noredo = 0;
BN_init(&m);
BN_init(&xr);
if (!dsa->p || !dsa->q || !dsa->g) {
reason = DSA_R_MISSING_PARAMETERS;
goto err;
if (dsa->meth->sign) {
return dsa->meth->sign(digest, digest_len, dsa);
}
s = BN_new();
if (s == NULL) {
goto err;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
redo:
if (dsa->kinv == NULL || dsa->r == NULL) {
if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) {
goto err;
}
} else {
kinv = dsa->kinv;
dsa->kinv = NULL;
r = dsa->r;
dsa->r = NULL;
noredo = 1;
}
if (digest_len > BN_num_bytes(dsa->q)) {
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
digest_len = BN_num_bytes(dsa->q);
}
if (BN_bin2bn(digest, digest_len, &m) == NULL) {
goto err;
}
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) {
goto err; /* s = xr */
}
if (!BN_add(s, &xr, &m)) {
goto err; /* s = m + xr */
}
if (BN_cmp(s, dsa->q) > 0) {
if (!BN_sub(s, s, dsa->q)) {
goto err;
}
}
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) {
goto err;
}
ret = DSA_SIG_new();
if (ret == NULL) {
goto err;
}
/* Redo if r or s is zero as required by FIPS 186-3: this is
* very unlikely. */
if (BN_is_zero(r) || BN_is_zero(s)) {
if (noredo) {
reason = DSA_R_NEED_NEW_SETUP_VALUES;
goto err;
}
goto redo;
}
ret->r = r;
ret->s = s;
err:
if (!ret) {
OPENSSL_PUT_ERROR(DSA, reason);
BN_free(r);
BN_free(s);
}
BN_CTX_free(ctx);
BN_clear_free(&m);
BN_clear_free(&xr);
BN_clear_free(kinv);
return ret;
return DSA_default_method.sign(digest, digest_len, dsa);
}
int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig,
@@ -582,112 +207,11 @@ int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig,
int DSA_do_check_signature(int *out_valid, const uint8_t *digest,
size_t digest_len, DSA_SIG *sig, const DSA *dsa) {
BN_CTX *ctx;
BIGNUM u1, u2, t1;
BN_MONT_CTX *mont = NULL;
int ret = 0;
unsigned i;
*out_valid = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
return 0;
if (dsa->meth->verify) {
return dsa->meth->verify(out_valid, digest, digest_len, sig, dsa);
}
i = BN_num_bits(dsa->q);
/* fips 186-3 allows only different sizes for q */
if (i != 160 && i != 224 && i != 256) {
OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE);
return 0;
}
if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE);
return 0;
}
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, dsa->q) >= 0) {
ret = 1;
goto err;
}
if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
BN_ucmp(sig->s, dsa->q) >= 0) {
ret = 1;
goto err;
}
/* Calculate W = inv(S) mod Q
* save W in u2 */
if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) {
goto err;
}
/* save M in u1 */
if (digest_len > (i >> 3)) {
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
digest_len = (i >> 3);
}
if (BN_bin2bn(digest, digest_len, &u1) == NULL) {
goto err;
}
/* u1 = M * w mod q */
if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) {
goto err;
}
/* u2 = r * w mod q */
if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) {
goto err;
}
mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
(CRYPTO_MUTEX *)&dsa->method_mont_p_lock,
dsa->p, ctx);
if (!mont) {
goto err;
}
if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
mont)) {
goto err;
}
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
if (!BN_mod(&u1, &t1, dsa->q, ctx)) {
goto err;
}
/* V is now in u1. If the signature is correct, it will be
* equal to R. */
*out_valid = BN_ucmp(&u1, sig->r) == 0;
ret = 1;
err:
if (ret != 1) {
OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB);
}
BN_CTX_free(ctx);
BN_free(&u1);
BN_free(&u2);
BN_free(&t1);
return ret;
return DSA_default_method.verify(out_valid, digest, digest_len, sig, dsa);
}
int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
@@ -766,102 +290,13 @@ int DSA_size(const DSA *dsa) {
return ret;
}
int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx, BIGNUM **out_kinv,
BIGNUM **out_r) {
BN_CTX *ctx;
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
int ret = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
return 0;
if (dsa->meth->sign_setup) {
return dsa->meth->sign_setup(dsa, ctx, out_kinv, out_r, NULL, 0);
}
BN_init(&k);
BN_init(&kq);
ctx = ctx_in;
if (ctx == NULL) {
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
}
r = BN_new();
if (r == NULL) {
goto err;
}
/* Get random k */
do {
if (!BN_rand_range(&k, dsa->q)) {
goto err;
}
} while (BN_is_zero(&k));
BN_set_flags(&k, BN_FLG_CONSTTIME);
if (BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
(CRYPTO_MUTEX *)&dsa->method_mont_p_lock, dsa->p,
ctx) == NULL) {
goto err;
}
/* Compute r = (g^k mod p) mod q */
if (!BN_copy(&kq, &k)) {
goto err;
}
/* We do not want timing information to leak the length of k,
* so we compute g^k using an equivalent exponent of fixed length.
