1 /* $NetBSD: adiantum.c,v 1.7 2021/10/17 14:45:45 jmcneill Exp $ */ 2 3 /*- 4 * Copyright (c) 2020 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * The Adiantum wide-block cipher, from 31 * 32 * Paul Crowley and Eric Biggers, `Adiantum: length-preserving 33 * encryption for entry-level processors', IACR Transactions on 34 * Symmetric Cryptology 2018(4), pp. 39--61. 35 * 36 * https://doi.org/10.13154/tosc.v2018.i4.39-61 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(1, "$NetBSD: adiantum.c,v 1.7 2021/10/17 14:45:45 jmcneill Exp $"); 41 42 #include <sys/types.h> 43 #include <sys/endian.h> 44 45 #ifdef _KERNEL 46 47 #include <sys/module.h> 48 #include <sys/systm.h> 49 50 #include <lib/libkern/libkern.h> 51 52 #include <crypto/adiantum/adiantum.h> 53 #include <crypto/aes/aes.h> 54 #include <crypto/chacha/chacha.h> 55 56 #else /* !defined(_KERNEL) */ 57 58 #include <sys/cdefs.h> 59 60 #include <assert.h> 61 #include <stdint.h> 62 #include <stdio.h> 63 #include <string.h> 64 65 #include <openssl/aes.h> 66 67 struct aesenc { 68 AES_KEY enckey; 69 }; 70 71 struct aesdec { 72 AES_KEY deckey; 73 }; 74 75 #define AES_256_NROUNDS 14 76 #define aes_setenckey256(E, K) AES_set_encrypt_key((K), 256, &(E)->enckey) 77 #define aes_setdeckey256(D, K) AES_set_decrypt_key((K), 256, &(D)->deckey) 78 #define aes_enc(E, P, C, NR) AES_encrypt(P, C, &(E)->enckey) 79 #define aes_dec(D, C, P, NR) AES_decrypt(C, P, &(D)->deckey) 80 81 #include "adiantum.h" 82 83 #define CTASSERT __CTASSERT 84 #define KASSERT assert 85 #define MIN(x,y) ((x) < (y) ? (x) : (y)) 86 87 static void 88 hexdump(int (*prf)(const char *, ...) __printflike(1,2), const char *prefix, 89 const void *buf, size_t len) 90 { 91 const uint8_t *p = buf; 92 size_t i; 93 94 (*prf)("%s (%zu bytes)\n", prefix, len); 95 for (i = 0; i < len; i++) { 96 if (i % 16 == 8) 97 (*prf)(" "); 98 else 99 (*prf)(" "); 100 (*prf)("%02hhx", p[i]); 101 if ((i + 1) % 16 == 0) 102 (*prf)("\n"); 103 } 104 if (i % 16) 105 (*prf)("\n"); 106 } 107 108 #endif /* _KERNEL */ 109 110 /* Arithmetic modulo 2^128, represented by 16-digit strings in radix 2^8. */ 112 113 /* s := a + b (mod 2^128) */ 114 static inline void 115 add128(uint8_t s[restrict static 16], 116 const uint8_t a[static 16], const uint8_t b[static 16]) 117 { 118 unsigned i, c; 119 120 c = 0; 121 for (i = 0; i < 16; i++) { 122 c = a[i] + b[i] + c; 123 s[i] = c & 0xff; 124 c >>= 8; 125 } 126 } 127 128 /* s := a - b (mod 2^128) */ 129 static inline void 130 sub128(uint8_t d[restrict static 16], 131 const uint8_t a[static 16], const uint8_t b[static 16]) 132 { 133 unsigned i, c; 134 135 c = 0; 136 for (i = 0; i < 16; i++) { 137 c = a[i] - b[i] - c; 138 d[i] = c & 0xff; 139 c = 1 & (c >> 8); 140 } 141 } 142 143 static int 144 addsub128_selftest(void) 145 { 146 static const uint8_t zero[16] = { 147 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 148 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 149 }; 150 static const uint8_t one[16] = { 151 0x01,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 152 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 153 }; 154 static const uint8_t negativeone[16] = { 155 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 156 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 157 }; 158 static const uint8_t a[16] = { 159 0x03,0x80,0x00,0x00, 0x00,0x00,0x00,0x00, 160 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 161 }; 162 static const uint8_t b[16] = { 163 0x01,0x82,0x00,0x00, 0x00,0x00,0x00,0x00, 164 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 165 }; 166 static const uint8_t c[16] = { 167 0x02,0xfe,0xff,0xff, 0xff,0xff,0xff,0xff, 168 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 169 }; 170 uint8_t r[16]; 171 int result = 0; 172 173 sub128(r, zero, one); 174 if (memcmp(r, negativeone, 16)) { 175 hexdump(printf, "sub128 1", r, sizeof r); 176 result = -1; 177 } 178 179 sub128(r, a, b); 180 if (memcmp(r, c, 16)) { 181 hexdump(printf, "sub128 2", r, sizeof r); 182 result = -1; 183 } 184 185 return result; 186 } 187 188 /* Poly1305 */ 190 191 struct poly1305 { 192 uint32_t r[5]; /* evaluation point */ 193 uint32_t h[5]; /* value */ 194 }; 195 196 static void 197 poly1305_init(struct poly1305 *P, const uint8_t key[static 16]) 198 { 199 200 /* clamp */ 201 P->r[0] = (le32dec(key + 0) >> 0) & 0x03ffffff; 202 P->r[1] = (le32dec(key + 3) >> 2) & 0x03ffff03; 203 P->r[2] = (le32dec(key + 6) >> 4) & 0x03ffc0ff; 204 P->r[3] = (le32dec(key + 9) >> 6) & 0x03f03fff; 205 P->r[4] = (le32dec(key + 12) >> 8) & 0x000fffff; 206 207 /* initialize polynomial evaluation */ 208 P->h[0] = P->h[1] = P->h[2] = P->h[3] = P->h[4] = 0; 209 } 210 211 static void 212 poly1305_update_blocks(struct poly1305 *P, const uint8_t *m, size_t mlen) 213 { 214 uint32_t r0 = P->r[0]; 215 uint32_t r1 = P->r[1]; 216 uint32_t r2 = P->r[2]; 217 uint32_t r3 = P->r[3]; 218 uint32_t r4 = P->r[4]; 219 uint32_t h0 = P->h[0]; 220 uint32_t h1 = P->h[1]; 221 uint32_t h2 = P->h[2]; 222 uint32_t h3 = P->h[3]; 223 uint32_t h4 = P->h[4]; 224 uint32_t m0, m1, m2, m3, m4; /* 26-bit message chunks */ 225 uint64_t k0, k1, k2, k3, k4; /* 64-bit extension of h */ 226 uint64_t p0, p1, p2, p3, p4; /* columns of product */ 227 uint32_t c; /* carry */ 228 229 while (mlen) { 230 if (__predict_false(mlen < 16)) { 231 /* Handle padding for uneven last block. */ 232 uint8_t buf[16]; 233 unsigned i; 234 235 for (i = 0; i < mlen; i++) 236 buf[i] = m[i]; 237 buf[i++] = 1; 238 for (; i < 16; i++) 239 buf[i] = 0; 240 m0 = le32dec(buf + 0) >> 0; 241 m1 = le32dec(buf + 3) >> 2; 242 m2 = le32dec(buf + 6) >> 4; 243 m3 = le32dec(buf + 9) >> 6; 244 m4 = le32dec(buf + 12) >> 8; 245 mlen = 0; 246 247 explicit_memset(buf, 0, sizeof buf); 248 } else { 249 m0 = le32dec(m + 0) >> 0; 250 m1 = le32dec(m + 3) >> 2; 251 m2 = le32dec(m + 6) >> 4; 252 m3 = le32dec(m + 9) >> 6; 253 m4 = le32dec(m + 12) >> 8; 254 m4 |= 1u << 24; 255 m += 16; 256 mlen -= 16; 257 } 258 259 /* k := h + m, extended to 64 bits */ 260 k0 = h0 + (m0 & 0x03ffffff); 261 k1 = h1 + (m1 & 0x03ffffff); 262 k2 = h2 + (m2 & 0x03ffffff); 263 k3 = h3 + m3; 264 k4 = h4 + m4; 265 266 /* p := k * r = (h + m)*r mod 2^130 - 5 */ 267 p0 = r0*k0 + 5*r4*k1 + 5*r3*k2 + 5*r2*k3 + 5*r1*k4; 268 p1 = r1*k0 + r0*k1 + 5*r4*k2 + 5*r3*k3 + 5*r2*k4; 269 p2 = r2*k0 + r1*k1 + r0*k2 + 5*r4*k3 + 5*r3*k4; 270 p3 = r3*k0 + r2*k1 + r1*k2 + r0*k3 + 5*r4*k4; 271 p4 = r4*k0 + r3*k1 + r2*k2 + r1*k3 + r0*k4; 272 273 /* propagate carries and update h */ 274 p0 += 0; c = p0 >> 26; h0 = p0 & 0x03ffffff; 275 p1 += c; c = p1 >> 26; h1 = p1 & 0x03ffffff; 276 p2 += c; c = p2 >> 26; h2 = p2 & 0x03ffffff; 277 p3 += c; c = p3 >> 26; h3 = p3 & 0x03ffffff; 278 p4 += c; c = p4 >> 26; h4 = p4 & 0x03ffffff; 279 280 /* reduce 2^130 = 5 */ 281 h0 += c*5; c = h0 >> 26; h0 &= 0x03ffffff; 282 h1 += c; 283 } 284 285 /* update hash values */ 286 P->h[0] = h0; 287 P->h[1] = h1; 288 P->h[2] = h2; 289 P->h[3] = h3; 290 P->h[4] = h4; 291 } 292 293 static void 295 poly1305_final(uint8_t h[static 16], struct poly1305 *P) 296 { 297 uint32_t h0 = P->h[0]; 298 uint32_t h1 = P->h[1]; 299 uint32_t h2 = P->h[2]; 300 uint32_t h3 = P->h[3]; 301 uint32_t h4 = P->h[4]; 302 uint32_t s0, s1, s2, s3, s4; /* h - (2^130 - 5) */ 303 uint32_t m; /* mask */ 304 uint32_t c; 305 306 /* propagate carries */ 307 h1 += 0; c = h1 >> 26; h1 &= 0x03ffffff; 308 h2 += c; c = h2 >> 26; h2 &= 0x03ffffff; 309 h3 += c; c = h3 >> 26; h3 &= 0x03ffffff; 310 h4 += c; c = h4 >> 26; h4 &= 0x03ffffff; 311 312 /* reduce 2^130 = 5 */ 313 h0 += c*5; c = h0 >> 26; h0 &= 0x03ffffff; 314 h1 += c; 315 316 /* s := h - (2^130 - 5) */ 317 c = 5; 318 s0 = h0 + c; c = s0 >> 26; s0 &= 0x03ffffff; 319 s1 = h1 + c; c = s1 >> 26; s1 &= 0x03ffffff; 320 s2 = h2 + c; c = s2 >> 26; s2 &= 0x03ffffff; 321 s3 = h3 + c; c = s3 >> 26; s3 &= 0x03ffffff; 322 s4 = h4 + c; 323 s4 -= 0x04000000; 324 325 /* m := -1 if h < 2^130 - 5 else 0 */ 326 m = -(s4 >> 31); 327 328 /* conditional subtract */ 329 h0 = (m & h0) | (~m & s0); 330 h1 = (m & h1) | (~m & s1); 331 h2 = (m & h2) | (~m & s2); 332 h3 = (m & h3) | (~m & s3); 333 h4 = (m & h4) | (~m & s4); 334 335 /* reduce modulo 2^128 */ 336 le32enc(h + 0, ((h1 << 26) | (h0 >> 0)) & 0xffffffff); 337 le32enc(h + 4, ((h2 << 20) | (h1 >> 6)) & 0xffffffff); 338 le32enc(h + 8, ((h3 << 14) | (h2 >> 12)) & 0xffffffff); 339 le32enc(h + 12, ((h4 << 8) | (h3 >> 18)) & 0xffffffff); 340 } 341 342 static void 344 poly1305(uint8_t h[static 16], const uint8_t *m, size_t mlen, 345 const uint8_t k[static 16]) 346 { 347 struct poly1305 P; 348 349 poly1305_init(&P, k); 350 poly1305_update_blocks(&P, m, mlen); 351 poly1305_final(h, &P); 352 } 353 354 static