*
* (This is a kludge that we need because the BN_mod_exp_mont()
* does not let us specify the desired timing behaviour.) */
if (!BN_add(&kq, &kq, dsa->q)) {
goto err;
}
if (BN_num_bits(&kq) <= BN_num_bits(dsa->q) && !BN_add(&kq, &kq, dsa->q)) {
goto err;
}
K = &kq;
if (!BN_mod_exp_mont(r, dsa->g, K, dsa->p, ctx, dsa->method_mont_p)) {
goto err;
}
if (!BN_mod(r, r, dsa->q, ctx)) {
goto err;
}
/* Compute part of 's = inv(k) (m + xr) mod q' */
kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx);
if (kinv == NULL) {
goto err;
}
BN_clear_free(*out_kinv);
*out_kinv = kinv;
kinv = NULL;
BN_clear_free(*out_r);
*out_r = r;
ret = 1;
err:
if (!ret) {
OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB);
if (r != NULL) {
BN_clear_free(r);
}
}
if (ctx_in == NULL) {
BN_CTX_free(ctx);
}
BN_clear_free(&k);
BN_clear_free(&kq);
return ret;
return DSA_default_method.sign_setup(dsa, ctx, out_kinv, out_r, NULL, 0);
}
int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
crypto/dsa/dsa_impl.c
+750
View File
@@ -0,0 +1,750 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* The DSS routines are based on patches supplied by
* Steven Schoch <schoch@sheba.arc.nasa.gov>. */
#include <openssl/dsa.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <openssl/thread.h>
#include "internal.h"
#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
* Rabin-Miller */
#define DSS_prime_checks 50
static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp, const uint8_t *digest, size_t digest_len) {
BN_CTX *ctx;
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
int ret = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
return 0;
}
BN_init(&k);
BN_init(&kq);
ctx = ctx_in;
if (ctx == NULL) {
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
}
r = BN_new();
if (r == NULL) {
goto err;
}
/* Get random k */
do {
/* If possible, we'll include the private key and message digest in the k
* generation. The |digest| argument is only empty if |DSA_sign_setup| is
* being used. */
int ok;
if (digest_len > 0) {
ok = BN_generate_dsa_nonce(&k, dsa->q, dsa->priv_key, digest, digest_len,
ctx);
} else {
ok = BN_rand_range(&k, dsa->q);
}
if (!ok) {
goto err;
}
} while (BN_is_zero(&k));
BN_set_flags(&k, BN_FLG_CONSTTIME);
if (BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
(CRYPTO_MUTEX *)&dsa->method_mont_p_lock, dsa->p,
ctx) == NULL) {
goto err;
}
/* Compute r = (g^k mod p) mod q */
if (!BN_copy(&kq, &k)) {
goto err;
}
/* We do not want timing information to leak the length of k,
* so we compute g^k using an equivalent exponent of fixed length.
*
* (This is a kludge that we need because the BN_mod_exp_mont()
* does not let us specify the desired timing behaviour.) */
if (!BN_add(&kq, &kq, dsa->q)) {
goto err;
}
if (BN_num_bits(&kq) <= BN_num_bits(dsa->q) && !BN_add(&kq, &kq, dsa->q)) {
goto err;
}
K = &kq;
if (!BN_mod_exp_mont(r, dsa->g, K, dsa->p, ctx, dsa->method_mont_p)) {
goto err;
}
if (!BN_mod(r, r, dsa->q, ctx)) {
goto err;
}
/* Compute part of 's = inv(k) (m + xr) mod q' */
kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx);
if (kinv == NULL) {
goto err;
}
BN_clear_free(*kinvp);
*kinvp = kinv;
kinv = NULL;
BN_clear_free(*rp);
*rp = r;
ret = 1;
err:
if (!ret) {
OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB);
if (r != NULL) {
BN_clear_free(r);
}
}
if (ctx_in == NULL) {
BN_CTX_free(ctx);
}
BN_clear_free(&k);
BN_clear_free(&kq);
return ret;
}
static DSA_SIG *sign(const uint8_t *digest, size_t digest_len, DSA *dsa) {
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
BIGNUM m;
BIGNUM xr;
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
int noredo = 0;
BN_init(&m);
BN_init(&xr);
if (!dsa->p || !dsa->q || !dsa->g) {
reason = DSA_R_MISSING_PARAMETERS;
goto err;
}
s = BN_new();
if (s == NULL) {
goto err;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
redo:
if (dsa->kinv == NULL || dsa->r == NULL) {
if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) {
goto err;
}
} else {
kinv = dsa->kinv;
dsa->kinv = NULL;
r = dsa->r;
dsa->r = NULL;
noredo = 1;
}
if (digest_len > BN_num_bytes(dsa->q)) {
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
digest_len = BN_num_bytes(dsa->q);
}
if (BN_bin2bn(digest, digest_len, &m) == NULL) {
goto err;
}
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) {
goto err; /* s = xr */
}
if (!BN_add(s, &xr, &m)) {
goto err; /* s = m + xr */
}
if (BN_cmp(s, dsa->q) > 0) {
if (!BN_sub(s, s, dsa->q)) {
goto err;
}
}
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) {
goto err;
}
ret = DSA_SIG_new();
if (ret == NULL) {
goto err;
}
/* Redo if r or s is zero as required by FIPS 186-3: this is
* very unlikely. */
if (BN_is_zero(r) || BN_is_zero(s)) {
if (noredo) {
reason = DSA_R_NEED_NEW_SETUP_VALUES;
goto err;
}
goto redo;
}
ret->r = r;
ret->s = s;
err:
if (!ret) {
OPENSSL_PUT_ERROR(DSA, reason);
BN_free(r);
BN_free(s);
}
BN_CTX_free(ctx);
BN_clear_free(&m);
BN_clear_free(&xr);
BN_clear_free(kinv);
return ret;
}
static int verify(int *out_valid, const uint8_t *dgst, size_t digest_len,
DSA_SIG *sig, const DSA *dsa) {
BN_CTX *ctx;
BIGNUM u1, u2, t1;
BN_MONT_CTX *mont = NULL;
int ret = 0;
unsigned i;
*out_valid = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
return 0;
}
i = BN_num_bits(dsa->q);
/* fips 186-3 allows only different sizes for q */
if (i != 160 && i != 224 && i != 256) {
OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE);
return 0;
}
if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE);
return 0;
}
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
BN_ucmp(sig->r, dsa->q) >= 0) {
ret = 1;
goto err;
}
if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
BN_ucmp(sig->s, dsa->q) >= 0) {
ret = 1;
goto err;
}
/* Calculate W = inv(S) mod Q
* save W in u2 */
if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) {
goto err;
}
/* save M in u1 */
if (digest_len > (i >> 3)) {
/* if the digest length is greater than the size of q use the
* BN_num_bits(dsa->q) leftmost bits of the digest, see
* fips 186-3, 4.2 */
digest_len = (i >> 3);
}
if (BN_bin2bn(dgst, digest_len, &u1) == NULL) {
goto err;
}
/* u1 = M * w mod q */
if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) {
goto err;
}
/* u2 = r * w mod q */
if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) {
goto err;
}
mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
(CRYPTO_MUTEX *)&dsa->method_mont_p_lock,
dsa->p, ctx);
if (!mont) {
goto err;
}
if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
mont)) {
goto err;
}
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
if (!BN_mod(&u1, &t1, dsa->q, ctx)) {
goto err;
}
/* V is now in u1. If the signature is correct, it will be
* equal to R. */
*out_valid = BN_ucmp(&u1, sig->r) == 0;
ret = 1;
err:
if (ret != 1) {
OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB);
}
BN_CTX_free(ctx);
BN_free(&u1);
BN_free(&u2);
BN_free(&t1);
return ret;
}
static int keygen(DSA *dsa) {
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
BIGNUM prk;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
priv_key = dsa->priv_key;
if (priv_key == NULL) {
priv_key = BN_new();
if (priv_key == NULL) {
goto err;
}
}
do {
if (!BN_rand_range(priv_key, dsa->q)) {
goto err;
}
} while (BN_is_zero(priv_key));
pub_key = dsa->pub_key;
if (pub_key == NULL) {
pub_key = BN_new();
if (pub_key == NULL) {
goto err;
}
}
BN_init(&prk);
BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(pub_key, dsa->g, &prk, dsa->p, ctx)) {
goto err;
}
dsa->priv_key = priv_key;
dsa->pub_key = pub_key;
ok = 1;
err:
if (dsa->pub_key == NULL) {
BN_free(pub_key);
}
if (dsa->priv_key == NULL) {
BN_free(priv_key);
}
BN_CTX_free(ctx);
return ok;
}
static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in,
size_t seed_len, int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb) {
int ok = 0;
unsigned char seed[SHA256_DIGEST_LENGTH];
unsigned char md[SHA256_DIGEST_LENGTH];
unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
BIGNUM *r0, *W, *X, *c, *test;
BIGNUM *g = NULL, *q = NULL, *p = NULL;
BN_MONT_CTX *mont = NULL;
int k, n = 0, m = 0;
unsigned i;
int counter = 0;
int r = 0;
BN_CTX *ctx = NULL;
unsigned int h = 2;
unsigned qbits, qsize;
const EVP_MD *evpmd;
if (bits >= 2048) {
qbits = 256;
evpmd = EVP_sha256();
} else {
qbits = 160;
evpmd = EVP_sha1();
}
qsize = qbits / 8;
if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
qsize != SHA256_DIGEST_LENGTH) {
/* invalid q size */
return 0;
}
if (bits < 512) {
bits = 512;
}
bits = (bits + 63) / 64 * 64;
/* NB: seed_len == 0 is special case: copy generated seed to
* seed_in if it is not NULL. */
if (seed_len && (seed_len < (size_t)qsize)) {
seed_in = NULL; /* seed buffer too small -- ignore */
}
if (seed_len > (size_t)qsize) {
seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
* but our internal buffers are restricted to 160 bits*/
}
if (seed_in != NULL) {
memcpy(seed, seed_in, seed_len);
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
mont = BN_MONT_CTX_new();
if (mont == NULL) {
goto err;
}
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
c = BN_CTX_get(ctx);
p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