int 355 poly1305_selftest(void) 356 { 357 /* https://tools.ietf.org/html/rfc7539#section-2.5.2 */ 358 static const uint8_t r[16] = { 359 0x85,0xd6,0xbe,0x78, 0x57,0x55,0x6d,0x33, 360 0x7f,0x44,0x52,0xfe, 0x42,0xd5,0x06,0xa8, 361 }; 362 static const uint8_t s[16] = { 363 0x01,0x03,0x80,0x8a, 0xfb,0x0d,0xb2,0xfd, 364 0x4a,0xbf,0xf6,0xaf, 0x41,0x49,0xf5,0x1b, 365 }; 366 static const uint8_t m[] = { 367 0x43,0x72,0x79,0x70, 0x74,0x6f,0x67,0x72, 368 0x61,0x70,0x68,0x69, 0x63,0x20,0x46,0x6f, 369 0x72,0x75,0x6d,0x20, 0x52,0x65,0x73,0x65, 370 0x61,0x72,0x63,0x68, 0x20,0x47,0x72,0x6f, 371 0x75,0x70, 372 }; 373 static const uint8_t expected[16] = { 374 0xa8,0x06,0x1d,0xc1, 0x30,0x51,0x36,0xc6, 375 0xc2,0x2b,0x8b,0xaf, 0x0c,0x01,0x27,0xa9, 376 }; 377 uint8_t h[16], t[16]; 378 int result = 0; 379 380 poly1305(h, m, sizeof m, r); 381 add128(t, h, s); 382 if (memcmp(t, expected, 16)) { 383 hexdump(printf, "poly1305 h", h, sizeof h); 384 hexdump(printf, "poly1305 t", t, sizeof t); 385 result = -1; 386 } 387 388 return result; 389 } 390 391 /* NHPoly1305 */ 393 394 static void 395 nh(uint8_t h[static 32], const uint8_t *m, size_t mlen, 396 const uint32_t k[static 268 /* u/w + 2s(r - 1) */]) 397 { 398 enum { 399 s = 2, /* stride */ 400 r = 4, /* rounds */ 401 w = 32, /* word size */ 402 u = 8192 /* unit count (bits per msg unit) */ 403 }; 404 uint64_t h0 = 0, h1 = 0, h2 = 0, h3 = 0; 405 unsigned i; 406 407 CTASSERT(r*w/8 == 16); 408 CTASSERT(u/w + 2*s*(r - 1) == 268); 409 410 KASSERT(mlen <= u/8); 411 KASSERT(mlen % 16 == 0); 412 413 for (i = 0; i < mlen/16; i++) { 414 uint32_t m0 = le32dec(m + 16*i + 4*0); 415 uint32_t m1 = le32dec(m + 16*i + 4*1); 416 uint32_t m2 = le32dec(m + 16*i + 4*2); 417 uint32_t m3 = le32dec(m + 16*i + 4*3); 418 419 uint32_t k00 = k[4*i + 4*0 + 0]; 420 uint32_t k01 = k[4*i + 4*0 + 1]; 421 uint32_t k02 = k[4*i + 4*0 + 2]; 422 uint32_t k03 = k[4*i + 4*0 + 3]; 423 uint32_t k10 = k[4*i + 4*1 + 0]; 424 uint32_t k11 = k[4*i + 4*1 + 1]; 425 uint32_t k12 = k[4*i + 4*1 + 2]; 426 uint32_t k13 = k[4*i + 4*1 + 3]; 427 uint32_t k20 = k[4*i + 4*2 + 0]; 428 uint32_t k21 = k[4*i + 4*2 + 1]; 429 uint32_t k22 = k[4*i + 4*2 + 2]; 430 uint32_t k23 = k[4*i + 4*2 + 3]; 431 uint32_t k30 = k[4*i + 4*3 + 0]; 432 uint32_t k31 = k[4*i + 4*3 + 1]; 433 uint32_t k32 = k[4*i + 4*3 + 2]; 434 uint32_t k33 = k[4*i + 4*3 + 3]; 435 436 CTASSERT(s == 2); 437 h0 += (uint64_t)(m0 + k00) * (m2 + k02); 438 h1 += (uint64_t)(m0 + k10) * (m2 + k12); 439 h2 += (uint64_t)(m0 + k20) * (m2 + k22); 440 h3 += (uint64_t)(m0 + k30) * (m2 + k32); 441 h0 += (uint64_t)(m1 + k01) * (m3 + k03); 442 h1 += (uint64_t)(m1 + k11) * (m3 + k13); 443 h2 += (uint64_t)(m1 + k21) * (m3 + k23); 444 h3 += (uint64_t)(m1 + k31) * (m3 + k33); 445 } 446 447 le64enc(h + 8*0, h0); 448 le64enc(h + 8*1, h1); 449 le64enc(h + 8*2, h2); 450 le64enc(h + 8*3, h3); 451 } 452 453 static void 454 nhpoly1305(uint8_t h[static 16], const uint8_t *m, size_t mlen, 455 const uint8_t pk[static 16], 456 const uint32_t nhk[static 268 /* u/w + 2s(r - 1) */]) 457 { 458 struct poly1305 P; 459 uint8_t h0[32]; 460 461 /* 462 * In principle NHPoly1305 is defined on uneven message 463 * lengths, but that's a pain in the patootie. 464 */ 465 KASSERT(mlen % 16 == 0); 466 467 poly1305_init(&P, pk); 468 for (; mlen; m += MIN(mlen, 1024), mlen -= MIN(mlen, 1024)) { 469 nh(h0, m, MIN(mlen, 1024), nhk); 470 poly1305_update_blocks(&P, h0, 32); 471 } 472 poly1305_final(h, &P); 473 } 474 475 /* https://github.com/google/adiantum/blob/68971e9c6684121b2203b4b05a22768b84051b58/test_vectors/ours/NH/NH.json */ 477 static int 478 nh_selftest(void) 479 { 480 static const struct { 481 uint8_t k[1072]; 482 unsigned mlen; 483 uint8_t m[1024]; 484 uint8_t h[32]; 485 } C[] = { 486 [0] = { /* 16-byte message */ 487 .k = { 488 0x22,0x5b,0x80,0xc8, 0x18,0x05,0x37,0x09, 489 0x76,0x14,0x4b,0x67, 0xc4,0x50,0x7f,0x2b, 490 0x2c,0xff,0x56,0xc5, 0xd5,0x66,0x45,0x68, 491 0x35,0xe6,0xd2,0x9a, 0xe5,0xd0,0xc1,0xfb, 492 0xac,0x59,0x81,0x1a, 0x60,0xb0,0x3d,0x81, 493 0x4b,0xa3,0x5b,0xa9, 0xcc,0xb3,0xfe,0x2d, 494 0xc2,0x4d,0xd9,0x26, 0xad,0x36,0xcf,0x8c, 495 0x05,0x11,0x3b,0x8a, 0x99,0x15,0x81,0xc8, 496 0x23,0xf5,0x5a,0x94, 0x10,0x2f,0x92,0x80, 497 0x38,0xc5,0xb2,0x63, 0x80,0xd5,0xdc,0xa3, 498 0x6c,0x2f,0xaa,0x03, 0x96,0x4a,0x75,0x33, 499 0x4c,0xa8,0x60,0x05, 0x96,0xbf,0xe5,0x7a, 500 0xc8,0x4f,0x5c,0x22, 0xf9,0x92,0x74,0x4a, 501 0x75,0x5f,0xa2,0x2a, 0x8d,0x3f,0xe2,0x43, 502 0xfd,0xd9,0x04,0x8c, 0x8e,0xea,0x84,0xcc, 503 0x4d,0x3f,0x94,0x96, 0xed,0x1a,0x51,0xbb, 504 0x2f,0xc4,0x63,0x28, 0x31,0x0b,0xda,0x92, 505 0x1e,0x4d,0xe2,0x1d, 0x82,0xb5,0x65,0xb4, 506 0x75,0x69,0xd7,0x6f, 0x29,0xe4,0xbe,0x7e, 507 0xcc,0xbd,0x95,0xbd, 0x7a,0x62,0xea,0xfa, 508 0x33,0x34,0x80,0x58, 0xbf,0xfa,0x00,0x7e, 509 0xa7,0xb4,0xc9,0x32, 0x7c,0xc7,0x8f,0x8a, 510 0x28,0x27,0xdd,0xeb, 0xb9,0x1c,0x01,0xad, 511 0xec,0xf4,0x30,0x5e, 0xce,0x3b,0xaa,0x22, 512 0x60,0xbd,0x84,0xd9, 0x9e,0xaf,0xe8,0x4c, 513 0x44,0xb6,0x84,0x2d, 0x5c,0xe6,0x26,0xee, 514 0x8a,0xa2,0x0d,0xe3, 0x97,0xed,0xf5,0x47, 515 0xdb,0x50,0x72,0x4a, 0x5e,0x9a,0x8d,0x10, 516 0xc2,0x25,0xdd,0x5b, 0xd0,0x39,0xc4,0x5b, 517 0x2a,0x79,0x81,0xb7, 0x5c,0xda,0xed,0x77, 518 0x17,0x53,0xb5,0x8b, 0x1e,0x5f,0xf3,0x48, 519 0x30,0xac,0x97,0x7d, 0x29,0xe3,0xc9,0x18, 520 0xe1,0x2b,0x31,0xa0, 0x08,0xe9,0x15,0x59, 521 0x29,0xdb,0x84,0x2a, 0x33,0x98,0x8a,0xd4, 522 0xc3,0xfc,0xf7,0xca, 0x65,0x02,0x4d,0x9f, 523 0xe2,0xb1,0x5e,0xa6, 0x6a,0x01,0xf9,0xcf, 524 0x7e,0xa6,0x09,0xd9, 0x16,0x90,0x14,0x5f, 525 0x3a,0xf8,0xd8,0x34, 0x38,0xd6,0x1f,0x89, 526 0x0c,0x81,0xc2,0x68, 0xc4,0x65,0x78,0xf3, 527 0xfe,0x27,0x48,0x70, 0x38,0x43,0x48,0x5a, 528 0xc1,0x24,0xc5,0x6f, 0x65,0x63,0x1b,0xb0, 529 0x5b,0xb4,0x07,0x1e, 0x69,0x08,0x8f,0xfc, 530 0x93,0x29,0x04,0x16, 0x6a,0x8b,0xb3,0x3d, 531 0x0f,0xba,0x5f,0x46, 0xff,0xfe,0x77,0xa1, 532 0xb9,0xdc,0x29,0x66, 0x9a,0xd1,0x08,0xdd, 533 0x32,0xe3,0x21,0x7b, 0xcc,0x2e,0x5c,0xf7, 534 0x79,0x68,0xd4,0xc1, 0x8b,0x3c,0x5d,0x0e, 535 0xd4,0x26,0xa6,0x19, 0x92,0x45,0xf7,0x19, 536 0x0e,0xa2,0x17,0xd8, 0x1c,0x7f,0x8d,0xd6, 537 0x68,0x37,0x6c,0xbf, 0xb1,0x8a,0x5e,0x36, 538 0x4b,0xc0,0xca,0x21, 0x02,0x24,0x69,0x9b, 539 0x2b,0x19,0x0a,0x1b, 0xe3,0x17,0x30,0x57, 540 0xf6,0xfc,0xd6,0x66, 0x36,0x30,0xc2,0x11, 541 0x08,0x8d,0xc5,0x84, 0x67,0xa0,0x89,0xc3, 542 0x74,0x48,0x15,0xca, 0x6e,0x0c,0x6d,0x78, 543 0x66,0x15,0x73,0x85, 0xf9,0x8b,0xba,0xb2, 544 0x09,0xda,0x79,0xe6, 0x00,0x08,0x2a,0xda, 545 0x6b,0xd7,0xd1,0xa7, 0x8b,0x5f,0x11,0x87, 546 0x96,0x1b,0x23,0xb0, 0x6c,0x55,0xb6,0x86, 547 0xfb,0xff,0xe3,0x69, 0xac,0x43,0xcd,0x8f, 548 0x8a,0xe7,0x1c,0x3c, 0xa0,0x6a,0xd5,0x63, 549 0x80,0x66,0xd8,0x7f, 0xb5,0xb8,0x96,0xd4, 550 0xe2,0x20,0x40,0x53, 0x6d,0x0d,0x8b,0x6d, 551 0xd5,0x5d,0x51,0xfb, 0x4d,0x80,0x82,0x01, 552 0x14,0x97,0x96,0x9b, 0x13,0xb8,0x1d,0x76, 553 0x7a,0xa1,0xca,0x19, 0x90,0xec,0x7b,0xe0, 554 0x8e,0xa8,0xb4,0xf2, 0x33,0x67,0x0e,0x10, 555 0xb1,0xa2,0x82,0xea, 0x81,0x82,0xa2,0xc6, 556 0x78,0x51,0xa6,0xd3, 0x25,0xe4,0x9c,0xf2, 557 0x6b,0xa8,0xec,0xfb, 0xd4,0x1d,0x5b,0xa4, 558 0x79,0x66,0x62,0xb8, 0x2b,0x6f,0x9e,0x0f, 559 0xcc,0xcb,0x9e,0x92, 0x6f,0x06,0xdb,0xf0, 560 0x97,0xce,0x3f,0x90, 0xa2,0x1f,0xbe,0x3b, 561 0x7b,0x10,0xf0,0x23, 0x30,0x0c,0xc5,0x0c, 562 0x6c,0x78,0xfc,0xa8, 0x71,0x62,0xcf,0x98, 563 0xa2,0xb1,0x44,0xb5, 0xc6,0x3b,0x5c,0x63, 564 0x83,0x1d,0x35,0xf2, 0xc7,0x42,0x67,0x5d, 565 0xc1,0x26,0x36,0xc8, 0x6e,0x1d,0xf6,0xd5, 566 0x52,0x35,0xa4,0x9e, 0xce,0x4c,0x3b,0x92, 567 0x20,0x86,0xb7,0x89, 0x63,0x73,0x1a,0x8b, 568 0xa6,0x35,0xfe,0xb9, 0xdf,0x5e,0x0e,0x53, 569 0x0b,0xf2,0xb3,0x4d, 0x34,0x1d,0x66,0x33, 570 0x1f,0x08,0xf5,0xf5, 0x0a,0xab,0x76,0x19, 571 0xde,0x82,0x2f,0xcf, 0x11,0xa6,0xcb,0xb3, 572 0x17,0xec,0x8d,0xaf, 0xcb,0xf0,0x92,0x1e, 573 0xb8,0xa3,0x04,0x0a, 0xac,0x2c,0xae,0xc5, 574 0x0b,0xc4,0x4e,0xef, 0x0a,0xe2,0xda,0xe9, 575 0xd7,0x75,0x2d,0x95, 0xc7,0x1b,0xf3,0x0b, 576 0x43,0x19,0x16,0xd7, 0xc6,0x90,0x2d,0x6b, 577 0xe1,0xb2,0xce,0xbe, 0xd0,0x7d,0x15,0x99, 578 0x24,0x37,0xbc,0xb6, 0x8c,0x89,0x7a,0x8c, 579 0xcb,0xa7,0xf7,0x0b, 0x5f,0xd4,0x96,0x8d, 580 0xf5,0x80,0xa3,0xce, 0xf5,0x9e,0xed,0x60, 581 0x00,0x92,0xa5,0x67, 0xc9,0x21,0x79,0x0b, 582 0xfb,0xe2,0x57,0x0e, 0xdf,0xb6,0x16,0x90, 583 0xd3,0x75,0xf6,0xb0, 0xa3,0x4e,0x43,0x9a, 584 0xb7,0xf4,0x73,0xd8, 0x34,0x46,0xc6,0xbe, 585 0x80,0xec,0x4a,0xc0, 0x7f,0x9e,0xb6,0xb0, 586 0x58,0xc2,0xae,0xa1, 0xf3,0x60,0x04,0x62, 587 0x11,0xea,0x0f,0x90, 0xa9,0xea,0x6f,0x0c, 588 0x4c,0xcf,0xe8,0xd0, 0xea,0xbf,0xdb,0xf2, 589 0x53,0x0c,0x09,0x4d, 0xd4,0xed,0xf3,0x22, 590 0x10,0x99,0xc6,0x4f, 0xcf,0xcf,0x96,0xc9, 591 0xd9,0x6b,0x08,0x3b, 0xf0,0x62,0x2d,0xac, 592 0x55,0x38,0xd5,0x5c, 0x57,0xad,0x51,0xc3, 593 0xf5,0xd2,0x37,0x45, 0xb3,0x3f,0x6d,0xaf, 