if (test == NULL || !BN_lshift(test, BN_value_one(), bits - 1)) {
goto err;
}
for (;;) {
/* Find q. */
for (;;) {
int seed_is_random;
/* step 1 */
if (!BN_GENCB_call(cb, 0, m++)) {
goto err;
}
if (!seed_len) {
if (!RAND_bytes(seed, qsize)) {
goto err;
}
seed_is_random = 1;
} else {
seed_is_random = 0;
seed_len = 0; /* use random seed if 'seed_in' turns out to be bad*/
}
memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize);
/* precompute "SEED + 1" for step 7: */
for (i = qsize - 1; i < qsize; i--) {
buf[i]++;
if (buf[i] != 0) {
break;
}
}
/* step 2 */
if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL) ||
!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) {
goto err;
}
for (i = 0; i < qsize; i++) {
md[i] ^= buf2[i];
}
/* step 3 */
md[0] |= 0x80;
md[qsize - 1] |= 0x01;
if (!BN_bin2bn(md, qsize, q)) {
goto err;
}
/* step 4 */
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb);
if (r > 0) {
break;
}
if (r != 0) {
goto err;
}
/* do a callback call */
/* step 5 */
}
if (!BN_GENCB_call(cb, 2, 0) || !BN_GENCB_call(cb, 3, 0)) {
goto err;
}
/* step 6 */
counter = 0;
/* "offset = 2" */
n = (bits - 1) / 160;
for (;;) {
if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) {
goto err;
}
/* step 7 */
BN_zero(W);
/* now 'buf' contains "SEED + offset - 1" */
for (k = 0; k <= n; k++) {
/* obtain "SEED + offset + k" by incrementing: */
for (i = qsize - 1; i < qsize; i--) {
buf[i]++;
if (buf[i] != 0) {
break;
}
}
if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) {
goto err;
}
/* step 8 */
if (!BN_bin2bn(md, qsize, r0) ||
!BN_lshift(r0, r0, (qsize << 3) * k) ||
!BN_add(W, W, r0)) {
goto err;
}
}
/* more of step 8 */
if (!BN_mask_bits(W, bits - 1) ||
!BN_copy(X, W) ||
!BN_add(X, X, test)) {
goto err;
}
/* step 9 */
if (!BN_lshift1(r0, q) ||
!BN_mod(c, X, r0, ctx) ||
!BN_sub(r0, c, BN_value_one()) ||
!BN_sub(p, X, r0)) {
goto err;
}
/* step 10 */
if (BN_cmp(p, test) >= 0) {
/* step 11 */
r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
if (r > 0) {
goto end; /* found it */
}
if (r != 0) {
goto err;
}
}
/* step 13 */
counter++;
/* "offset = offset + n + 1" */
/* step 14 */
if (counter >= 4096) {
break;
}
}
}
end:
if (!BN_GENCB_call(cb, 2, 1)) {
goto err;
}
/* We now need to generate g */
/* Set r0=(p-1)/q */
if (!BN_sub(test, p, BN_value_one()) ||
!BN_div(r0, NULL, test, q, ctx)) {
goto err;
}
if (!BN_set_word(test, h) ||
!BN_MONT_CTX_set(mont, p, ctx)) {
goto err;
}
for (;;) {
/* g=test^r0%p */
if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) {
goto err;
}
if (!BN_is_one(g)) {
break;
}
if (!BN_add(test, test, BN_value_one())) {
goto err;
}
h++;
}
if (!BN_GENCB_call(cb, 3, 1)) {
goto err;
}
ok = 1;
err:
if (ok) {
BN_free(ret->p);
BN_free(ret->q);
BN_free(ret->g);
ret->p = BN_dup(p);
ret->q = BN_dup(q);
ret->g = BN_dup(g);
if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
ok = 0;
goto err;
}
if (counter_ret != NULL) {
*counter_ret = counter;
}
if (h_ret != NULL) {
*h_ret = h;
}
}
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_MONT_CTX_free(mont);
return ok;
}
static int finish(DSA *dsa) {
BN_MONT_CTX_free(dsa->method_mont_p);
dsa->method_mont_p = NULL;
return 1;
}
const struct dsa_method DSA_default_method = {
{
0 /* references */,
1 /* is_static */,
},
NULL /* app_data */,
NULL /* init */,
finish /* finish */,
sign,
sign_setup,
verify,
paramgen,
keygen,
};
crypto/ec/CMakeLists.txt
+2 -17
View File
@@ -1,12 +1,4 @@
include_directories(../../include)
if (${ARCH} STREQUAL "x86_64")
set(
EC_ARCH_SOURCES
p256-x86_64-asm.${ASM_EXT}
)
endif()
include_directories(. .. ../../include)
add_library(
ec
@@ -18,18 +10,12 @@ add_library(
ec_key.c
ec_montgomery.c
oct.c
p224-64.c
p256-64.c
p256-x86_64.c
simple.c
util-64.c
simple.c
wnaf.c
${EC_ARCH_SOURCES}
)
perlasm(p256-x86_64-asm.${ASM_EXT} asm/p256-x86_64-asm.pl)
add_executable(
example_mul
@@ -48,4 +34,3 @@ add_executable(
target_link_libraries(example_mul crypto)
target_link_libraries(ec_test crypto)
add_dependencies(all_tests example_mul ec_test)
crypto/ec/asm/p256-x86_64-asm.pl
-2966
View File
File diff suppressed because it is too large Load Diff
crypto/ec/ec.c
+123 -159
View File
@@ -67,7 +67,6 @@
#include <openssl/ec.h>
#include <assert.h>
#include <string.h>
#include <openssl/bn.h>
@@ -76,7 +75,6 @@
#include <openssl/obj.h>
#include "internal.h"
#include "../internal.h"
static const struct curve_data P224 = {
@@ -220,104 +218,21 @@ static const struct curve_data P521 = {
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09}};
/* MSan appears to have a bug that causes code to be miscompiled in opt mode.