594 0x10,0x62,0x57,0xb9, 0x58,0x40,0xb3,0x3c, 595 0x6a,0x98,0x97,0x1a, 0x9c,0xeb,0x66,0xf1, 596 0xa5,0x93,0x0b,0xe7, 0x8b,0x29,0x0f,0xff, 597 0x2c,0xd0,0x90,0xf2, 0x67,0xa0,0x69,0xcd, 598 0xd3,0x59,0xad,0xad, 0xf1,0x1f,0xd7,0xad, 599 0x24,0x74,0x29,0xcd, 0x06,0xd5,0x42,0x90, 600 0xf9,0x96,0x4a,0xd9, 0xa0,0x37,0xe4,0x64, 601 0x8e,0x13,0x2a,0x2a, 0xe7,0xc2,0x1e,0xf6, 602 0xb2,0xd3,0xdc,0x9f, 0x33,0x32,0x0c,0x50, 603 0x88,0x37,0x8b,0x9b, 0xfe,0x6f,0xfd,0x05, 604 0x96,0x26,0x6c,0x96, 0x73,0x73,0xe1,0x09, 605 0x28,0xf3,0x7f,0xa6, 0x59,0xc5,0x2e,0xf4, 606 0xd3,0xd5,0xda,0x6b, 0xca,0x42,0x05,0xe5, 607 0xed,0x13,0xe2,0x4e, 0xcd,0xd5,0xd0,0xfb, 608 0x6e,0xf7,0x8a,0x3e, 0x91,0x9d,0x6b,0xc5, 609 0x33,0x05,0x07,0x86, 0xb2,0x26,0x41,0x6e, 610 0xf8,0x38,0x38,0x7a, 0xf0,0x6c,0x27,0x5a, 611 0x01,0xd8,0x03,0xe5, 0x91,0x33,0xaa,0x20, 612 0xcd,0xa7,0x4f,0x18, 0xa0,0x91,0x28,0x74, 613 0xc0,0x58,0x27,0x0f, 0x9b,0xa8,0x85,0xb0, 614 0xe0,0xfd,0x5b,0xdb, 0x5b,0xb8,0x86,0x79, 615 0x94,0x6d,0xde,0x26, 0x64,0x2d,0x6c,0xb9, 616 0xba,0xc7,0xf0,0xd7, 0xaa,0x68,0x68,0xd0, 617 0x40,0x71,0xdb,0x94, 0x54,0x62,0xa5,0x7f, 618 0x98,0xea,0xe3,0x4c, 0xe4,0x44,0x9a,0x03, 619 0xf9,0x1c,0x20,0x36, 0xeb,0x0d,0xa4,0x41, 620 0x24,0x06,0xcb,0x94, 0x86,0x35,0x22,0x62, 621 0x80,0x19,0x16,0xba, 0x2c,0x10,0x38,0x96, 622 }, 623 .mlen = 16, 624 .m = { 625 0xd3,0x82,0xe7,0x04, 0x35,0xcc,0xf7,0xa4, 626 0xf9,0xb2,0xc5,0xed, 0x5a,0xd9,0x58,0xeb, 627 }, 628 .h = { 629 0x41,0xd9,0xad,0x54, 0x5a,0x0d,0xcc,0x53, 630 0x48,0xf6,0x4c,0x75, 0x43,0x5d,0xdd,0x77, 631 0xda,0xca,0x7d,0xec, 0x91,0x3b,0x53,0x16, 632 0x5c,0x4b,0x58,0xdc, 0x70,0x0a,0x7b,0x37, 633 }, 634 }, 635 [1] = { /* 1008-byte message */ 636 .k = { 637 0xd9,0x94,0x65,0xda, 0xc2,0x60,0xdd,0xa9, 638 0x39,0xe5,0x37,0x11, 0xf6,0x74,0xa5,0x95, 639 0x36,0x07,0x24,0x99, 0x64,0x6b,0xda,0xe2, 640 0xd5,0xd1,0xd2,0xd9, 0x25,0xd5,0xcc,0x48, 641 0xf8,0xa5,0x9e,0xff, 0x84,0x5a,0xd1,0x6f, 642 0xb7,0x6a,0x4d,0xd2, 0xc8,0x13,0x3d,0xde, 643 0x17,0xed,0x64,0xf1, 0x2b,0xcc,0xdd,0x65, 644 0x11,0x16,0xf2,0xaf, 0x34,0xd2,0xc5,0x31, 645 0xaa,0x69,0x33,0x0a, 0x0b,0xc1,0xb4,0x6d, 646 0xaa,0xcd,0x43,0xc4, 0x0b,0xef,0xf9,0x7d, 647 0x97,0x3c,0xa7,0x22, 0xda,0xa6,0x6a,0xf0, 648 0xad,0xe3,0x6f,0xde, 0xfb,0x33,0xf3,0xd8, 649 0x96,0x5f,0xca,0xda, 0x18,0x63,0x03,0xd0, 650 0x8f,0xb6,0xc4,0x62, 0x9d,0x50,0x6c,0x8f, 651 0x85,0xdd,0x6d,0x52, 0x2d,0x45,0x01,0x36, 652 0x57,0x9f,0x51,0xf0, 0x70,0xe0,0xb2,0x99, 653 0x3a,0x11,0x68,0xbd, 0xe5,0xfa,0x7c,0x59, 654 0x12,0x5a,0xbc,0xd9, 0xd6,0x9a,0x09,0xe6, 655 0xa2,0x80,0x1f,0xd6, 0x47,0x20,0x82,0x4e, 656 0xac,0xb5,0x6d,0xde, 0x5b,0xff,0x9c,0xd4, 657 0x2a,0xae,0x27,0x7c, 0x0f,0x5a,0x5d,0x35, 658 0x2d,0xff,0x07,0xf9, 0x79,0x6a,0xf9,0x3e, 659 0xd9,0x22,0x62,0x30, 0x40,0xce,0xe1,0xf4, 660 0x46,0x0a,0x24,0xca, 0x7a,0x3e,0xa1,0x92, 661 0x1a,0x29,0xa0,0xbf, 0x23,0x95,0x99,0x31, 662 0xe3,0x51,0x25,0x3d, 0xaf,0x1e,0xfc,0xb3, 663 0x65,0xa2,0x10,0x37, 0xe6,0xa7,0x20,0xa0, 664 0xe3,0x6a,0xd4,0x81, 0x2c,0x8d,0xa0,0x87, 665 0xec,0xae,0x9f,0x44, 0x10,0xda,0x2e,0x17, 666 0xba,0xb2,0xa5,0x5c, 0x89,0xc6,0xfa,0x70, 667 0x7e,0xc2,0xe3,0xb6, 0xa0,0x98,0x9c,0xb8, 668 0x14,0x33,0x27,0x3a, 0x6e,0x4d,0x94,0x72, 669 0x4b,0xc8,0xac,0x24, 0x2f,0x85,0xd9,0xa4, 670 0xda,0x22,0x95,0xc5, 0xb3,0xfc,0xbe,0xd2, 671 0x96,0x57,0x91,0xf9, 0xfd,0x18,0x9c,0x56, 672 0x70,0x15,0x5f,0xe7, 0x40,0x45,0x28,0xb3, 673 0x2b,0x56,0x44,0xca, 0x6a,0x2b,0x0e,0x25, 674 0x66,0x3e,0x32,0x04, 0xe2,0xb7,0x91,0xc8, 675 0xd2,0x02,0x79,0x0f, 0x7e,0xa9,0xb3,0x86, 676 0xb2,0x76,0x74,0x18, 0x57,0x16,0x63,0x06, 677 0x6e,0x16,0xfa,0xef, 0x52,0x3c,0x5e,0x0d, 678 0x33,0x55,0xd2,0x8d, 0x57,0x4d,0xfe,0x54, 679 0x65,0x7a,0x54,0x52, 0xf0,0x7b,0x2c,0xf8, 680 0xd5,0x43,0xba,0x92, 0xa5,0x2e,0xbe,0x1a, 681 0xce,0x25,0x4f,0x34, 0x31,0xe7,0xa3,0xff, 682 0x90,0xf6,0xbc,0x0c, 0xbc,0x98,0xdf,0x4a, 683 0xc3,0xeb,0xb6,0x27, 0x68,0xa9,0xb5,0x33, 684 0xbc,0x13,0xe8,0x13, 0x7c,0x6b,0xec,0x31, 685 0xd9,0x79,0x2a,0xa7, 0xe4,0x02,0x4f,0x02, 686 0xd4,0x5c,0x57,0x4f, 0xa4,0xbc,0xa3,0xe1, 687 0x7e,0x36,0x8a,0xde, 0x11,0x55,0xec,0xb3, 688 0x8b,0x65,0x06,0x02, 0x9a,0x68,0x06,0x64, 689 0x63,0xc7,0x9a,0x67, 0xdc,0x70,0xbf,0xb5, 690 0xf8,0x49,0x2a,0xe1, 0x59,0x4c,0xe4,0x1e, 691 0xb5,0x56,0xa5,0xad, 0x24,0x82,0x8c,0xd0, 692 0x66,0xe4,0x72,0x79, 0x02,0x5d,0x0d,0xf9, 693 0x19,0x44,0xe3,0x86, 0x1a,0xda,0xda,0xf0, 694 0x2d,0x47,0xc0,0x07, 0x47,0x0b,0xf8,0x06, 695 0xf6,0x45,0x8a,0x7f, 0xb9,0xf9,0x33,0x2e, 696 0xc2,0xf1,0xf1,0x81, 0x41,0x99,0xcd,0xf6, 697 0xb1,0x71,0x1b,0xfa, 0x21,0x53,0x7c,0xa1, 698 0xeb,0x2a,0x38,0x5b, 0x9b,0xfe,0x96,0xa5, 699 0xe3,0x78,0x77,0x47, 0x98,0x0f,0x7d,0xef, 700 0xf6,0x05,0x37,0x88, 0x79,0x0c,0x21,0x8d, 701 0x87,0x1f,0xae,0xce, 0x83,0xaf,0xa3,0xd6, 702 0x6e,0xc5,0x3c,0x47, 0xc6,0xd6,0x4a,0xdc, 703 0x7c,0xcc,0xdc,0x11, 0x7c,0x7d,0x0f,0x03, 704 0xc1,0x80,0x75,0x2a, 0x64,0x76,0xf0,0x08, 705 0x0c,0x11,0x4b,0xe4, 0x05,0x41,0x78,0x0f, 706 0x86,0xa0,0xd6,0x61, 0xb0,0xfb,0x15,0x3d, 707 0x3c,0xc3,0xd5,0x1b, 0x72,0x0e,0x79,0x53, 708 0x07,0xd2,0x2c,0x6e, 0x83,0xbd,0x72,0x88, 709 0x41,0x07,0x4b,0xd2, 0xe9,0xcc,0x2a,0x9d, 710 0x5b,0x82,0x0d,0x02, 0x29,0x6e,0xf3,0xbc, 711 0x34,0x31,0x62,0x8d, 0x83,0xc1,0x7e,0x94, 712 0x21,0xd5,0xfd,0xa6, 0x6a,0x2b,0xe8,0x86, 713 0x05,0x48,0x97,0x41, 0xad,0xca,0xef,0x79, 714 0x5e,0xd8,0x51,0xc4, 0xae,0xf7,0xfa,0xac, 715 0x3d,0x74,0x2e,0xf4, 0x41,0x3b,0x19,0xc2, 716 0x04,0xf3,0x40,0xfe, 0x77,0x7c,0x6a,0x4c, 717 0x8e,0x24,0x84,0xe0, 0x70,0xe4,0xb2,0x19, 718 0x6c,0x0c,0x85,0x9e, 0xe1,0xad,0xa4,0x73, 719 0x90,0xdd,0xbf,0x7d, 0x1b,0x6f,0x8b,0x4d, 720 0x3b,0xec,0xd7,0xb0, 0xd9,0x90,0xf1,0xf5, 721 0xb9,0x32,0xe3,0x79, 0x15,0x08,0x3e,0x71, 722 0xed,0x91,0xc4,0x5c, 0x18,0xe8,0x16,0x52, 723 0xae,0x9d,0xf3,0x09, 0xac,0x57,0x11,0xf8, 724 0x16,0x55,0xd0,0x28, 0x60,0xc1,0x7e,0x6d, 725 0x87,0xc1,0x7a,0xe8, 0x5d,0xc5,0x12,0x68, 726 0x6d,0x63,0x39,0x27, 0x49,0xb8,0x0c,0x78, 727 0x92,0xea,0x6f,0x52, 0xeb,0x43,0xc2,0x0b, 728 0xd8,0x28,0x77,0xe5, 0x43,0x5f,0xb8,0xa6, 729 0x32,0xb7,0xaa,0x01, 0x1e,0xa6,0xde,0xe4, 730 0x9b,0x0f,0xb6,0x49, 0xcc,0x6f,0x2c,0x04, 731 0x41,0xcb,0xd8,0x80, 0xd1,0x15,0x5e,0x57, 732 0x1e,0x4a,0x77,0xbf, 0xc4,0xcb,0x09,0x7c, 733 0x6e,0x81,0xb8,0x64, 0x51,0x6a,0xf2,0x71, 734 0x06,0xf6,0x00,0xac, 0x79,0x2c,0x83,0x7a, 735 0x6c,0xa4,0x85,0x89, 0x69,0x06,0x26,0x72, 736 0xe1,0x00,0x66,0xc0, 0xc5,0x8e,0xc8,0x51, 737 0x6e,0x25,0xdd,0xc9, 0x54,0x98,0x45,0x64, 738 0xaa,0x51,0x18,0x1b, 0xe4,0xbe,0x1b,0xee, 739 0x13,0xd6,0x34,0x50, 0x4c,0xcf,0x3c,0x31, 740 0x9b,0xd2,0x6f,0x07, 0x79,0xf4,0x63,0x3f, 741 0x09,0x01,0x64,0xf1, 0xc1,0xf1,0xae,0xa9, 742 0x0c,0x60,0xc9,0x62, 0x84,0xf6,0xe8,0x15, 743 0x55,0xdf,0xdd,0x71, 0x95,0xa9,0x0f,0x65, 744 0x97,0x40,0x79,0x86, 0x95,0xd9,0x57,0x23, 745 0x2f,0x61,0x51,0xb5, 0x16,0x18,0x62,0xd2, 746 0x1a,0xd9,0x8b,0x88, 0x84,0xa9,0x9b,0x47, 747 0xd7,0x22,0x68,0xe9, 0x9c,0x69,0x68,0x74, 748 0x13,0x95,0xd3,0x99, 0x33,0xdb,0x30,0x96, 749 0xbf,0x01,0xc6,0x68, 0xbd,0x19,0x32,0xc1, 750 0xf8,0xa9,0x7f,0x2b, 0xc5,0x69,0x2f,0xa2, 751 0xce,0x5a,0x46,0x43, 0x8d,0x36,0x9c,0xfa, 752 0x5c,0x7f,0x03,0xe0, 0x80,0xaa,0xc7,0x9e, 753 0x3b,0xa3,0x27,0x6b, 0x2e,0xc6,0x59,0x0a, 754 0xf6,0x36,0x37,0xa6, 0xc0,0xd1,0xa1,0xa1, 755 0x7e,0xc1,0xf8,0x5b, 0x0f,0x9b,0xdd,0x6d, 756 0x9f,0x54,0x16,0x6b, 0x6e,0x53,0xfd,0xe8, 757 0x72,0xd0,0x3e,0x46, 0xce,0xaf,0x94,0x36, 758 0x85,0xa8,0xae,0x4c, 0x8d,0xb5,0xc2,0x1b, 759 0x5d,0x29,0x46,0x40, 0x87,0x50,0x59,0xdd, 760 0x04,0xbe,0xba,0x8f, 0x0b,0x9b,0xd2,0x50, 761 0x67,0x19,0x83,0x80, 0x87,0x5c,0x58,0x86, 762 0x20,0x39,0xbf,0xdf, 0xd2,0xc8,0xbb,0xe8, 763 0xc8,0xd8,0xe8,0x8d, 0xcc,0x97,0xe0,0xc9, 764 0x6c,0x2f,0x47,0xb6, 0x75,0x8f,0x0d,0x37, 765 0x5a,0x83,0xb0,0xce, 0x59,0xc2,0x0b,0x84, 766 0xa2,0x54,0xe5,0x38, 0x59,0x29,0x0f,0xa8, 767 0x26,0x2d,0x11,0xa9, 0x89,0x0e,0x0b,0x75, 768 0xe0,0xbc,0xf0,0xf8, 0x92,0x1f,0x29,0x71, 769 0x91,0xc4,0x63,0xcc, 0xf8,0x52,0xb5,0xd4, 770 0xb8,0x94,0x6a,0x30, 0x90,0xf7,0x44,0xbe, 771 }, 772 .mlen = 1008, 773 .m = { 774 0x05,0xe3,0x6f,0x44, 0xa4,0x40,0x35,0xf6, 775 0xeb,0x86,0xa9,0x6d, 0xed,0x16,0xdb,0xb6, 776 0x5b,0x59,0xda,0x30, 0x54,0x6c,0x59,0x35, 777 0x42,0x59,0x56,0x45, 0x9a,0x85,0x20,0x73, 778 0xcf,0x21,0xf5,0x98, 0x58,0x07,0x0e,0x7f, 779 0x44,0x1f,0xf1,0x53, 0x92,0xc7,0x81,0x53, 780 0x5e,0x97,0x8a,0x23, 0x1d,0xe8,0xad,0xca, 781 0x19,0x55,0x96,0x9d, 0x9b,0xfd,0x0a,0x0a, 782 0xad,0xa8,0x0f,0x76, 0xe2,0x6a,0x8f,0x33, 783 0x36,0xbf,0xcb,0x7a, 0xfd,0x61,0xc6,0xfb, 784 0x75,0xea,0xd4,0x09, 0x5e,0x70,0xfb,0x32, 785 0x54,0xe3,0x47,0x48, 0xd4,0x8c,0xa9,0x7c, 786 0x72,0xdb,0xdb,0xf7, 0x09,0x6d,0x58,0xa6, 787 0x42,0xb5,0x74,0x8c, 0x98,0x66,0x83,0x7a, 788 0x6d,0xeb,0x91,0xfb, 0x22,0x1c,0x78,0x3d, 789 0x22,0xa6,0xf8,0xb0, 0xd1,0x9f,0xc8,0x69, 790 0x8a,0xba,0xd3,0x78, 