* While that is being looked at, don't run the uint128_t code under MSan. */
#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) && \
!defined(MEMORY_SANITIZER)
#define BORINGSSL_USE_INT128_CODE
#endif
const struct built_in_curve OPENSSL_built_in_curves[] = {
{NID_secp521r1, &P521, 0},
{NID_secp384r1, &P384, 0},
{NID_secp224r1, &P224, 0},
{
NID_X9_62_prime256v1, &P256,
#if defined(BORINGSSL_USE_INT128_CODE)
#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
!defined(OPENSSL_SMALL)
EC_GFp_nistz256_method,
#else
#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS)
EC_GFp_nistp256_method,
#endif
#else
0,
#endif
},
{
NID_secp224r1, &P224,
#if defined(BORINGSSL_USE_INT128_CODE) && !defined(OPENSSL_SMALL)
EC_GFp_nistp224_method,
#else
0,
#endif
},
{NID_secp384r1, &P384, 0},
{NID_secp521r1, &P521, 0},
{NID_undef, 0, 0},
};
/* built_in_curve_scalar_field_monts contains Montgomery contexts for
* performing inversions in the scalar fields of each of the built-in
* curves. It's protected by |built_in_curve_scalar_field_monts_once|. */
static const BN_MONT_CTX **built_in_curve_scalar_field_monts;
static CRYPTO_once_t built_in_curve_scalar_field_monts_once;
static void built_in_curve_scalar_field_monts_init(void) {
unsigned num_built_in_curves;
for (num_built_in_curves = 0;; num_built_in_curves++) {
if (OPENSSL_built_in_curves[num_built_in_curves].nid == NID_undef) {
break;
}
}
assert(0 < num_built_in_curves);
built_in_curve_scalar_field_monts =
OPENSSL_malloc(sizeof(BN_MONT_CTX *) * num_built_in_curves);
if (built_in_curve_scalar_field_monts == NULL) {
return;
}
BIGNUM *order = BN_new();
BN_CTX *bn_ctx = BN_CTX_new();
BN_MONT_CTX *mont_ctx = NULL;
if (bn_ctx == NULL ||
order == NULL) {
goto err;
}
unsigned i;
for (i = 0; i < num_built_in_curves; i++) {
const struct curve_data *curve = OPENSSL_built_in_curves[i].data;
const unsigned param_len = curve->param_len;
const uint8_t *params = curve->data;
mont_ctx = BN_MONT_CTX_new();
if (mont_ctx == NULL) {
goto err;
}
if (!BN_bin2bn(params + 5 * param_len, param_len, order) ||
!BN_MONT_CTX_set(mont_ctx, order, bn_ctx)) {
goto err;
}
built_in_curve_scalar_field_monts[i] = mont_ctx;
mont_ctx = NULL;
}
goto out;
err:
BN_MONT_CTX_free(mont_ctx);
OPENSSL_free((BN_MONT_CTX**) built_in_curve_scalar_field_monts);
built_in_curve_scalar_field_monts = NULL;
out:
BN_free(order);
BN_CTX_free(bn_ctx);
}
EC_GROUP *ec_group_new(const EC_METHOD *meth) {
EC_GROUP *ret;
@@ -409,23 +324,25 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
return 1;
}
static EC_GROUP *ec_group_new_from_data(unsigned built_in_index) {
const struct built_in_curve *curve = &OPENSSL_built_in_curves[built_in_index];
static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
EC_GROUP *group = NULL;
EC_POINT *P = NULL;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
const EC_METHOD *meth;
int ok = 0;
unsigned param_len;
const EC_METHOD *meth;
const struct curve_data *data;
const uint8_t *params;
BN_CTX *ctx = BN_CTX_new();
if (ctx == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
goto err;
}
const struct curve_data *data = curve->data;
const unsigned param_len = data->param_len;
const uint8_t *params = data->data;
data = curve->data;
param_len = data->param_len;
params = data->data;
if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
!(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
@@ -469,12 +386,6 @@ static EC_GROUP *ec_group_new_from_data(unsigned built_in_index) {
goto err;
}
CRYPTO_once(&built_in_curve_scalar_field_monts_once,
built_in_curve_scalar_field_monts_init);
if (built_in_curve_scalar_field_monts != NULL) {
group->mont_data = built_in_curve_scalar_field_monts[built_in_index];
}
group->generator = P;
P = NULL;
ok = 1;
@@ -502,7 +413,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) {
for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) {
curve = &OPENSSL_built_in_curves[i];
if (curve->nid == nid) {
ret = ec_group_new_from_data(i);
ret = ec_group_new_from_data(curve);
break;
}
}
@@ -549,7 +460,6 @@ int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) {
ec_pre_comp_free(dest->pre_comp);
dest->pre_comp = ec_pre_comp_dup(src->pre_comp);
dest->mont_data = src->mont_data;
if (src->generator != NULL) {
if (dest->generator == NULL) {
@@ -562,8 +472,11 @@ int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) {
return 0;
}
} else {
EC_POINT_clear_free(dest->generator);
dest->generator = NULL;
/* src->generator == NULL */
if (dest->generator != NULL) {
EC_POINT_clear_free(dest->generator);
dest->generator = NULL;
}
}
if (!BN_copy(&dest->order, &src->order) ||
@@ -576,10 +489,6 @@ int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) {
return dest->meth->group_copy(dest, src);
}
const BN_MONT_CTX *ec_group_get_mont_data(const EC_GROUP *group) {
return group->mont_data;
}
EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) {
EC_GROUP *t = NULL;
int ok = 0;
@@ -636,17 +545,30 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p, BIGNUM *out_a,
BIGNUM *out_b, BN_CTX *ctx) {
return ec_GFp_simple_group_get_curve(group, out_p, out_a, out_b, ctx);
if (group->meth->group_get_curve == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_get_curve(group, out_p, out_a, out_b, ctx);
}
int EC_GROUP_get_curve_name(const EC_GROUP *group) { return group->curve_name; }
unsigned EC_GROUP_get_degree(const EC_GROUP *group) {
return ec_GFp_simple_group_get_degree(group);
int EC_GROUP_get_degree(const EC_GROUP *group) {
if (group->meth->group_get_degree == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_get_degree(group);
}
int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) {
if (group->meth->precompute_mult != NULL) {
if (group->meth->mul == 0) {
/* use default */
return ec_wNAF_precompute_mult(group, ctx);
}
if (group->meth->precompute_mult != 0) {
return group->meth->precompute_mult(group, ctx);
}
@@ -654,10 +576,16 @@ int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) {
}
int EC_GROUP_have_precompute_mult(const EC_GROUP *group) {
if (group->pre_comp != NULL) {
return 1;
if (group->meth->mul == 0) {
/* use default */
return ec_wNAF_have_precompute_mult(group);
}
return 0;
if (group->meth->have_precompute_mult != 0) {
return group->meth->have_precompute_mult(group);
}
return 0; /* cannot tell whether precomputation has been performed */
}
EC_POINT *EC_POINT_new(const EC_GROUP *group) {
@@ -667,6 +595,10 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (group->meth->point_init == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return NULL;
}
ret = OPENSSL_malloc(sizeof *ret);
if (ret == NULL) {
@@ -676,7 +608,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) {
ret->meth = group->meth;
if (!ec_GFp_simple_point_init(ret)) {
if (!ret->meth->point_init(ret)) {
OPENSSL_free(ret);
return NULL;
}
@@ -689,8 +621,9 @@ void EC_POINT_free(EC_POINT *point) {
return;
}
ec_GFp_simple_point_finish(point);
if (point->meth->point_finish != 0) {
point->meth->point_finish(point);
}
OPENSSL_free(point);
}
@@ -699,13 +632,20 @@ void EC_POINT_clear_free(EC_POINT *point) {
return;
}
ec_GFp_simple_point_clear_finish(point);
if (point->meth->point_clear_finish != 0) {
point->meth->point_clear_finish(point);
} else if (point->meth->point_finish != 0) {
point->meth->point_finish(point);
}
OPENSSL_cleanse(point, sizeof *point);
OPENSSL_free(point);
}
int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) {
if (dest->meth->point_copy == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (dest->meth != src->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
@@ -713,7 +653,7 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) {
if (dest == src) {
return 1;
}
return ec_GFp_simple_point_copy(dest, src);
return dest->meth->point_copy(dest, src);
}
EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) {
@@ -739,58 +679,82 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) {
}
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) {
if (group->meth->point_set_to_infinity == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_point_set_to_infinity(group, point);
return group->meth->point_set_to_infinity(group, point);
}
int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) {
if (group->meth->is_at_infinity == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_is_at_infinity(group, point);
return group->meth->is_at_infinity(group, point);
}
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx) {
if (group->meth->is_on_curve == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_is_on_curve(group, point, ctx);
return group->meth->is_on_curve(group, point, ctx);
}
int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
BN_CTX *ctx) {
if (group->meth->point_cmp == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
}
if ((group->meth != a->meth) || (a->meth != b->meth)) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return -1;
}
return ec_GFp_simple_cmp(group, a, b, ctx);
return group->meth->point_cmp(group, a, b, ctx);
}
int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) {
if (group->meth->make_affine == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_make_affine(group, point, ctx);
return group->meth->make_affine(group, point, ctx);
}
int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
BN_CTX *ctx) {
size_t i;
if (group->meth->points_make_affine == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
for (i = 0; i < num; i++) {
if (group->meth != points[i]->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
}
return ec_GFp_simple_points_make_affine(group, num, points, ctx);
return group->meth->points_make_affine(group, num, points, ctx);
}
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
@@ -810,49 +774,56 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y,
BN_CTX *ctx) {
if (group->meth->point_set_affine_coordinates == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
if (!ec_GFp_simple_point_set_affine_coordinates(group, point, x, y, ctx)) {
return 0;
}
if (!EC_POINT_is_on_curve(group, point, ctx)) {
OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
}
int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
const EC_POINT *b, BN_CTX *ctx) {
if (group->meth->add == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if ((group->meth != r->meth) || (r->meth != a->meth) ||
(a->meth != b->meth)) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_add(group, r, a, b, ctx);
return group->meth->add(group, r, a, b, ctx);
}
int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
BN_CTX *ctx) {
if (group->meth->dbl == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if ((group->meth != r->meth) || (r->meth != a->meth)) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_dbl(group, r, a, ctx);
return group->meth->dbl(group, r, a, ctx);
}
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) {
if (group->meth->invert == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != a->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_invert(group, a, ctx);
return group->meth->invert(group, a, ctx);
}
int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