0x21,0xb0,0x7b,0x9f, 791 0xb8,0xed,0xe0,0x65, 0xff,0xa0,0x8b,0x4c, 792 0x17,0x9e,0xf7,0x3e, 0xa2,0x5f,0x82,0x77, 793 0xce,0x2a,0xda,0x41, 0x76,0x07,0x68,0xa4, 794 0xa1,0xbb,0xe0,0x1d, 0x7b,0xab,0x9c,0x03, 795 0x90,0x2c,0xd2,0x93, 0x46,0x43,0x3a,0x44, 796 0x29,0xe8,0xb5,0x7a, 0x23,0xbb,0xe9,0xaf, 797 0x2b,0x17,0x88,0x8f, 0x7a,0x81,0x7a,0x25, 798 0x3b,0xc7,0x1e,0x6e, 0xde,0x3e,0x54,0xbc, 799 0xc6,0xff,0x07,0xdc, 0xe6,0x29,0x02,0x4c, 800 0x95,0x57,0x0e,0x44, 0xc4,0x9c,0xc7,0x45, 801 0x01,0xd7,0x17,0xfd, 0x0f,0x1a,0x83,0x74, 802 0xa0,0xd5,0xb3,0x1a, 0xc0,0x97,0xdc,0xc3, 803 0x0f,0x3d,0x5d,0x8c, 0x02,0x58,0xc6,0x4d, 804 0x43,0x10,0xae,0xc9, 0x94,0xe2,0x9b,0xcd, 805 0xf9,0xcc,0xfe,0xbd, 0x9c,0x69,0xd0,0xec, 806 0xf8,0x67,0xde,0x98, 0xe5,0x50,0x5e,0x93, 807 0x6a,0x5b,0x31,0x2a, 0x62,0xee,0x03,0xbe, 808 0x76,0x9c,0x1d,0x13, 0x16,0x13,0xcf,0x63, 809 0x30,0x18,0x7d,0x1e, 0x55,0x94,0xf5,0x29, 810 0xb4,0x91,0xb4,0x76, 0x1c,0x31,0x9e,0xe5, 811 0x1b,0x0a,0xee,0x89, 0xb4,0xd9,0x45,0x19, 812 0xd7,0x47,0x2c,0x01, 0x20,0xe6,0x1d,0x7c, 813 0xb3,0x5e,0x1b,0x2a, 0x8c,0x3d,0x4d,0x1a, 814 0x6b,0x35,0x84,0x41, 0x6a,0xe4,0x32,0x8f, 815 0x9a,0x0d,0xbf,0x90, 0xff,0xcf,0x4c,0xfb, 816 0x9b,0x07,0x81,0x94, 0xcf,0x8e,0x1a,0x8a, 817 0xfc,0xbd,0x91,0xfe, 0xc3,0xe1,0x18,0xc7, 818 0x1f,0x0d,0x8e,0x1c, 0x2e,0xfc,0x02,0xe8, 819 0x39,0xbf,0x05,0x90, 0x58,0x94,0xee,0xe7, 820 0x15,0x31,0x5d,0x9f, 0x68,0x36,0x64,0x32, 821 0x25,0x49,0xdd,0x3e, 0xc8,0xb6,0x83,0x5e, 822 0x09,0x90,0xcd,0x48, 0xaf,0x9e,0xfe,0xd6, 823 0x79,0x8e,0x69,0x4b, 0x94,0xd5,0xf4,0x84, 824 0x7b,0xce,0xea,0x2f, 0x9b,0x79,0x7a,0x7c, 825 0x22,0x28,0x4d,0xa1, 0x38,0x1a,0x66,0x24, 826 0x79,0xa3,0xfa,0xfa, 0x8d,0x98,0x7c,0x54, 827 0x71,0x54,0xef,0x37, 0xa6,0xf1,0x97,0x54, 828 0xad,0xe7,0x67,0xa0, 0xf3,0x33,0xcf,0x4f, 829 0x4e,0xa3,0x47,0xee, 0x31,0xd3,0x98,0xf9, 830 0x7f,0x9f,0x44,0x18, 0x2f,0x13,0x1b,0x44, 831 0x57,0xcd,0x15,0x5b, 0xde,0x8f,0x1a,0x3c, 832 0xb5,0x1e,0xa7,0x2d, 0x4d,0xbe,0x85,0x08, 833 0x78,0xeb,0xe2,0x35, 0x3a,0xbe,0x55,0x6b, 834 0xc3,0xe1,0x0f,0x77, 0x43,0x41,0x11,0x5a, 835 0x61,0xc9,0x3b,0xbc, 0xad,0x88,0x9e,0xba, 836 0xc6,0xd2,0xdc,0x87, 0xd9,0x54,0xcc,0x86, 837 0x46,0xe6,0xa5,0x29, 0x2c,0x08,0x49,0x53, 838 0x2c,0xe3,0x0e,0x60, 0xc5,0x48,0xca,0x62, 839 0x3f,0xf6,0x93,0xc1, 0xba,0x8d,0x36,0x49, 840 0xe7,0x0f,0x9c,0x49, 0x7d,0xee,0x2a,0x22, 841 0xc3,0xe5,0x11,0x21, 0xfa,0xc7,0xeb,0x79, 842 0xcc,0x4d,0x75,0x4e, 0x66,0x33,0xf5,0x09, 843 0xa3,0xb9,0x60,0xa5, 0xd6,0xbd,0x38,0x75, 844 0x0c,0x2f,0x5f,0x1f, 0xea,0xa5,0x9d,0x45, 845 0x3c,0xe4,0x41,0xb8, 0xf6,0x4e,0x15,0x87, 846 0x0b,0x7f,0x42,0x4e, 0x51,0x3d,0xc4,0x9a, 847 0xb2,0xca,0x37,0x16, 0x0f,0xed,0x9e,0x0b, 848 0x93,0x86,0x12,0x93, 0x36,0x5e,0x39,0xc4, 849 0xf0,0xf4,0x48,0xdb, 0xeb,0x18,0x5e,0x50, 850 0x71,0x30,0x83,0xe5, 0x0f,0xb1,0x73,0xa7, 851 0xc6,0xf0,0xca,0x29, 0x0e,0xc4,0x07,0x5b, 852 0x8b,0x09,0x68,0x68, 0x10,0x32,0x92,0x62, 853 0x6a,0x6c,0x56,0x8b, 0x01,0x46,0x9a,0x20, 854 0x89,0xe0,0x93,0x85, 0x8c,0x53,0x87,0xf6, 855 0x02,0xd3,0x8d,0x72, 0x31,0x35,0xa1,0x34, 856 0x63,0x70,0x61,0x80, 0x06,0xf1,0x54,0xb3, 857 0x5d,0xdf,0xad,0x9c, 0x7e,0x3a,0xc2,0x8f, 858 0x76,0x8b,0x4c,0x74, 0x2c,0x8c,0x6f,0x0a, 859 0x60,0x13,0xa8,0xce, 0x4c,0x49,0x70,0x90, 860 0x59,0x57,0xf5,0x7b, 0x03,0x94,0x37,0x87, 861 0xfa,0xfe,0xeb,0xe7, 0x2d,0x01,0x45,0x69, 862 0xb4,0x10,0x80,0x6d, 0x13,0x26,0xe3,0x9b, 863 0x49,0x2a,0x0b,0xb1, 0x36,0xf9,0x62,0x63, 864 0x33,0x2a,0xee,0x51, 0x5e,0x35,0xa4,0x2e, 865 0x34,0xa1,0x77,0xac, 0x27,0x99,0x03,0xc6, 866 0xe2,0x83,0x11,0x72, 0x77,0x30,0x8b,0xb7, 867 0xde,0x1a,0xa1,0x4b, 0xa9,0x9c,0x07,0x02, 868 0xf2,0xdc,0x06,0x45, 0xf2,0xab,0x31,0x46, 869 0x50,0x25,0x34,0x54, 0xa8,0x06,0x88,0x6c, 870 0xfc,0x88,0xb5,0xae, 0x30,0xbd,0xe1,0xe7, 871 0xfe,0x51,0x46,0x05, 0x9a,0x29,0xd9,0x93, 872 0x99,0x60,0x69,0x4a, 0x5c,0xb2,0x29,0x6b, 873 0xa1,0xbb,0x9d,0xe4, 0x9b,0x7d,0x4a,0xe5, 874 0x37,0xcb,0x16,0x6f, 0x44,0x93,0xe4,0x71, 875 0x34,0x7b,0x54,0xec, 0x5b,0x2b,0xe0,0xf7, 876 0x32,0xed,0x77,0xa6, 0xb3,0x7c,0x8d,0x1a, 877 0xc0,0x57,0xbe,0x2b, 0x6d,0x7f,0xd7,0x35, 878 0xe6,0x93,0xed,0x90, 0x26,0xfe,0x41,0xf3, 879 0x58,0x55,0x03,0xb7, 0xb2,0x94,0xe2,0x0c, 880 0x34,0xc3,0x06,0xc6, 0x9e,0x4b,0x17,0xc7, 881 0xb9,0x58,0x23,0x58, 0xd3,0x73,0x18,0x5e, 882 0xcf,0x28,0xac,0x90, 0xa0,0xba,0x35,0x90, 883 0x96,0xb3,0xc7,0x6c, 0xe1,0x07,0xdf,0x5d, 884 0xaa,0x2c,0xa6,0x6b, 0x82,0x2d,0x71,0x66, 885 0xb7,0x76,0x37,0xdb, 0x39,0x7f,0x22,0x8f, 886 0x38,0x70,0xd4,0xeb, 0xf8,0xf0,0x73,0xed, 887 0xb6,0x67,0x75,0xaf, 0xd7,0x5d,0x01,0x01, 888 0xc4,0xd6,0x7c,0xbc, 0xc3,0xe6,0xad,0x9a, 889 0x9c,0x6a,0x43,0x9b, 0xfb,0x34,0x55,0x47, 890 0xcd,0xeb,0x4e,0x2c, 0x29,0x6f,0xb0,0xeb, 891 0xb5,0x08,0xdb,0x6b, 0x40,0x26,0x51,0x54, 892 0x5a,0x97,0x64,0x74, 0x95,0xe6,0xae,0x8a, 893 0x4c,0xe9,0x44,0x47, 0x85,0xd6,0xcf,0xe0, 894 0x11,0x65,0x45,0xb3, 0xe1,0xfc,0x6a,0x01, 895 0x38,0x40,0x8a,0x71, 0xc5,0xd6,0x64,0xa8, 896 0x36,0x95,0x44,0x9c, 0x10,0x41,0xa3,0x71, 897 0xb4,0x70,0x02,0xdf, 0xf9,0xad,0x2b,0xec, 898 0x75,0xf7,0x09,0x6c, 0x5d,0x2a,0xd0,0x0b, 899 0x2e,0xb3,0xf0,0xd3, 0xce,0xdb,0x26,0x80, 900 }, 901 .h = { 902 0x2d,0xb3,0x7e,0x73, 0xde,0x6a,0x9e,0xa9, 903 0x54,0x9a,0x0f,0xb3, 0x0b,0xcc,0xc9,0xde, 904 0x7a,0x4e,0x4a,0x71, 0x07,0x33,0xee,0x06, 905 0x5c,0x9a,0xa1,0x30, 0x5e,0x39,0x4e,0x10, 906 }, 907 }, 908 [2] = { /* 1024-byte message */ 909 .k = { 910 0x4c,0xe4,0x3c,0x6e, 0xa0,0xe3,0x0e,0x64, 911 0x35,0x44,0x3e,0x0b, 0x4d,0x29,0xbe,0x04, 912 0xa7,0xaa,0x88,0xe0, 0xe0,0x07,0x7d,0xa8, 913 0x2b,0x87,0x7d,0x08, 0xa6,0x59,0xd0,0xa5, 914 0x03,0xae,0x9b,0xee, 0xd4,0x11,0x39,0x7d, 915 0x9e,0x1d,0x89,0xe3, 0xc6,0x92,0x36,0x07, 916 0xa4,0x43,0xad,0x2f, 0xd5,0x71,0x84,0x2d, 917 0xc0,0x37,0xed,0x62, 0x4e,0x2b,0x8c,0xd5, 918 0x1d,0xf7,0x00,0xbb, 0x3d,0x5e,0xcc,0xc5, 919 0x6d,0xdd,0x17,0xf2, 0x89,0x25,0x30,0x16, 920 0x04,0xd7,0x1f,0x84, 0x7d,0x61,0xa0,0x7a, 921 0x49,0x88,0x44,0x46, 0xc6,0x05,0xd1,0xc9, 922 0xa0,0x2a,0x86,0xdd, 0xd3,0x80,0x40,0xa4, 923 0x28,0xb3,0xa4,0x3b, 0x71,0x0a,0x7f,0x2d, 924 0x3b,0xcd,0xe6,0xac, 0x59,0xda,0x43,0x56, 925 0x6e,0x9a,0x3f,0x1e, 0x82,0xcf,0xb3,0xa0, 926 0xa1,0x46,0xcf,0x2e, 0x32,0x05,0xcd,0x68, 927 0xbb,0x51,0x71,0x8a, 0x16,0x75,0xbe,0x49, 928 0x7e,0xb3,0x63,0x30, 0x95,0x34,0xe6,0x85, 929 0x7e,0x9a,0xdd,0xe6, 0x43,0xd6,0x59,0xf8, 930 0x6a,0xb8,0x8f,0x5f, 0x5d,0xd9,0x55,0x41, 931 0x12,0xf9,0x98,0xc6, 0x93,0x7c,0x3f,0x46, 932 0xab,0x7c,0x8b,0x28, 0xde,0x9a,0xb1,0xf0, 933 0x6c,0x43,0x2a,0xb3, 0x70,0xc5,0x9d,0xc0, 934 0x26,0xcf,0xad,0x9c, 0x87,0x9b,0x3f,0x7c, 935 0x24,0xac,0xe7,0xd4, 0xe8,0x14,0xe3,0x3e, 936 0xf6,0x8a,0x97,0x87, 0x63,0x2c,0x88,0xdc, 937 0xc5,0x23,0x68,0x6e, 0x94,0xe1,0x09,0xc4, 938 0x44,0xda,0x8f,0xa7, 0x9f,0xc4,0x52,0xa4, 939 0x18,0x1d,0x3c,0x08, 0xca,0x0a,0x3e,0xb4, 940 0xbf,0xbe,0xc6,0x47, 0xe2,0x89,0x2b,0x07, 941 0x71,0xd9,0xc8,0x6a, 0x06,0xd5,0xd0,0x47, 942 0x4e,0x07,0x4f,0x6b, 0xdb,0xdf,0x3d,0xf0, 943 0x7c,0x5f,0x49,0x70, 0x17,0x4f,0x9f,0x33, 944 0x7e,0x4b,0x72,0x3b, 0x8c,0x68,0x22,0xf9, 945 0xd2,0xad,0xe4,0xe4, 0xb2,0x61,0x9d,0xb8, 946 0xc2,0x5c,0xf0,0x3b, 0x08,0xb2,0x75,0x30, 947 0x3a,0xd0,0x7d,0xf9, 0xb2,0x00,0x40,0x56, 948 0x79,0xe2,0x0d,0x31, 0x72,0xe2,0xc2,0xd1, 949 0x2e,0x27,0xe7,0xc8, 0x96,0x1a,0xc6,0x7e, 950 0xb8,0xc1,0x93,0xfb, 0x1d,0xbc,0xed,0x97, 951 0x2f,0x2f,0xea,0xa1, 0x40,0x49,0xf6,0x1d, 952 0xab,0x54,0x46,0x2e, 0x73,0xf2,0x74,0xf1, 953 0x6d,0x5c,0xe6,0xa0, 0xd4,0x73,0x1c,0xbc, 954 0x07,0x81,0xf5,0x94, 0xe6,0x18,0xdc,0x42, 955 0x68,0xb9,0xeb,0xfb, 0xa3,0x76,0x8c,0x83, 956 0x98,0xe9,0x96,0xa6, 0xa6,0x5e,0x0e,0xd1, 957 0xfc,0xb7,0x8e,0x8b, 0x9e,0xa4,0x00,0x76, 958 0x0e,0x35,0x92,0x5e, 0x05,0xa1,0x92,0xc4, 959 0x0c,0xd1,0xec,0x8c, 0x04,0x8e,0x65,0x56, 960 0x43,0xae,0x16,0x18, 0x2e,0x3e,0xfe,0x47, 961 0x92,0xe1,0x76,0x1b, 0xb6,0xcc,0x0b,0x82, 962 0xe1,0x8c,0x7b,0x43, 0xe4,0x90,0xed,0x28, 963 0x0b,0xe6,0x05,0xea, 0x4a,0xc0,0xf1,0x12, 964 0x54,0x09,0x93,0xda, 0xfc,0xf4,0x86,0xff, 965 0x4c,0xaa,0x7d,0xbe, 0xd0,0x4a,0xa6,0x9d, 966 0x6b,0x27,0x8f,0xb1, 0xb5,0x3a,0x9b,0xce, 967 0xe2,0x5c,0x29,0x35, 0xd6,0xe7,0xf3,0xa4, 968 0x5e,0x70,0xf6,0xc6, 0xde,0x63,0x86,0xf7, 969 0xc9,0xab,0x42,0xb9, 0xe7,0x5d,0x1c,0x68, 970 0x73,0xa3,0xed,0xb0, 0xa0,0xb6,0x18,0x15, 971 0xe6,0x57,0x4c,0x21, 0xf7,0xf3,0xc6,0x32, 972 0x4d,0x07,0x4a,0x14, 0xde,0xb2,0xc7,0xca, 973 0xf0,0x78,0xc4,0x85, 0xe3,0xdc,0xfb,0x35, 974 0x7c,0x6b,0xc0,0xb8, 0xcd,0x7a,0x22,0xfc, 975 0xe4,0xe8,0xe2,0x98, 0x6c,0x8e,0xdf,0x37, 976 0x8e,0x0f,0x25,0x23, 0xdd,0xea,0x40,0x6f, 977 0xb3,0x07,0x7e,0x7a, 0x6b,0xa1,0xa1,0xcf, 978 0x24,0xd9,0xad,0x72, 0x7a,0x45,0x49,0xca, 979 0xfe,0xc7,0x2e,0x6d, 0xaa,0xc1,0x08,0x2c, 980 0xe6,0xde,0xde,0x73, 0x01,0x9c,0xdc,0x65, 981 0x3a,0xdf,0xc6,0x15, 0x37,0x62,0x0b,0x2c, 982 0x9a,0x36,0xed,0x37, 0xd9,0xfc,0xa9,0xb3, 983 