@@ -872,20 +843,9 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
BN_CTX *ctx) {
if (group->meth != r->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
size_t i;
for (i = 0; i < num; i++) {
if (points[i]->meth != r->meth) {
break;
}
}
if (i != num) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
if (group->meth->mul == 0) {
/* use default. Warning, not constant-time. */
return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
}
return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
@@ -894,12 +854,16 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y,
const BIGNUM *z, BN_CTX *ctx) {
if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_set_Jprojective_coordinates_GFp(group, point, x, y, z,
ctx);
return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y,
z, ctx);
}
void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) {}
crypto/ec/ec_asn1.c
+4 -8
View File
@@ -212,7 +212,7 @@ EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) {
for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) {
curve = &OPENSSL_built_in_curves[i];
const unsigned param_len = curve->data->param_len;
if ((unsigned) ecparams->order->length == param_len &&
if (ecparams->order->length == param_len &&
memcmp(ecparams->order->data, &curve->data->data[param_len * 5],
param_len) == 0) {
nid = curve->nid;
@@ -239,9 +239,8 @@ static EC_GROUP *d2i_ECPKParameters(EC_GROUP **groupp, const uint8_t **inp,
long len) {
EC_GROUP *group = NULL;
ECPKPARAMETERS *params = NULL;
const uint8_t *in = *inp;
params = d2i_ECPKPARAMETERS(NULL, &in, len);
params = d2i_ECPKPARAMETERS(NULL, inp, len);
if (params == NULL) {
OPENSSL_PUT_ERROR(EC, EC_R_D2I_ECPKPARAMETERS_FAILURE);
ECPKPARAMETERS_free(params);
@@ -261,7 +260,6 @@ static EC_GROUP *d2i_ECPKParameters(EC_GROUP **groupp, const uint8_t **inp,
}
ECPKPARAMETERS_free(params);
*inp = in;
return group;
}
@@ -282,13 +280,12 @@ static int i2d_ECPKParameters(const EC_GROUP *group, uint8_t **outp) {
return ret;
}
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **inp, long len) {
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) {
int ok = 0;
EC_KEY *ret = NULL;
EC_PRIVATEKEY *priv_key = NULL;
const uint8_t *in = *inp;
priv_key = d2i_EC_PRIVATEKEY(NULL, &in, len);
priv_key = d2i_EC_PRIVATEKEY(NULL, in, len);
if (priv_key == NULL) {
OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
return NULL;
@@ -367,7 +364,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **inp, long len) {
if (a) {
*a = ret;
}
*inp = in;
ok = 1;
err:
crypto/ec/ec_montgomery.c
+28 -3
View File
@@ -75,16 +75,41 @@
const EC_METHOD *EC_GFp_mont_method(void) {
static const EC_METHOD ret = {ec_GFp_mont_group_init,
static const EC_METHOD ret = {EC_FLAGS_DEFAULT_OCT,
ec_GFp_mont_group_init,
ec_GFp_mont_group_finish,
ec_GFp_mont_group_clear_finish,
ec_GFp_mont_group_copy,
ec_GFp_mont_group_set_curve,
ec_GFp_simple_group_get_curve,
ec_GFp_simple_group_get_degree,
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_point_init,
ec_GFp_simple_point_finish,
ec_GFp_simple_point_clear_finish,
ec_GFp_simple_point_copy,
ec_GFp_simple_point_set_to_infinity,
ec_GFp_simple_set_Jprojective_coordinates_GFp,
ec_GFp_simple_get_Jprojective_coordinates_GFp,
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
ec_wNAF_mul /* XXX: Not constant time. */,
ec_wNAF_precompute_mult,
0,
0,
0,
ec_GFp_simple_add,
ec_GFp_simple_dbl,
ec_GFp_simple_invert,
ec_GFp_simple_is_at_infinity,
ec_GFp_simple_is_on_curve,
ec_GFp_simple_cmp,
ec_GFp_simple_make_affine,
ec_GFp_simple_points_make_affine,
0 /* mul */,
0 /* precompute_mult */,
0 /* have_precompute_mult */,
ec_GFp_mont_field_mul,
ec_GFp_mont_field_sqr,
0 /* field_div */,
ec_GFp_mont_field_encode,
ec_GFp_mont_field_decode,
ec_GFp_mont_field_set_to_one};
crypto/ec/ec_test.cc
+3 -74
View File
@@ -23,6 +23,7 @@
#include <openssl/mem.h>
#include "../test/scoped_types.h"
#include "../test/stl_compat.h"
// kECKeyWithoutPublic is an ECPrivateKey with the optional publicKey field
@@ -79,7 +80,7 @@ static ScopedEC_KEY DecodeECPrivateKey(const uint8_t *in, size_t in_len) {
static bool EncodeECPrivateKey(std::vector<uint8_t> *out, EC_KEY *key) {
int len = i2d_ECPrivateKey(key, NULL);
out->resize(len);
uint8_t *outp = out->data();
uint8_t *outp = bssl::vector_data(out);
return i2d_ECPrivateKey(key, &outp) == len;
}
@@ -172,84 +173,12 @@ static bool TestZeroPadding() {
return true;
}
bool TestSetAffine(const int nid) {
ScopedEC_KEY key(EC_KEY_new_by_curve_name(nid));
if (!key) {
return false;
}
const EC_GROUP *const group = EC_KEY_get0_group(key.get());
if (!EC_KEY_generate_key(key.get())) {
fprintf(stderr, "EC_KEY_generate_key failed with nid %d\n", nid);
ERR_print_errors_fp(stderr);
return false;
}
if (!EC_POINT_is_on_curve(group, EC_KEY_get0_public_key(key.get()),
nullptr)) {
fprintf(stderr, "generated point is not on curve with nid %d", nid);
ERR_print_errors_fp(stderr);
return false;
}
ScopedBIGNUM x(BN_new());
ScopedBIGNUM y(BN_new());
if (!EC_POINT_get_affine_coordinates_GFp(group,
EC_KEY_get0_public_key(key.get()),
x.get(), y.get(), nullptr)) {
fprintf(stderr, "EC_POINT_get_affine_coordinates_GFp failed with nid %d\n",
nid);
ERR_print_errors_fp(stderr);
return false;
}
ScopedEC_POINT point(EC_POINT_new(group));
if (!point) {
return false;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point.get(), x.get(), y.get(),
nullptr)) {
fprintf(stderr, "EC_POINT_set_affine_coordinates_GFp failed with nid %d\n",
nid);
ERR_print_errors_fp(stderr);
return false;
}
// Subtract one from |y| to make the point no longer on the curve.