0x32,0xc3,0xde,0x26, 0xe7,0xf0,0x3f,0x02, 984 0xed,0x35,0x74,0xea, 0xdd,0x32,0xe9,0x96, 985 0x75,0x66,0xb8,0xf0, 0x75,0x98,0x8f,0x3a, 986 0xd0,0xc2,0xa1,0x98, 0x5f,0xf9,0x32,0x31, 987 0x00,0x18,0x7d,0xc5, 0x9d,0x15,0x5b,0xdc, 988 0x13,0x37,0x69,0xfc, 0x95,0x7a,0x62,0x0e, 989 0x8a,0x86,0xed,0x18, 0x78,0x3c,0x49,0xf4, 990 0x18,0x73,0xcd,0x2e, 0x7b,0xa3,0x40,0xd7, 991 0x01,0xf6,0xc7,0x2a, 0xc5,0xce,0x13,0x09, 992 0xb1,0xe5,0x25,0x17, 0xdf,0x9d,0x7e,0x0b, 993 0x50,0x46,0x62,0x78, 0xb5,0x25,0xb2,0xd9, 994 0x65,0xfa,0x5b,0xf7, 0xfe,0xc6,0xe0,0x7b, 995 0x7b,0x4e,0x14,0x2e, 0x0d,0x3a,0xd0,0xe0, 996 0xa0,0xd2,0xeb,0x4d, 0x87,0x11,0x42,0x28, 997 0x02,0x7e,0xa8,0x56, 0x5b,0x53,0xbd,0x76, 998 0x47,0x8f,0x5f,0x8b, 0xc7,0xd9,0x72,0xf7, 999 0x11,0xbb,0x94,0xdb, 0x0d,0x07,0xb7,0x0a, 1000 0xcc,0x41,0x00,0xcd, 0xd0,0x50,0x25,0x31, 1001 0xc9,0x47,0x6b,0xdd, 0x3f,0x70,0x24,0x3e, 1002 0xde,0x02,0x62,0x6c, 0xb4,0x44,0x92,0x8e, 1003 0x98,0x9c,0x0e,0x30, 0x2f,0x80,0xb9,0x5e, 1004 0x75,0x90,0xa6,0x02, 0xf0,0xed,0xb0,0x8b, 1005 0x44,0xa3,0x59,0x2d, 0xc3,0x08,0xe5,0xd9, 1006 0x89,0x6a,0x71,0x44, 0x04,0xc4,0xb2,0x61, 1007 0x5b,0xf5,0x46,0x44, 0xdc,0x36,0x2e,0xfd, 1008 0x41,0xf5,0xa1,0x3a, 0xb3,0x93,0x74,0x7d, 1009 0x54,0x5e,0x64,0xdc, 0xbc,0xd7,0x07,0x48, 1010 0x3e,0x73,0x81,0x22, 0x9c,0x5a,0xf6,0xde, 1011 0x94,0x42,0xe1,0x6c, 0x92,0xe7,0x6d,0xa0, 1012 0x5e,0xc3,0xd6,0xe9, 0x84,0xd9,0xba,0x57, 1013 0xef,0x85,0x6a,0x9b, 0xe6,0x9a,0x2b,0xf8, 1014 0x8d,0xfe,0x9d,0xad, 0x70,0x26,0x05,0x14, 1015 0x45,0x07,0xcb,0x72, 0xd4,0x8b,0x14,0x44, 1016 0x74,0x40,0x9c,0x29, 0x8b,0xba,0x40,0x09, 1017 0x52,0xfc,0xc5,0x40, 0xb1,0x25,0x69,0xaa, 1018 0x8f,0x12,0xc4,0xc6, 0x2b,0x3f,0x73,0x9d, 1019 0xff,0x52,0xd4,0xac, 0x77,0x43,0xdc,0xd2, 1020 0x06,0x9a,0x1b,0xfc, 0x0c,0x8f,0x6b,0x59, 1021 0xa5,0xd4,0xde,0x06, 0x16,0x34,0xef,0x75, 1022 0x22,0x54,0x9c,0x53, 0x38,0x0b,0x57,0xc7, 1023 0xaa,0x78,0x2d,0x3a, 0x9b,0xdd,0xed,0xb5, 1024 0x0b,0xb0,0x08,0x5f, 0x57,0xdb,0xfc,0xbe, 1025 0x44,0xfd,0x71,0x5f, 0x71,0x14,0xd5,0x14, 1026 0x70,0xb6,0xee,0xd0, 0xf3,0x37,0x6f,0x57, 1027 0x55,0x3c,0x7c,0x23, 0x6f,0xbe,0x83,0x5c, 1028 0xb5,0x64,0xfd,0x6d, 0x7c,0xe4,0x05,0x2b, 1029 0xdb,0xc4,0xf5,0xa0, 0xd3,0xa6,0x15,0x48, 1030 0xc2,0x50,0xf8,0xf7, 0xc2,0xab,0xb5,0x6a, 1031 0x0d,0x1a,0xb5,0x30, 0x33,0xf8,0x12,0x2d, 1032 0xfb,0xa6,0x2e,0xe5, 0xbe,0x40,0xba,0x48, 1033 0xef,0x05,0xc8,0x37, 0x3a,0x36,0xad,0x99, 1034 0x77,0x87,0x84,0xac, 0xd8,0xcb,0x7a,0x88, 1035 0x3e,0x2d,0x8b,0xbe, 0x9a,0x35,0x88,0x26, 1036 0xe9,0x20,0xd4,0x66, 0x80,0x8b,0xf8,0x54, 1037 0xba,0xcd,0xa8,0x47, 0x35,0x1b,0xc4,0x09, 1038 0x6d,0xff,0x0e,0x60, 0x7c,0xf3,0x68,0xbf, 1039 0xe3,0xe9,0x73,0x07, 0x84,0xf0,0x08,0x45, 1040 0x97,0x65,0x94,0xd1, 0x35,0x4e,0x67,0x0c, 1041 0xe3,0xb7,0x61,0x7b, 0x09,0x22,0xed,0x18, 1042 0xee,0x0b,0x54,0xc0, 0xab,0x8b,0xaa,0x71, 1043 0x4c,0x40,0xbf,0xf7, 0xe0,0x7e,0x08,0xaa, 1044 }, 1045 .mlen = 1024, 1046 .m = { 1047 0x1d,0xea,0xe5,0x2b, 0x4c,0x22,0x4d,0xf3, 1048 0x15,0x53,0xcb,0x41, 0xf5,0xcf,0x0b,0x7b, 1049 0xc9,0x80,0xc0,0x95, 0xd2,0x7b,0x08,0x4b, 1050 0x3d,0xcd,0xd8,0x3b, 0x2f,0x18,0xd4,0x70, 1051 0x38,0xb2,0xa7,0x2f, 0x7f,0xba,0xd8,0xed, 1052 0xbc,0x8f,0xac,0xe4, 0xe2,0x11,0x2d,0x6d, 1053 0xe6,0xa4,0x36,0x90, 0xc2,0x7f,0xdf,0xe3, 1054 0xdc,0x50,0xdb,0x6c, 0x56,0xcf,0x7d,0xd6, 1055 0xd0,0xcb,0xd6,0x9b, 0x01,0xbb,0xef,0x1c, 1056 0x0a,0x6c,0x92,0x23, 0xeb,0x77,0xf9,0xd1, 1057 0x25,0xdc,0x94,0x30, 0x30,0xa4,0x96,0x3e, 1058 0xdf,0x52,0x4c,0xe7, 0xdf,0x27,0x9f,0x73, 1059 0x78,0x0c,0x8c,0x7f, 0x9d,0xae,0x79,0x5d, 1060 0x91,0x5e,0x4b,0x02, 0xa9,0x31,0x9c,0xff, 1061 0x46,0x73,0xec,0x0d, 0x5a,0xb8,0xeb,0x48, 1062 0x19,0x9c,0x44,0xe0, 0xc8,0x81,0x96,0x4c, 1063 0x47,0x0c,0xe7,0x1d, 0x2a,0x9c,0xd5,0xe0, 1064 0xe7,0xd6,0xa0,0x88, 0xf0,0xf6,0xda,0xa7, 1065 0x6a,0xdd,0xfd,0x4f, 0x00,0x6e,0x25,0x7d, 1066 0xb9,0x81,0x19,0x2f, 0x4e,0xcc,0x8d,0x6e, 1067 0xa6,0x92,0xcf,0xd8, 0x6e,0x78,0x0a,0xf6, 1068 0x8a,0x43,0xeb,0x60, 0x0c,0x8b,0x93,0x50, 1069 0x88,0xd1,0x67,0x05, 0x0c,0xdc,0x43,0x85, 1070 0x50,0x91,0x63,0xa4, 0x32,0x14,0x66,0x84, 1071 0xdb,0x04,0x9f,0x77, 0x95,0x60,0x19,0xc6, 1072 0x98,0x60,0x62,0xe4, 0xc6,0xee,0x70,0x76, 1073 0xb0,0x59,0x80,0x59, 0x46,0xae,0x99,0x26, 1074 0x62,0x4a,0xf0,0x45, 0x8f,0xf0,0x70,0x5b, 1075 0x52,0xfc,0xee,0x4d, 0x30,0x47,0xc8,0xae, 1076 0xe2,0xbc,0x2c,0x73, 0x78,0x67,0xf1,0x00, 1077 0xb4,0xda,0x01,0xad, 0x3b,0xc4,0x5c,0x6c, 1078 0x65,0xca,0x84,0x22, 0x95,0x32,0x95,0x20, 1079 0x4d,0xdc,0x96,0x2e, 0x61,0xe4,0xc8,0xec, 1080 0x2d,0xbf,0xc1,0x5d, 0x70,0xf9,0x75,0xf2, 1081 0xad,0x0a,0xc9,0xd7, 0x0a,0x81,0x3c,0xa1, 1082 0x13,0xec,0x63,0xd4, 0xd0,0x67,0xf4,0xcc, 1083 0x6e,0xb8,0x52,0x08, 0x46,0xc9,0x2a,0x92, 1084 0x59,0xd9,0x14,0x17, 0xde,0x2f,0xc7,0x36, 1085 0xd5,0xd5,0xfc,0x8a, 0x63,0xd5,0x5f,0xe3, 1086 0xdd,0x55,0x00,0x8e, 0x5e,0xc9,0xed,0x04, 1087 0x1d,0xeb,0xae,0xc5, 0xd0,0xf9,0x73,0x28, 1088 0xf3,0x81,0xd5,0xb4, 0x60,0xb2,0x42,0x81, 1089 0x68,0xf3,0xb9,0x73, 0x07,0x2e,0x34,0x8e, 1090 0x47,0x12,0xae,0x7c, 0xa8,0xc2,0xce,0xad, 1091 0x0f,0x6e,0x44,0xa5, 0x35,0x5e,0x61,0x6b, 1092 0xfc,0x67,0x9c,0x82, 0xa1,0xd2,0xff,0xfe, 1093 0x60,0x7c,0x40,0x02, 0x24,0x9e,0x8b,0x90, 1094 0xa0,0x89,0xd9,0x83, 0x04,0xd8,0xef,0x9c, 1095 0x96,0x28,0x77,0x3e, 0xe3,0xb0,0xf8,0x3d, 1096 0xfb,0x91,0x8f,0x6f, 0x83,0x58,0x1e,0x4b, 1097 0x64,0xc7,0xf6,0xe0, 0x85,0x03,0xe3,0xf9, 1098 0x6b,0xc9,0x9e,0x9d, 0x57,0x25,0xe4,0x69, 1099 0x08,0x59,0x28,0x4a, 0x52,0x9c,0x49,0x19, 1100 0x24,0x49,0xba,0xb1, 0x82,0xd4,0xcf,0xd0, 1101 0x1e,0x1d,0xc2,0x02, 0x42,0x4e,0xdf,0xf7, 1102 0x2b,0x3d,0x99,0xf6, 0x99,0xa4,0x3a,0xe1, 1103 0x9d,0x68,0xc8,0x08, 0xec,0xec,0x1c,0xa8, 1104 0x41,0x4a,0x27,0x84, 0xe9,0x0d,0x95,0x54, 1105 0x1a,0xca,0x5f,0x5d, 0x5a,0x96,0xb9,0x5b, 1106 0x6e,0xbc,0x39,0x7f, 0x7a,0x20,0xc5,0xb2, 1107 0x60,0x0c,0xa3,0x78, 0xc3,0x2b,0x87,0xcc, 1108 0xea,0xb0,0x4d,0x27, 0xfb,0x6c,0x58,0x51, 1109 0xce,0x90,0xca,0xd6, 0x86,0x91,0x4d,0x2c, 1110 0x8c,0x82,0xf0,0xc9, 0x9a,0x0a,0x73,0xb3, 1111 0xcb,0xa9,0xd4,0x26, 0x4d,0x74,0xbe,0x0e, 1112 0x4a,0x6e,0x10,0xeb, 0x4e,0xba,0x4e,0xba, 1113 0x0d,0x26,0x69,0x87, 0x5e,0x08,0x2b,0x43, 1114 0xbe,0x97,0x4e,0x2a, 0x63,0xbc,0x52,0xb7, 1115 0xda,0x23,0x23,0x11, 0xfa,0xcf,0x89,0xac, 1116 0x90,0x5f,0x60,0x7a, 0x50,0xb7,0xbe,0x79, 1117 0x0b,0x2c,0xf0,0x27, 0xf0,0xfb,0xaf,0x64, 1118 0xc8,0x57,0x7c,0xeb, 0x1c,0xf7,0x36,0xec, 1119 0x09,0x97,0x66,0x31, 0x54,0xe4,0x00,0xcf, 1120 0x68,0x24,0x77,0x1a, 0xbc,0x27,0x3a,0xad, 1121 0x8a,0x01,0x7e,0x45, 0xe7,0xe4,0xa4,0xeb, 1122 0x38,0x62,0x9d,0x90, 0xea,0x00,0x9c,0x03, 1123 0x5e,0xb2,0x7d,0xd8, 0x2f,0xe9,0xc9,0x3c, 1124 0x1a,0x5c,0x21,0x1a, 0x59,0x45,0x62,0x47, 1125 0x93,0x1b,0xdc,0xd8, 0x3e,0x07,0x8b,0x75, 1126 0xd0,0x6d,0xcc,0x8d, 0xec,0x79,0xa8,0x9a, 1127 0x51,0xa5,0x50,0x18, 0xae,0x44,0x93,0x75, 1128 0xc1,0xc8,0x1e,0x10, 0x59,0x1e,0x0b,0xb3, 1129 0x06,0x30,0xa8,0x66, 0x8d,0x8e,0xd6,0x4d, 1130 0x0d,0x8a,0xb4,0x28, 0xdc,0xfb,0x5d,0x59, 1131 0xe0,0x92,0x77,0x38, 0xfa,0xad,0x46,0x46, 1132 0x25,0x15,0x4c,0xca, 0x09,0x2b,0x31,0xe9, 1133 0x36,0xe8,0xc2,0x67, 0x34,0x4d,0x5e,0xa0, 1134 0x8f,0x9a,0xe8,0x7f, 0xf2,0x2a,0x92,0x78, 1135 0xde,0x09,0x75,0xe7, 0xe5,0x50,0x0a,0x2e, 1136 0x88,0x63,0xc0,0x8f, 0xa8,0x73,0x0f,0xe5, 1137 0x1e,0x9d,0xdb,0xce, 0x53,0xe0,0x42,0x94, 1138 0x7b,0x5c,0xa1,0x5e, 0x1e,0x8f,0x0a,0x6e, 1139 0x8b,0x1a,0xad,0x93, 0x70,0x86,0xf1,0x69, 1140 0x70,0x93,0x24,0xe3, 0x83,0x2f,0xa8,0x04, 1141 0xba,0x27,0x0a,0x2e, 0x03,0xeb,0x69,0xd9, 1142 0x56,0x0e,0xc4,0x10, 0x55,0x31,0x2c,0x3f, 1143 0xd1,0xb2,0x94,0x0f, 0x28,0x15,0x3c,0x02, 1144 0x15,0x5e,0xec,0x26, 0x9c,0xc3,0xfc,0xa7, 1145 0x5c,0xb0,0xfa,0xc0, 0x02,0xf9,0x01,0x3f, 1146 0x01,0x73,0x24,0x22, 0x50,0x28,0x2a,0xca, 1147 0xb1,0xf2,0x03,0x00, 0x2f,0xc6,0x6f,0x28, 1148 0x4f,0x4b,0x4f,0x1a, 0x9a,0xb8,0x16,0x93, 1149 0x31,0x60,0x7c,0x3d, 0x35,0xc8,0xd6,0x90, 1150 0xde,0x8c,0x89,0x39, 0xbd,0x21,0x11,0x05, 1151 0xe8,0xc4,0x04,0x3b, 0x65,0xa5,0x15,0xcf, 1152 0xcf,0x15,0x14,0xf6, 0xe7,0x2e,0x3c,0x47, 1153 0x59,0x0b,0xaa,0xc0, 0xd4,0xab,0x04,0x14, 1154 0x9c,0xd7,0xe2,0x43, 0xc7,0x87,0x09,0x03, 1155 0x27,0xd2,0x0a,0xff, 0x8d,0xd5,0x80,0x34, 1156 0x93,0xa2,0x2c,0xb1, 0x4e,0x16,0x2d,0x82, 1157 0x51,0x5c,0x3c,0xe5, 0x75,0x51,0x7b,0xb4, 1158 0xd8,0x1e,0x59,0x98, 0x0f,0x75,0xed,0x02, 1159 0x1c,0x13,0xf6,0x02, 0xda,0xf9,0x47,0xf7, 1160 0x45,0x25,0x0f,0x58, 0x22,0x5d,0xef,0xf0, 1161 0x1b,0xdb,0xae,0xaf, 0xbe,0xc6,0xe1,0xcd, 1162 0x70,0x46,0x6e,0x03, 0x9a,0x20,0x77,0x00, 1163 0x3c,0x32,0xb5,0x8f, 0x04,0xb6,0x6f,0xa2, 1164 0x31,0xc9,0x7c,0xf9, 0x84,0x67,0x87,0xfb, 1165 0x7b,0x13,0xb0,0x4d, 0x35,0xfd,0x37,0x5b, 1166 0xf4,0x25,0xf0,0x02, 0x74,0xa0,0x69,0xd4, 1167 0x53,0x61,0x4b,0x54, 0x68,0x94,0x0e,0x08, 1168 0x25,0x82,0x90,0xfc, 0x25,0xb6,0x63,0xe2, 1169 0x07,0x9f,0x42,0xf1, 0xbb,0x33,0xea,0xab, 1170 0x92,0x54,0x2b,0x9f, 0x88,0xc0,0x31,0x2b, 1171 0xfd,0x36,0x50,0x80, 0xfc,0x1a,0xff,0xab, 1172 0xe8,0xc4,0x7f,0xb6, 0x98,0xb9,0x2e,0x17, 1173 0xca,0x28,0x3d,0xdf, 0x0f,0x07,0x43,0x20, 1174 0xf0,0x07,0xea,0xe5, 0xcd,0x4e,0x81,0x34, 1175 }, 1176 .h = { 1177 0x9d,0x22,0x88,0xfd, 0x41,0x43,0x88,0x45, 1178 0x34,0xfe,0x85,0xc4, 0xb9,0xff,0xe1,0x55, 1179 0x40,0x1d,0x25,0x37, 0xd1,0xf8,0xfc,0x2b, 1180 0x3a,0xf5,0x3b,0x69, 0xbf,0xa6,0x9d,0xed, 1181 }, 1182 }, 1183 }; 1184 static uint32_t k[268]; 1185 uint8_t h[32]; 1186 unsigned i, j; 1187 int result = 0; 1188 1189 for (i = 0; i < __arraycount(C); i++) { 1190 for (j = 0; j < 268; j++) 1191 k[j] = le32dec(C[i].k + 4*j); 1192 nh(h, C[i].m, C[i].mlen, k); 1193 if (memcmp(h, C[i].h, 32)) { 1194 char prefix[10]; 1195 snprintf(prefix, sizeof prefix, "nh %u", i); 1196 hexdump(printf, prefix, h, 32); 1197 result = -1; 1198 } 1199 } 1200 1201 return result; 1202 } 1203 1204 /* https://github.com/google/adiantum/blob/a5ad5134ab11b10a3ee982c52385953fac88fedc/test_vectors/ours/NHPoly1305/NHPoly1305.json */ 1206 static int 1207 nhpoly1305_selftest(void) 1208 { 1209 static const struct { 1210 uint8_t k[1088]; 1211 unsigned mlen; 1212 uint8_t m[1024]; 1213 uint8_t h[16]; 1214 } C[] = { 1215 [0] = { /* 0-byte message */ 1216 .k = { 1217 /* Poly1305 key */ 1218 0xd2,0x5d,0x4c,0xdd, 0x8d,0x2b,0x7f,0x7a, 1219 0xd9,0xbe,0x71,0xec, 0xd1,0x83,0x52,0xe3, 1220 1221 /* NH key */ 1222 0xe1,0xad,0xd7,0x5c, 0x0a,0x75,0x9d,0xec, 1223 0x1d,0x13,0x7e,0x5d, 0x71,0x07,0xc9,0xe4, 1224 0x57,0x2d,0x44,0x68, 0xcf,0xd8,0xd6,0xc5, 1225 0x39,0x69,0x7d,0x32, 0x75,0x51,0x4f,0x7e, 1226 0xb2,0x4c,0xc6,0x90, 0x51,0x6e,0xd9,0xd6, 1227 0xa5,0x8b,0x2d,0xf1, 0x94,0xf9,0xf7,0x5e, 1228 0x2c,0x84,0x7b,0x41, 0x0f,0x88,0x50,0x89, 1229 0x30,0xd9,0xa1,0x38, 0x46,0x6c,0xc0,0x4f, 1230 0xe8,0xdf,0xdc,0x66, 0xab,0x24,0x43,0x41, 1231 0x91,0x55,0x29,0x65, 0x86,0x28,0x5e,0x45, 1232 0xd5,0x2d,0xb7,0x80, 0x08,0x9a,0xc3,0xd4, 1233 0x9a,0x77,0x0a,0xd4, 0xef,0x3e,0xe6,0x3f, 1234 0x6f,0x2f,0x9b,0x3a, 0x7d,0x12,0x1e,0x80, 1235 0x6c,0x44,0xa2,0x25, 0xe1,0xf6,0x60,0xe9, 1236 0x0d,0xaf,0xc5,0x3c, 0xa5,0x79,0xae,0x64, 1237 0xbc,0xa0,0x39,0xa3, 0x4d,0x10,0xe5,0x4d, 1238 0xd5,0xe7,0x89,0x7a, 0x13,0xee,0x06,0x78, 1239 0xdc,0xa4,0xdc,0x14, 0x27,0xe6,0x49,0x38, 1240 0xd0,0xe0,0x45,0x25, 0x36,0xc5,0xf4,0x79, 1241 0x2e,0x9a,0x98,0x04, 0xe4,0x2b,0x46,0x52, 1242 0x7c,0x33,0xca,0xe2, 0x56,0x51,0x50,0xe2, 1243 0xa5,0x9a,0xae,0x18, 0x6a,0x13,0xf8,0xd2, 1244 0x21,0x31,0x66,0x02, 0xe2,0xda,0x8d,0x7e, 1245 0x41,0x19,0xb2,0x61, 0xee,0x48,0x8f,0xf1, 1246 0x65,0x24,0x2e,0x1e, 0x68,0xce,0x05,0xd9, 1247 0x2a,0xcf,0xa5,0x3a, 0x57,0xdd,0x35,0x91, 1248 0x93,0x01,0xca,0x95, 0xfc,0x2b,0x36,0x04, 1249 0xe6,0x96,0x97,0x28, 0xf6,0x31,0xfe,0xa3, 1250 0x9d,0xf6,0x6a,0x1e, 0x80,0x8d,0xdc,0xec, 1251 0xaf,0x66,0x11,0x13, 0x02,0x88,0xd5,0x27, 1252 0x33,0xb4,0x1a,0xcd, 0xa3,0xf6,0xde,0x31, 1253 0x8e,0xc0,0x0e,0x6c, 0xd8,0x5a,0x97,0x5e, 1254 0xdd,0xfd,0x60,0x69, 0x38,0x46,0x3f,0x90, 1255 0x5e,0x97,0xd3,0x32, 0x76,0xc7,0x82,0x49, 1256 0xfe,0xba,0x06,0x5f, 0x2f,0xa2,0xfd,0xff, 1257 0x80,0x05,0x40,0xe4, 0x33,0x03,0xfb,0x10, 1258 0xc0,0xde,0x65,0x8c, 0xc9,0x8d,0x3a,0x9d, 1259 0xb5,0x7b,0x36,0x4b, 0xb5,0x0c,0xcf,0x00, 1260 0x9c,0x87,0xe4,0x49, 0xad,0x90,0xda,0x4a, 1261 0xdd,0xbd,0xff,0xe2, 0x32,0x57,0xd6,0x78, 1262 0x36,0x39,0x6c,0xd3, 0x5b,0x9b,0x88,0x59, 1263 0x2d,0xf0,0x46,0xe4, 0x13,0x0e,0x2b,0x35, 1264 0x0d,0x0f,0x73,0x8a, 0x4f,0x26,0x84,0x75, 1265 0x88,0x3c,0xc5,0x58, 0x66,0x18,0x1a,0xb4, 1266 0x64,0x51,0x34,0x27, 0x1b,0xa4,0x11,0xc9, 1267 0x6d,0x91,0x8a,0xfa, 0x32,0x60,0x9d,0xd7, 1268 0x87,0xe5,0xaa,0x43, 0x72,0xf8,0xda,0xd1, 1269 0x48,0x44,0x13,0x61, 0xdc,0x8c,0x76,0x17, 1270 0x0c,0x85,0x4e,0xf3, 0xdd,0xa2,0x42,0xd2, 1271 0x74,0xc1,0x30,0x1b, 0xeb,0x35,0x31,0x29, 1272 0x5b,0xd7,0x4c,0x94, 0x46,0x35,0xa1,0x23, 1273 0x50,0xf2,0xa2,0x8e, 0x7e,0x4f,0x23,0x4f, 1274 0x51,0xff,0xe2,0xc9, 0xa3,0x7d,0x56,0x8b, 1275 0x41,0xf2,0xd0,0xc5, 0x57,0x7e,0x59,0xac, 1276 0xbb,0x65,0xf3,0xfe, 0xf7,0x17,0xef,0x63, 1277 0x7c,0x6f,0x23,0xdd, 0x22,0x8e,0xed,0x84, 1278 0x0e,0x3b,0x09,0xb3, 0xf3,0xf4,0x8f,0xcd, 1279 0x37,0xa8,0xe1,0xa7, 0x30,0xdb,0xb1,0xa2, 1280 0x9c,0xa2,0xdf,0x34, 0x17,0x3e,0x68,0x44, 1281 0xd0,0xde,0x03,0x50, 0xd1,0x48,0x6b,0x20, 1282 0xe2,0x63,0x45,0xa5, 0xea,0x87,0xc2,0x42, 1283 0x95,0x03,0x49,0x05, 0xed,0xe0,0x90,0x29, 1284 0x1a,0xb8,0xcf,0x9b, 0x43,0xcf,0x29,0x7a, 1285 0x63,0x17,0x41,0x9f, 0xe0,0xc9,0x10,0xfd, 1286 0x2c,0x56,0x8c,0x08, 0x55,0xb4,0xa9,0x27, 1287 0x0f,0x23,0xb1,0x05, 0x6a,0x12,0x46,0xc7, 1288 0xe1,0xfe,0x28,0x93, 0x93,0xd7,0x2f,0xdc, 1289 0x98,0x30,0xdb,0x75, 0x8a,0xbe,0x97,0x7a, 1290 0x02,0xfb,0x8c,0xba, 0xbe,0x25,0x09,0xbe, 1291 0xce,0xcb,0xa2,0xef, 0x79,0x4d,0x0e,0x9d, 1292 0x1b,0x9d,0xb6,0x39, 0x34,0x38,0xfa,0x07, 1293 0xec,0xe8,0xfc,0x32, 0x85,0x1d,0xf7,0x85, 1294 0x63,0xc3,0x3c,0xc0, 0x02,0x75,0xd7,0x3f, 1295 0xb2,0x68,0x60,0x66, 0x65,0x81,0xc6,0xb1, 1296 0x42,0x65,0x4b,0x4b, 0x28,0xd7,0xc7,0xaa, 1297 0x9b,0xd2,0xdc,0x1b, 0x01,0xe0,0x26,0x39, 1298 0x01,0xc1,0x52,0x14, 0xd1,0x3f,0xb7,0xe6, 1299 0x61,0x41,0xc7,0x93, 0xd2,0xa2,0x67,0xc6, 1300 0xf7,0x11,0xb5,0xf5, 0xea,0xdd,0x19,0xfb, 1301 0x4d,0x21,0x12,0xd6, 0x7d,0xf1,0x10,0xb0, 1302 0x89,0x07,0xc7,0x5a, 0x52,0x73,0x70,0x2f, 1303 0x32,0xef,0x65,0x2b, 0x12,0xb2,0xf0,0xf5, 1304 0x20,0xe0,0x90,0x59, 0x7e,0x64,0xf1,0x4c, 1305 0x41,0xb3,0xa5,0x91, 0x08,0xe6,0x5e,0x5f, 1306 0x05,0x56,0x76,0xb4, 0xb0,0xcd,0x70,0x53, 1307 0x10,0x48,0x9c,0xff, 0xc2,0x69,0x55,0x24, 1308 0x87,0xef,0x84,0xea, 0xfb,0xa7,0xbf,0xa0, 1309 0x91,0x04,0xad,0x4f, 0x8b,0x57,0x54,0x4b, 1310 0xb6,0xe9,0xd1,0xac, 0x37,0x2f,0x1d,0x2e, 1311 0xab,0xa5,0xa4,0xe8, 0xff,0xfb,0xd9,0x39, 1312 0x2f,0xb7,0xac,0xd1, 0xfe,0x0b,0x9a,0x80, 1313 0x0f,0xb6,0xf4,0x36, 0x39,0x90,0x51,0xe3, 1314 0x0a,0x2f,0xb6,0x45, 0x76,0x89,0xcd,0x61, 1315 0xfe,0x48,0x5f,0x75, 0x1d,0x13,0x00,0x62, 1316 0x80,0x24,0x47,0xe7, 0xbc,0x37,0xd7,0xe3, 1317 0x15,0xe8,0x68,0x22, 0xaf,0x80,0x6f,0x4b, 1318 0xa8,0x9f,0x01,0x10, 0x48,0x14,0xc3,0x02, 1319 0x52,0xd2,0xc7,0x75, 0x9b,0x52,0x6d,0x30, 1320 0xac,0x13,0x85,0xc8, 0xf7,0xa3,0x58,0x4b, 1321 0x49,0xf7,0x1c,0x45, 0x55,0x8c,0x39,0x9a, 1322 0x99,0x6d,0x97,0x27, 0x27,0xe6,0xab,0xdd, 1323 0x2c,0x42,0x1b,0x35, 0xdd,0x9d,0x73,0xbb, 1324 0x6c,0xf3,0x64,0xf1, 0xfb,0xb9,0xf7,0xe6, 1325 0x4a,0x3c,0xc0,0x92, 0xc0,0x2e,0xb7,0x1a, 1326 0xbe,0xab,0xb3,0x5a, 0xe5,0xea,0xb1,0x48, 1327 0x58,0x13,0x53,0x90, 0xfd,0xc3,0x8e,0x54, 1328 0xf9,0x18,0x16,0x73, 0xe8,0xcb,0x6d,0x39, 1329 0x0e,0xd7,0xe0,0xfe, 0xb6,0x9f,0x43,0x97, 1330 0xe8,0xd0,0x85,0x56, 0x83,0x3e,0x98,0x68, 1331 0x7f,0xbd,0x95,0xa8, 0x9a,0x61,0x21,0x8f, 1332 0x06,0x98,0x34,0xa6, 0xc8,0xd6,0x1d,0xf3, 1333 0x3d,0x43,0xa4,0x9a, 0x8c,0xe5,0xd3,0x5a, 1334 0x32,0xa2,0x04,0x22, 0xa4,0x19,0x1a,0x46, 1335 0x42,0x7e,0x4d,0xe5, 0xe0,0xe6,0x0e,0xca, 1336 0xd5,0x58,0x9d,0x2c, 0xaf,0xda,0x33,0x5c, 1337 0xb0,0x79,0x9e,0xc9, 0xfc,0xca,0xf0,0x2f, 1338 0xa8,0xb2,0x77,0xeb, 0x7a,0xa2,0xdd,0x37, 1339 0x35,0x83,0x07,0xd6, 0x02,0x1a,0xb6,0x6c, 1340 0x24,0xe2,0x59,0x08, 0x0e,0xfd,0x3e,0x46, 1341 0xec,0x40,0x93,0xf4, 0x00,0x26,0x4f,0x2a, 1342 0xff,0x47,0x2f,0xeb, 0x02,0x92,0x26,0x5b, 1343 0x53,0x17,0xc2,0x8d, 0x2a,0xc7,0xa3,0x1b, 1344 0xcd,0xbc,0xa7,0xe8, 0xd1,0x76,0xe3,0x80, 1345 0x21,0xca,0x5d,0x3b, 0xe4,0x9c,0x8f,0xa9, 1346 0x5b,0x7f,0x29,0x7f, 0x7c,0xd8,0xed,0x6d, 1347 0x8c,0xb2,0x86,0x85, 0xe7,0x77,0xf2,0x85, 1348 0xab,0x38,0xa9,0x9d, 0xc1,0x4e,0xc5,0x64, 1349 0x33,0x73,0x8b,0x59, 0x03,0xad,0x05,0xdf, 1350 0x25,0x98,0x31,0xde, 0xef,0x13,0xf1,0x9b, 1351 0x3c,0x91,0x9d,0x7b, 0xb1,0xfa,0xe6,0xbf, 1352 0x5b,0xed,0xa5,0x55, 0xe6,0xea,0x6c,0x74, 1353 0xf4,0xb9,0xe4,0x45, 0x64,0x72,0x81,0xc2, 1354 0x4c,0x28,0xd4,0xcd, 0xac,0xe2,0xde,0xf9, 1355 0xeb,0x5c,0xeb,0x61, 0x60,0x5a,0xe5,0x28, 1356 }, 1357 .mlen = 0, 1358 .h = {0}, 1359 }, 1360 [1] = { /* 16-byte message */ 1361 .k = { 1362 /* Poly1305 key */ 1363 0x29,0x21,0x43,0xcb, 0xcb,0x13,0x07,0xde, 1364 0xbf,0x48,0xdf,0x8a, 0x7f,0xa2,0x84,0xde, 1365 1366 /* NH key */ 1367 0x72,0x23,0x9d,0xf5, 0xf0,0x07,0xf2,0x4c, 1368 0x20,0x3a,0x93,0xb9, 0xcd,0x5d,0xfe,0xcb, 1369 0x99,0x2c,0x2b,0x58, 0xc6,0x50,0x5f,0x94, 1370 0x56,0xc3,0x7c,0x0d, 0x02,0x3f,0xb8,0x5e, 1371 0x7b,0xc0,0x6c,0x51, 0x34,0x76,0xc0,0x0e, 1372 0xc6,0x22,0xc8,0x9e, 0x92,0xa0,0x21,0xc9, 1373 0x85,0x5c,0x7c,0xf8, 0xe2,0x64,0x47,0xc9, 1374 0xe4,0xa2,0x57,0x93, 0xf8,0xa2,0x69,0xcd, 1375 0x62,0x98,0x99,0xf4, 0xd7,0x7b,0x14,0xb1, 1376 0xd8,0x05,0xff,0x04, 0x15,0xc9,0xe1,0x6e, 1377 0x9b,0xe6,0x50,0x6b, 0x0b,0x3f,0x22,0x1f, 1378 0x08,0xde,0x0c,0x5b, 0x08,0x7e,0xc6,0x2f, 1379 0x6c,0xed,0xd6,0xb2, 0x15,0xa4,0xb3,0xf9, 1380 0xa7,0x46,0x38,0x2a, 0xea,0x69,0xa5,0xde, 1381 0x02,0xc3,0x96,0x89, 