if (!BN_sub(y.get(), y.get(), BN_value_one())) {
return false;
}
ScopedEC_POINT invalid_point(EC_POINT_new(group));
if (!invalid_point) {
return false;
}
if (EC_POINT_set_affine_coordinates_GFp(group, invalid_point.get(), x.get(),
y.get(), nullptr)) {
fprintf(stderr,
"EC_POINT_set_affine_coordinates_GFp succeeded with invalid "
"coordinates with nid %d\n",
nid);
ERR_print_errors_fp(stderr);
return false;
}
return true;
}
int main(void) {
CRYPTO_library_init();
ERR_load_crypto_strings();
if (!Testd2i_ECPrivateKey() ||
!TestZeroPadding() ||
!TestSetAffine(NID_secp224r1) ||
!TestSetAffine(NID_X9_62_prime256v1) ||
!TestSetAffine(NID_secp384r1) ||
!TestSetAffine(NID_secp521r1)) {
!TestZeroPadding()) {
fprintf(stderr, "failed\n");
return 1;
}
crypto/ec/internal.h
+72 -16
View File
@@ -79,7 +79,13 @@ extern "C" {
#endif
/* Use default functions for poin2oct, oct2point and compressed coordinates */
#define EC_FLAGS_DEFAULT_OCT 0x1
struct ec_method_st {
/* Various method flags */
int flags;
/* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
int (*group_init)(EC_GROUP *);
void (*group_finish)(EC_GROUP *);
@@ -90,10 +96,66 @@ struct ec_method_st {
/* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *);
/* used by EC_POINT_get_affine_coordinates_GFp: */
/* used by EC_GROUP_get_degree: */
int (*group_get_degree)(const EC_GROUP *);
/* used by EC_GROUP_check: */
int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
/* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
int (*point_init)(EC_POINT *);
void (*point_finish)(EC_POINT *);
void (*point_clear_finish)(EC_POINT *);
int (*point_copy)(EC_POINT *, const EC_POINT *);
/* used by EC_POINT_set_to_infinity,
* EC_POINT_set_Jprojective_coordinates_GFp,
* EC_POINT_get_Jprojective_coordinates_GFp,
* EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
* EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
* EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
*/
int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y,
const BIGNUM *z, BN_CTX *);
int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *,
const EC_POINT *, BIGNUM *x,
BIGNUM *y, BIGNUM *z, BN_CTX *);
int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y,
BN_CTX *);
int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
BIGNUM *x, BIGNUM *y, BN_CTX *);
int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, int y_bit, BN_CTX *);
/* used by EC_POINT_point2oct, EC_POINT_oct2point: */
size_t (*point2oct)(const EC_GROUP *, const EC_POINT *,
point_conversion_form_t form, unsigned char *buf,
size_t len, BN_CTX *);
int (*oct2point)(const EC_GROUP *, EC_POINT *, const unsigned char *buf,
size_t len, BN_CTX *);
/* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
const EC_POINT *b, BN_CTX *);
int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
/* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
BN_CTX *);
/* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT * [],
BN_CTX *);
/* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
* EC_POINT_have_precompute_mult
@@ -102,15 +164,19 @@ struct ec_method_st {
size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
BN_CTX *);
int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
int (*have_precompute_mult)(const EC_GROUP *group);
/* internal functions */
/* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that the
* same implementations of point operations can be used with different
* optimized implementations of expensive field operations: */
/* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl'
* so that the same implementations of point operations can be used with
* different optimized implementations of expensive field operations: */
int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
BN_CTX *); /* e.g. to Montgomery */
@@ -134,7 +200,6 @@ struct ec_group_st {
int curve_name; /* optional NID for named curve */
struct ec_pre_comp_st *pre_comp;
const BN_MONT_CTX *mont_data; /* data for ECDSA inverse */
/* The following members are handled by the method functions,
* even if they appear generic */
@@ -165,15 +230,11 @@ struct ec_point_st {
EC_GROUP *ec_group_new(const EC_METHOD *meth);
int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src);
/* ec_group_get_mont_data returns a Montgomery context for operations in the
* scalar field of |group|. It may return NULL in the case that |group| is not
* a built-in group. */
const BN_MONT_CTX *ec_group_get_mont_data(const EC_GROUP *group);
int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
BN_CTX *);
int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
/* method functions in simple.c */
int ec_GFp_simple_group_init(EC_GROUP *);
@@ -184,7 +245,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
BIGNUM *b, BN_CTX *);
unsigned ec_GFp_simple_group_get_degree(const EC_GROUP *);
int ec_GFp_simple_group_get_degree(const EC_GROUP *);
int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
int ec_GFp_simple_point_init(EC_POINT *);
void ec_GFp_simple_point_finish(EC_POINT *);
@@ -258,13 +319,8 @@ void ec_GFp_nistp_points_make_affine_internal(
void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, uint8_t in);
const EC_METHOD *EC_GFp_nistp224_method(void);
const EC_METHOD *EC_GFp_nistp256_method(void);
/* Returns GFp methods using montgomery multiplication, with x86-64
* optimized P256. See http://eprint.iacr.org/2013/816. */
const EC_METHOD *EC_GFp_nistz256_method(void);
struct ec_key_st {
int version;
crypto/ec/oct.c
+31 -3
View File
@@ -277,21 +277,39 @@ err:
int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
const uint8_t *buf, size_t len, BN_CTX *ctx) {
if (group->meth->oct2point == 0 &&
!(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
}
return group->meth->oct2point(group, point, buf, len, ctx);
}
size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
point_conversion_form_t form, uint8_t *buf,
size_t len, BN_CTX *ctx) {
if (group->meth->point2oct == 0 &&
!(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
}
return group->meth->point2oct(group, point, form, buf, len, ctx);
}
int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
@@ -434,9 +452,19 @@ err:
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x,
int y_bit, BN_CTX *ctx) {
if (group->meth->point_set_compressed_coordinates == 0 &&
!(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return ec_GFp_simple_set_compressed_coordinates(group, point, x, y_bit, ctx);
if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
return ec_GFp_simple_set_compressed_coordinates(group, point, x, y_bit,
ctx);
}
return group->meth->point_set_compressed_coordinates(group, point, x, y_bit,
ctx);
}

Some files were not shown because too many files have changed in this diff Show More