0x4d,0x55,0x3b,0xed, 1382 0x3d,0x3a,0x85,0x77, 0xbf,0x97,0x45,0x5c, 1383 0x9e,0x02,0x69,0xe2, 0x1b,0x68,0xbe,0x96, 1384 0xfb,0x64,0x6f,0x0f, 0xf6,0x06,0x40,0x67, 1385 0xfa,0x04,0xe3,0x55, 0xfa,0xbe,0xa4,0x60, 1386 0xef,0x21,0x66,0x97, 0xe6,0x9d,0x5c,0x1f, 1387 0x62,0x37,0xaa,0x31, 0xde,0xe4,0x9c,0x28, 1388 0x95,0xe0,0x22,0x86, 0xf4,0x4d,0xf3,0x07, 1389 0xfd,0x5f,0x3a,0x54, 0x2c,0x51,0x80,0x71, 1390 0xba,0x78,0x69,0x5b, 0x65,0xab,0x1f,0x81, 1391 0xed,0x3b,0xff,0x34, 0xa3,0xfb,0xbc,0x73, 1392 0x66,0x7d,0x13,0x7f, 0xdf,0x6e,0xe2,0xe2, 1393 0xeb,0x4f,0x6c,0xda, 0x7d,0x33,0x57,0xd0, 1394 0xd3,0x7c,0x95,0x4f, 0x33,0x58,0x21,0xc7, 1395 0xc0,0xe5,0x6f,0x42, 0x26,0xc6,0x1f,0x5e, 1396 0x85,0x1b,0x98,0x9a, 0xa2,0x1e,0x55,0x77, 1397 0x23,0xdf,0x81,0x5e, 0x79,0x55,0x05,0xfc, 1398 0xfb,0xda,0xee,0xba, 0x5a,0xba,0xf7,0x77, 1399 0x7f,0x0e,0xd3,0xe1, 0x37,0xfe,0x8d,0x2b, 1400 0xd5,0x3f,0xfb,0xd0, 0xc0,0x3c,0x0b,0x3f, 1401 0xcf,0x3c,0x14,0xcf, 0xfb,0x46,0x72,0x4c, 1402 0x1f,0x39,0xe2,0xda, 0x03,0x71,0x6d,0x23, 1403 0xef,0x93,0xcd,0x39, 0xd9,0x37,0x80,0x4d, 1404 0x65,0x61,0xd1,0x2c, 0x03,0xa9,0x47,0x72, 1405 0x4d,0x1e,0x0e,0x16, 0x33,0x0f,0x21,0x17, 1406 0xec,0x92,0xea,0x6f, 0x37,0x22,0xa4,0xd8, 1407 0x03,0x33,0x9e,0xd8, 0x03,0x69,0x9a,0xe8, 1408 0xb2,0x57,0xaf,0x78, 0x99,0x05,0x12,0xab, 1409 0x48,0x90,0x80,0xf0, 0x12,0x9b,0x20,0x64, 1410 0x7a,0x1d,0x47,0x5f, 0xba,0x3c,0xf9,0xc3, 1411 0x0a,0x0d,0x8d,0xa1, 0xf9,0x1b,0x82,0x13, 1412 0x3e,0x0d,0xec,0x0a, 0x83,0xc0,0x65,0xe1, 1413 0xe9,0x95,0xff,0x97, 0xd6,0xf2,0xe4,0xd5, 1414 0x86,0xc0,0x1f,0x29, 0x27,0x63,0xd7,0xde, 1415 0xb7,0x0a,0x07,0x99, 0x04,0x2d,0xa3,0x89, 1416 0xa2,0x43,0xcf,0xf3, 0xe1,0x43,0xac,0x4a, 1417 0x06,0x97,0xd0,0x05, 0x4f,0x87,0xfa,0xf9, 1418 0x9b,0xbf,0x52,0x70, 0xbd,0xbc,0x6c,0xf3, 1419 0x03,0x13,0x60,0x41, 0x28,0x09,0xec,0xcc, 1420 0xb1,0x1a,0xec,0xd6, 0xfb,0x6f,0x2a,0x89, 1421 0x5d,0x0b,0x53,0x9c, 0x59,0xc1,0x84,0x21, 1422 0x33,0x51,0x47,0x19, 0x31,0x9c,0xd4,0x0a, 1423 0x4d,0x04,0xec,0x50, 0x90,0x61,0xbd,0xbc, 1424 0x7e,0xc8,0xd9,0x6c, 0x98,0x1d,0x45,0x41, 1425 0x17,0x5e,0x97,0x1c, 0xc5,0xa8,0xe8,0xea, 1426 0x46,0x58,0x53,0xf7, 0x17,0xd5,0xad,0x11, 1427 0xc8,0x54,0xf5,0x7a, 0x33,0x90,0xf5,0x19, 1428 0xba,0x36,0xb4,0xfc, 0x52,0xa5,0x72,0x3d, 1429 0x14,0xbb,0x55,0xa7, 0xe9,0xe3,0x12,0xf7, 1430 0x1c,0x30,0xa2,0x82, 0x03,0xbf,0x53,0x91, 1431 0x2e,0x60,0x41,0x9f, 0x5b,0x69,0x39,0xf6, 1432 0x4d,0xc8,0xf8,0x46, 0x7a,0x7f,0xa4,0x98, 1433 0x36,0xff,0x06,0xcb, 0xca,0xe7,0x33,0xf2, 1434 0xc0,0x4a,0xf4,0x3c, 0x14,0x44,0x5f,0x6b, 1435 0x75,0xef,0x02,0x36, 0x75,0x08,0x14,0xfd, 1436 0x10,0x8e,0xa5,0x58, 0xd0,0x30,0x46,0x49, 1437 0xaf,0x3a,0xf8,0x40, 0x3d,0x35,0xdb,0x84, 1438 0x11,0x2e,0x97,0x6a, 0xb7,0x87,0x7f,0xad, 1439 0xf1,0xfa,0xa5,0x63, 0x60,0xd8,0x5e,0xbf, 1440 0x41,0x78,0x49,0xcf, 0x77,0xbb,0x56,0xbb, 1441 0x7d,0x01,0x67,0x05, 0x22,0xc8,0x8f,0x41, 1442 0xba,0x81,0xd2,0xca, 0x2c,0x38,0xac,0x76, 1443 0x06,0xc1,0x1a,0xc2, 0xce,0xac,0x90,0x67, 1444 0x57,0x3e,0x20,0x12, 0x5b,0xd9,0x97,0x58, 1445 0x65,0x05,0xb7,0x04, 0x61,0x7e,0xd8,0x3a, 1446 0xbf,0x55,0x3b,0x13, 0xe9,0x34,0x5a,0x37, 1447 0x36,0xcb,0x94,0x45, 0xc5,0x32,0xb3,0xa0, 1448 0x0c,0x3e,0x49,0xc5, 0xd3,0xed,0xa7,0xf0, 1449 0x1c,0x69,0xcc,0xea, 0xcc,0x83,0xc9,0x16, 1450 0x95,0x72,0x4b,0xf4, 0x89,0xd5,0xb9,0x10, 1451 0xf6,0x2d,0x60,0x15, 0xea,0x3c,0x06,0x66, 1452 0x9f,0x82,0xad,0x17, 0xce,0xd2,0xa4,0x48, 1453 0x7c,0x65,0xd9,0xf8, 0x02,0x4d,0x9b,0x4c, 1454 0x89,0x06,0x3a,0x34, 0x85,0x48,0x89,0x86, 1455 0xf9,0x24,0xa9,0x54, 0x72,0xdb,0x44,0x95, 1456 0xc7,0x44,0x1c,0x19, 0x11,0x4c,0x04,0xdc, 1457 0x13,0xb9,0x67,0xc8, 0xc3,0x3a,0x6a,0x50, 1458 0xfa,0xd1,0xfb,0xe1, 0x88,0xb6,0xf1,0xa3, 1459 0xc5,0x3b,0xdc,0x38, 0x45,0x16,0x26,0x02, 1460 0x3b,0xb8,0x8f,0x8b, 0x58,0x7d,0x23,0x04, 1461 0x50,0x6b,0x81,0x9f, 0xae,0x66,0xac,0x6f, 1462 0xcf,0x2a,0x9d,0xf1, 0xfd,0x1d,0x57,0x07, 1463 0xbe,0x58,0xeb,0x77, 0x0c,0xe3,0xc2,0x19, 1464 0x14,0x74,0x1b,0x51, 0x1c,0x4f,0x41,0xf3, 1465 0x32,0x89,0xb3,0xe7, 0xde,0x62,0xf6,0x5f, 1466 0xc7,0x6a,0x4a,0x2a, 0x5b,0x0f,0x5f,0x87, 1467 0x9c,0x08,0xb9,0x02, 0x88,0xc8,0x29,0xb7, 1468 0x94,0x52,0xfa,0x52, 0xfe,0xaa,0x50,0x10, 1469 0xba,0x48,0x75,0x5e, 0x11,0x1b,0xe6,0x39, 1470 0xd7,0x82,0x2c,0x87, 0xf1,0x1e,0xa4,0x38, 1471 0x72,0x3e,0x51,0xe7, 0xd8,0x3e,0x5b,0x7b, 1472 0x31,0x16,0x89,0xba, 0xd6,0xad,0x18,0x5e, 1473 0xba,0xf8,0x12,0xb3, 0xf4,0x6c,0x47,0x30, 1474 0xc0,0x38,0x58,0xb3, 0x10,0x8d,0x58,0x5d, 1475 0xb4,0xfb,0x19,0x7e, 0x41,0xc3,0x66,0xb8, 1476 0xd6,0x72,0x84,0xe1, 0x1a,0xc2,0x71,0x4c, 1477 0x0d,0x4a,0x21,0x7a, 0xab,0xa2,0xc0,0x36, 1478 0x15,0xc5,0xe9,0x46, 0xd7,0x29,0x17,0x76, 1479 0x5e,0x47,0x36,0x7f, 0x72,0x05,0xa7,0xcc, 1480 0x36,0x63,0xf9,0x47, 0x7d,0xe6,0x07,0x3c, 1481 0x8b,0x79,0x1d,0x96, 0x61,0x8d,0x90,0x65, 1482 0x7c,0xf5,0xeb,0x4e, 0x6e,0x09,0x59,0x6d, 1483 0x62,0x50,0x1b,0x0f, 0xe0,0xdc,0x78,0xf2, 1484 0x5b,0x83,0x1a,0xa1, 0x11,0x75,0xfd,0x18, 1485 0xd7,0xe2,0x8d,0x65, 0x14,0x21,0xce,0xbe, 1486 0xb5,0x87,0xe3,0x0a, 0xda,0x24,0x0a,0x64, 1487 0xa9,0x9f,0x03,0x8d, 0x46,0x5d,0x24,0x1a, 1488 0x8a,0x0c,0x42,0x01, 0xca,0xb1,0x5f,0x7c, 1489 0xa5,0xac,0x32,0x4a, 0xb8,0x07,0x91,0x18, 1490 0x6f,0xb0,0x71,0x3c, 0xc9,0xb1,0xa8,0xf8, 1491 0x5f,0x69,0xa5,0xa1, 0xca,0x9e,0x7a,0xaa, 1492 0xac,0xe9,0xc7,0x47, 0x41,0x75,0x25,0xc3, 1493 0x73,0xe2,0x0b,0xdd, 0x6d,0x52,0x71,0xbe, 1494 0xc5,0xdc,0xb4,0xe7, 0x01,0x26,0x53,0x77, 1495 0x86,0x90,0x85,0x68, 0x6b,0x7b,0x03,0x53, 1496 0xda,0x52,0x52,0x51, 0x68,0xc8,0xf3,0xec, 1497 0x6c,0xd5,0x03,0x7a, 0xa3,0x0e,0xb4,0x02, 1498 0x5f,0x1a,0xab,0xee, 0xca,0x67,0x29,0x7b, 1499 0xbd,0x96,0x59,0xb3, 0x8b,0x32,0x7a,0x92, 1500 0x9f,0xd8,0x25,0x2b, 0xdf,0xc0,0x4c,0xda, 1501 }, 1502 .mlen = 16, 1503 .m = { 1504 0xbc,0xda,0x81,0xa8, 0x78,0x79,0x1c,0xbf, 1505 0x77,0x53,0xba,0x4c, 0x30,0x5b,0xb8,0x33, 1506 }, 1507 .h = { 1508 0x04,0xbf,0x7f,0x6a, 0xce,0x72,0xea,0x6a, 1509 0x79,0xdb,0xb0,0xc9, 0x60,0xf6,0x12,0xcc, 1510 }, 1511 }, 1512 [2] = { /* 1024-byte message */ 1513 .k = { 1514 0x65,0x4d,0xe3,0xf8, 0xd2,0x4c,0xac,0x28, 1515 0x68,0xf5,0xb3,0x81, 0x71,0x4b,0xa1,0xfa, 1516 0x04,0x0e,0xd3,0x81, 0x36,0xbe,0x0c,0x81, 1517 0x5e,0xaf,0xbc,0x3a, 0xa4,0xc0,0x8e,0x8b, 1518 0x55,0x63,0xd3,0x52, 0x97,0x88,0xd6,0x19, 1519 0xbc,0x96,0xdf,0x49, 0xff,0x04,0x63,0xf5, 1520 0x0c,0x11,0x13,0xaa, 0x9e,0x1f,0x5a,0xf7, 1521 0xdd,0xbd,0x37,0x80, 0xc3,0xd0,0xbe,0xa7, 1522 0x05,0xc8,0x3c,0x98, 0x1e,0x05,0x3c,0x84, 1523 0x39,0x61,0xc4,0xed, 0xed,0x71,0x1b,0xc4, 1524 0x74,0x45,0x2c,0xa1, 0x56,0x70,0x97,0xfd, 1525 0x44,0x18,0x07,0x7d, 0xca,0x60,0x1f,0x73, 1526 0x3b,0x6d,0x21,0xcb, 0x61,0x87,0x70,0x25, 1527 0x46,0x21,0xf1,0x1f, 0x21,0x91,0x31,0x2d, 1528 0x5d,0xcc,0xb7,0xd1, 0x84,0x3e,0x3d,0xdb, 1529 0x03,0x53,0x2a,0x82, 0xa6,0x9a,0x95,0xbc, 1530 0x1a,0x1e,0x0a,0x5e, 0x07,0x43,0xab,0x43, 1531 0xaf,0x92,0x82,0x06, 0x91,0x04,0x09,0xf4, 1532 0x17,0x0a,0x9a,0x2c, 0x54,0xdb,0xb8,0xf4, 1533 0xd0,0xf0,0x10,0x66, 0x24,0x8d,0xcd,0xda, 1534 0xfe,0x0e,0x45,0x9d, 0x6f,0xc4,0x4e,0xf4, 1535 0x96,0xaf,0x13,0xdc, 0xa9,0xd4,0x8c,0xc4, 1536 0xc8,0x57,0x39,0x3c, 0xc2,0xd3,0x0a,0x76, 1537 0x4a,0x1f,0x75,0x83, 0x44,0xc7,0xd1,0x39, 1538 0xd8,0xb5,0x41,0xba, 0x73,0x87,0xfa,0x96, 1539 0xc7,0x18,0x53,0xfb, 0x9b,0xda,0xa0,0x97, 1540 0x1d,0xee,0x60,0x85, 0x9e,0x14,0xc3,0xce, 1541 0xc4,0x05,0x29,0x3b, 0x95,0x30,0xa3,0xd1, 1542 0x9f,0x82,0x6a,0x04, 0xf5,0xa7,0x75,0x57, 1543 0x82,0x04,0xfe,0x71, 0x51,0x71,0xb1,0x49, 1544 0x50,0xf8,0xe0,0x96, 0xf1,0xfa,0xa8,0x88, 1545 0x3f,0xa0,0x86,0x20, 0xd4,0x60,0x79,0x59, 1546 0x17,0x2d,0xd1,0x09, 0xf4,0xec,0x05,0x57, 1547 0xcf,0x62,0x7e,0x0e, 0x7e,0x60,0x78,0xe6, 1548 0x08,0x60,0x29,0xd8, 0xd5,0x08,0x1a,0x24, 1549 0xc4,0x6c,0x24,0xe7, 0x92,0x08,0x3d,0x8a, 1550 0x98,0x7a,0xcf,0x99, 0x0a,0x65,0x0e,0xdc, 1551 0x8c,0x8a,0xbe,0x92, 0x82,0x91,0xcc,0x62, 1552 0x30,0xb6,0xf4,0x3f, 0xc6,0x8a,0x7f,0x12, 1553 0x4a,0x8a,0x49,0xfa, 0x3f,0x5c,0xd4,0x5a, 1554 0xa6,0x82,0xa3,0xe6, 0xaa,0x34,0x76,0xb2, 1555 0xab,0x0a,0x30,0xef, 0x6c,0x77,0x58,0x3f, 1556 0x05,0x6b,0xcc,0x5c, 0xae,0xdc,0xd7,0xb9, 1557 0x51,0x7e,0x8d,0x32, 0x5b,0x24,0x25,0xbe, 1558 0x2b,0x24,0x01,0xcf, 0x80,0xda,0x16,0xd8, 1559 0x90,0x72,0x2c,0xad, 0x34,0x8d,0x0c,0x74, 1560 0x02,0xcb,0xfd,0xcf, 0x6e,0xef,0x97,0xb5, 1561 0x4c,0xf2,0x68,0xca, 0xde,0x43,0x9e,0x8a, 1562 0xc5,0x5f,0x31,0x7f, 0x14,0x71,0x38,0xec, 1563 0xbd,0x98,0xe5,0x71, 0xc4,0xb5,0xdb,0xef, 1564 0x59,0xd2,0xca,0xc0, 0xc1,0x86,0x75,0x01, 1565 0xd4,0x15,0x0d,0x6f, 0xa4,0xf7,0x7b,0x37, 1566 0x47,0xda,0x18,0x93, 0x63,0xda,0xbe,0x9e, 1567 0x07,0xfb,0xb2,0x83, 0xd5,0xc4,0x34,0x55, 1568 0xee,0x73,0xa1,0x42, 0x96,0xf9,0x66,0x41, 1569 0xa4,0xcc,0xd2,0x93, 0x6e,0xe1,0x0a,0xbb, 1570 0xd2,0xdd,0x18,0x23, 0xe6,0x6b,0x98,0x0b, 1571 0x8a,0x83,0x59,0x2c, 0xc3,0xa6,0x59,0x5b, 1572 0x01,0x22,0x59,0xf7, 0xdc,0xb0,0x87,0x7e, 1573 0xdb,0x7d,0xf4,0x71, 0x41,0xab,0xbd,0xee, 1574 0x79,0xbe,0x3c,0x01, 0x76,0x0b,0x2d,0x0a, 1575 0x42,0xc9,0x77,0x8c, 0xbb,0x54,0x95,0x60, 1576 0x43,0x2e,0xe0,0x17, 0x52,0xbd,0x90,0xc9, 1577 0xc2,0x2c,0xdd,0x90, 0x24,0x22,0x76,0x40, 1578 0x5c,0xb9,0x41,0xc9, 0xa1,0xd5,0xbd,0xe3, 1579 0x44,0xe0,0xa4,0xab, 0xcc,0xb8,0xe2,0x32, 1580 0x02,0x15,0x04,0x1f, 0x8c,0xec,0x5d,0x14, 1581 0xac,0x18,0xaa,0xef, 0x6e,0x33,0x19,0x6e, 1582 0xde,0xfe,0x19,0xdb, 0xeb,0x61,0xca,0x18, 1583 0xad,0xd8,0x3d,0xbf, 0x09,0x11,0xc7,0xa5, 1584 0x86,0x0b,0x0f,0xe5, 0x3e,0xde,0xe8,0xd9, 1585 0x0a,0x69,0x9e,0x4c, 0x20,0xff,0xf9,0xc5, 1586 0xfa,0xf8,0xf3,0x7f, 0xa5,0x01,0x4b,0x5e, 1587 0x0f,0xf0,0x3b,0x68, 0xf0,0x46,0x8c,0x2a, 1588 0x7a,0xc1,0x8f,0xa0, 0xfe,0x6a,0x5b,0x44, 1589 0x70,0x5c,0xcc,0x92, 0x2c,0x6f,0x0f,0xbd, 1590 0x25,0x3e,0xb7,0x8e, 0x73,0x58,0xda,0xc9, 1591 0xa5,0xaa,0x9e,0xf3, 0x9b,0xfd,0x37,0x3e, 1592 0xe2,0x88,0xa4,0x7b, 0xc8,0x5c,0xa8,0x93, 1593 0x0e,0xe7,0x9a,0x9c, 0x2e,0x95,0x18,0x9f, 1594 0xc8,0x45,0x0c,0x88, 0x9e,0x53,0x4f,0x3a, 1595 0x76,0xc1,0x35,0xfa, 0x17,0xd8,0xac,0xa0, 1596 0x0c,0x2d,0x47,0x2e, 0x4f,0x69,0x9b,0xf7, 1597 0xd0,0xb6,0x96,0x0c, 0x19,0xb3,0x08,0x01, 1598 0x65,0x7a,0x1f,0xc7, 0x31,0x86,0xdb,0xc8, 1599 0xc1,0x99,0x8f,0xf8, 0x08,0x4a,0x9d,0x23, 1600 0x22,0xa8,0xcf,0x27, 0x01,0x01,0x88,0x93, 1601 0x9c,0x86,0x45,0xbd, 0xe0,0x51,0xca,0x52, 1602 0x84,0xba,0xfe,0x03, 0xf7,0xda,0xc5,0xce, 1603 0x3e,0x77,0x75,0x86, 0xaf,0x84,0xc8,0x05, 1604 0x44,0x01,0x0f,0x02, 0xf3,0x58,0xb0,0x06, 1605 0x5a,0xd7,0x12,0x30, 0x8d,0xdf,0x1f,0x1f, 1606 0x0a,0xe6,0xd2,0xea, 0xf6,0x3a,0x7a,0x99, 1607 0x63,0xe8,0xd2,0xc1, 0x4a,0x45,0x8b,0x40, 1608 0x4d,0x0a,0xa9,0x76, 0x92,0xb3,0xda,0x87, 1609 0x36,0x33,0xf0,0x78, 0xc3,0x2f,0x5f,0x02, 1610 0x1a,0x6a,0x2c,0x32, 0xcd,0x76,0xbf,0xbd, 1611 0x5a,0x26,0x20,0x28, 0x8c,0x8c,0xbc,0x52, 1612 0x3d,0x0a,0xc9,0xcb, 0xab,0xa4,0x21,0xb0, 1613 0x54,0x40,0x81,0x44, 0xc7,0xd6,0x1c,0x11, 1614 0x44,0xc6,0x02,0x92, 0x14,0x5a,0xbf,0x1a, 1615 0x09,0x8a,0x18,0xad, 0xcd,0x64,0x3d,0x53, 1616 0x4a,0xb6,0xa5,0x1b, 0x57,0x0e,0xef,0xe0, 1617 0x8c,0x44,0x5f,0x7d, 0xbd,0x6c,0xfd,0x60, 1618 0xae,0x02,0x24,0xb6, 0x99,0xdd,0x8c,0xaf, 1619 0x59,0x39,0x75,0x3c, 0xd1,0x54,0x7b,0x86, 1620 0xcc,0x99,0xd9,0x28, 0x0c,0xb0,0x94,0x62, 1621 0xf9,0x51,0xd1,0x19, 0x96,0x2d,0x66,0xf5, 1622 0x55,0xcf,0x9e,0x59, 0xe2,0x6b,0x2c,0x08, 1623 0xc0,0x54,0x48,0x24, 0x45,0xc3,0x8c,0x73, 1624 0xea,0x27,0x6e,0x66, 0x7d,0x1d,0x0e,0x6e, 1625 0x13,0xe8,0x56,0x65, 0x3a,0xb0,0x81,0x5c, 1626 0xf0,0xe8,0xd8,0x00, 0x6b,0xcd,0x8f,0xad, 1627 0xdd,0x53,0xf3,0xa4, 0x6c,0x43,0xd6,0x31, 1628 0xaf,0xd2,0x76,0x1e, 0x91,0x12,0xdb,0x3c, 1629 0x8c,0xc2,0x81,0xf0, 0x49,0xdb,0xe2,0x6b, 1630 0x76,0x62,0x0a,0x04, 0xe4,0xaa,0x8a,0x7c, 1631 0x08,0x0b,0x5d,0xd0, 0xee,0x1d,0xfb,0xc4, 1632 0x02,0x75,0x42,0xd6, 0xba,0xa7,0x22,0xa8, 1633 0x47,0x29,0xb7,0x85, 0x6d,0x93,0x3a,0xdb, 1634 0x00,0x53,0x0b,0xa2, 0xeb,0xf8,0xfe,0x01, 1635 0x6f,0x8a,0x31,0xd6, 0x17,0x05,0x6f,0x67, 1636 0x88,0x95,0x32,0xfe, 0x4f,0xa6,0x4b,0xf8, 1637 0x03,0xe4,0xcd,0x9a, 0x18,0xe8,0x4e,0x2d, 1638 0xf7,0x97,0x9a,0x0c, 0x7d,0x9f,0x7e,0x44, 1639 0x69,0x51,0xe0,0x32, 0x6b,0x62,0x86,0x8f, 1640 0xa6,0x8e,0x0b,0x21, 0x96,0xe5,0xaf,0x77, 1641 0xc0,0x83,0xdf,0xa5, 0x0e,0xd0,0xa1,0x04, 1642 0xaf,0xc1,0x10,0xcb, 0x5a,0x40,0xe4,0xe3, 1643 0x38,0x7e,0x07,0xe8, 0x4d,0xfa,0xed,0xc5, 1644 0xf0,0x37,0xdf,0xbb, 0x8a,0xcf,0x3d,0xdc, 1645 0x61,0xd2,0xc6,0x2b, 0xff,0x07,0xc9,0x2f, 1646 0x0c,0x2d,0x5c,0x07, 0xa8,0x35,0x6a,0xfc, 1647 0xae,0x09,0x03,0x45, 0x74,0x51,0x4d,0xc4, 1648 0xb8,0x23,0x87,0x4a, 0x99,0x27,0x20,0x87, 1649 0x62,0x44,0x0a,0x4a, 0xce,0x78,0x47,0x22, 1650 }, 1651 .mlen = 1024, 1652 .m = { 1653 0x8e,0xb0,0x4c,0xde, 0x9c,0x4a,0x04,0x5a, 1654 0xf6,0xa9,0x7f,0x45, 0x25,0xa5,0x7b,0x3a, 1655 0xbc,0x4d,0x73,0x39, 0x81,0xb5,0xbd,0x3d, 1656 0x21,0x6f,0xd7,0x37, 0x50,0x3c,0x7b,0x28, 1657 0xd1,0x03,0x3a,0x17, 0xed,0x7b,0x7c,0x2a, 1658 0x16,0xbc,0xdf,0x19, 0x89,0x52,0x71,0x31, 1659 0xb6,0xc0,0xfd,0xb5, 0xd3,0xba,0x96,0x99, 1660 0xb6,0x34,0x0b,0xd0, 0x99,0x93,0xfc,0x1a, 1661 0x01,0x3c,0x85,0xc6, 0x9b,0x78,0x5c,0x8b, 1662 0xfe,0xae,0xd2,0xbf, 0xb2,0x6f,0xf9,0xed, 1663 0xc8,0x25,0x17,0xfe, 0x10,0x3b,0x7d,0xda, 1664 0xf4,0x8d,0x35,0x4b, 0x7c,0x7b,0x82,0xe7, 1665 0xc2,0xb3,0xee,0x60, 0x4a,0x03,0x86,0xc9, 1666 0x4e,0xb5,0xc4,0xbe, 0xd2,0xbd,0x66,0xf1, 1667 0x13,0xf1,0x09,0xab, 0x5d,0xca,0x63,0x1f, 1668 0xfc,0xfb,0x57,0x2a, 0xfc,0xca,0x66,0xd8, 1669 0x77,0x84,0x38,0x23, 0x1d,0xac,0xd3,0xb3, 1670 0x7a,0xad,0x4c,0x70, 0xfa,0x9c,0xc9,0x61, 1671 0xa6,0x1b,0xba,0x33, 0x4b,0x4e,0x33,0xec, 1672 0xa0,0xa1,0x64,0x39, 0x40,0x05,0x1c,0xc2, 1673 0x3f,0x49,0x9d,0xae, 0xf2,0xc5,0xf2,0xc5, 1674 0xfe,0xe8,0xf4,0xc2, 0xf9,0x96,0x2d,0x28, 1675 0x92,0x30,0x44,0xbc, 0xd2,0x7f,0xe1,0x6e, 1676 0x62,0x02,0x8f,0x3d, 0x1c,0x80,0xda,0x0e, 1677 0x6a,0x90,0x7e,0x75, 0xff,0xec,0x3e,0xc4, 1678 0xcd,0x16,0x34,0x3b, 0x05,0x6d,0x4d,0x20, 1679 0x1c,0x7b,0xf5,0x57, 0x4f,0xfa,0x3d,0xac, 1680 0xd0,0x13,0x55,0xe8, 0xb3,0xe1,0x1b,0x78, 1681 0x30,0xe6,0x9f,0x84, 0xd4,0x69,0xd1,0x08, 1682 0x12,0x77,0xa7,0x4a, 0xbd,0xc0,0xf2,0xd2, 1683 0x78,0xdd,0xa3,0x81, 0x12,0xcb,0x6c,0x14, 1684 0x90,0x61,0xe2,0x84, 0xc6,0x2b,0x16,0xcc, 1685 0x40,0x99,0x50,0x88, 0x01,0x09,0x64,0x4f, 1686 0x0a,0x80,0xbe,0x61, 0xae,0x46,0xc9,0x0a, 1687 0x5d,0xe0,0xfb,0x72, 0x7a,0x1a,0xdd,0x61, 1688 0x63,0x20,0x05,0xa0, 0x4a,0xf0,0x60,0x69, 1689 0x7f,0x92,0xbc,0xbf, 0x4e,0x39,0x4d,0xdd, 1690 0x74,0xd1,0xb7,0xc0, 0x5a,0x34,0xb7,0xae, 1691 0x76,0x65,0x2e,0xbc, 0x36,0xb9,0x04,0x95, 1692 0x42,0xe9,0x6f,0xca, 0x78,0xb3,0x72,0x07, 1693 0xa3,0xba,0x02,0x94, 0x67,0x4c,0xb1,0xd7, 1694 0xe9,0x30,0x0d,0xf0, 0x3b,0xb8,0x10,0x6d, 1695 0xea,0x2b,0x21,0xbf, 0x74,0x59,0x82,0x97, 1696 0x85,0xaa,0xf1,0xd7, 0x54,0x39,0xeb,0x05, 1697 0xbd,0xf3,0x40,0xa0, 0x97,0xe6,0x74,0xfe, 1698 0xb4,0x82,0x5b,0xb1, 0x36,0xcb,0xe8,0x0d, 1699 0xce,0x14,0xd9,0xdf, 0xf1,0x94,0x22,0xcd, 1700 0xd6,0x00,0xba,0x04, 0x4c,0x05,0x0c,0xc0, 1701 0xd1,0x5a,0xeb,0x52, 0xd5,0xa8,0x8e,0xc8, 1702 0x97,0xa1,0xaa,0xc1, 0xea,0xc1,0xbe,0x7c, 1703 0x36,0xb3,0x36,0xa0, 0xc6,0x76,0x66,0xc5, 1704 0xe2,0xaf,0xd6,0x5c, 0xe2,0xdb,0x2c,0xb3, 1705 0x6c,0xb9,0x99,0x7f, 0xff,0x9f,0x03,0x24, 1706 0xe1,0x51,0x44,0x66, 0xd8,0x0c,0x5d,0x7f, 1707 0x5c,0x85,0x22,0x2a, 0xcf,0x6d,0x79,0x28, 1708 0xab,0x98,0x01,0x72, 0xfe,0x80,0x87,0x5f, 1709 0x46,0xba,0xef,0x81, 0x24,0xee,0xbf,0xb0, 1710 0x24,0x74,0xa3,0x65, 0x97,0x12,0xc4,0xaf, 1711 0x8b,0xa0,0x39,0xda, 0x8a,0x7e,0x74,0x6e, 1712 0x1b,0x42,0xb4,0x44, 0x37,0xfc,0x59,0xfd, 1713 0x86,0xed,0xfb,0x8c, 0x66,0x33,0xda,0x63, 1714 0x75,0xeb,0xe1,0xa4, 0x85,0x4f,0x50,0x8f, 1715 0x83,0x66,0x0d,0xd3, 0x37,0xfa,0xe6,0x9c, 1716 0x4f,0x30,0x87,0x35, 0x18,0xe3,0x0b,0xb7, 1717 0x6e,0x64,0x54,0xcd, 0x70,0xb3,0xde,0x54, 1718 0xb7,0x1d,0xe6,0x4c, 0x4d,0x55,0x12,0x12, 1719 0xaf,0x5f,0x7f,0x5e, 0xee,0x9d,0xe8,0x8e, 1720 0x32,0x9d,0x4e,0x75, 0xeb,0xc6,0xdd,0xaa, 1721 0x48,0x82,0xa4,0x3f, 0x3c,0xd7,0xd3,0xa8, 1722 0x63,0x9e,0x64,0xfe, 0xe3,0x97,0x00,0x62, 1723 0xe5,0x40,0x5d,0xc3, 0xad,0x72,0xe1,0x28, 1724 0x18,0x50,0xb7,0x75, 0xef,0xcd,0x23,0xbf, 1725 0x3f,0xc0,0x51,0x36, 0xf8,0x41,0xc3,0x08, 1726 0xcb,0xf1,0x8d,0x38, 0x34,0xbd,0x48,0x45, 1727 0x75,0xed,0xbc,0x65, 0x7b,0xb5,0x0c,0x9b, 1728 0xd7,0x67,0x7d,0x27, 0xb4,0xc4,0x80,0xd7, 1729 0xa9,0xb9,0xc7,0x4a, 0x97,0xaa,0xda,0xc8, 1730 0x3c,0x74,0xcf,0x36, 0x8f,0xe4,0x41,0xe3, 1731 0xd4,0xd3,0x26,0xa7, 0xf3,0x23,0x9d,0x8f, 1732 0x6c,0x20,0x05,0x32, 0x3e,0xe0,0xc3,0xc8, 1733 0x56,0x3f,0xa7,0x09, 0xb7,0xfb,0xc7,0xf7, 1734 0xbe,0x2a,0xdd,0x0f, 0x06,0x7b,0x0d,0xdd, 1735 0xb0,0xb4,0x86,0x17, 0xfd,0xb9,0x04,0xe5, 1736 0xc0,0x64,0x5d,0xad, 0x2a,0x36,0x38,0xdb, 1737 0x24,0xaf,0x5b,0xff, 0xca,0xf9,0x41,0xe8, 1738 0xf9,0x2f,0x1e,0x5e, 0xf9,0xf5,0xd5,0xf2, 1739 0xb2,0x88,0xca,0xc9, 0xa1,0x31,0xe2,0xe8, 1740 0x10,0x95,0x65,0xbf, 0xf1,0x11,0x61,0x7a, 1741 0x30,0x1a,0x54,0x90, 0xea,0xd2,0x30,0xf6, 1742 0xa5,0xad,0x60,0xf9, 0x4d,0x84,0x21,0x1b, 1743 0xe4,0x42,0x22,0xc8, 0x12,0x4b,0xb0,0x58, 1744 0x3e,0x9c,0x2d,0x32, 0x95,0x0a,0x8e,0xb0, 1745 0x0a,0x7e,0x77,0x2f, 0xe8,0x97,0x31,0x6a, 1746 0xf5,0x59,0xb4,0x26, 0xe6,0x37,0x12,0xc9, 1747 0xcb,0xa0,0x58,0x33, 0x6f,0xd5,0x55,0x55, 1748 0x3c,0xa1,0x33,0xb1, 0x0b,0x7e,0x2e,0xb4, 1749 0x43,0x2a,0x84,0x39, 0xf0,0x9c,0xf4,0x69, 1750 0x4f,0x1e,0x79,0xa6, 0x15,0x1b,0x87,0xbb, 1751 0xdb,0x9b,0xe0,0xf1, 0x0b,0xba,0xe3,0x6e, 1752 0xcc,0x2f,0x49,0x19, 0x22,0x29,0xfc,0x71, 1753 0xbb,0x77,0x38,0x18, 0x61,0xaf,0x85,0x76, 1754 0xeb,0xd1,0x09,0xcc, 0x86,0x04,0x20,0x9a, 1755 0x66,0x53,0x2f,0x44, 0x8b,0xc6,0xa3,0xd2, 1756 0x5f,0xc7,0x79,0x82, 0x66,0xa8,0x6e,0x75, 1757 0x7d,0x94,0xd1,0x86, 0x75,0x0f,0xa5,0x4f, 1758 0x3c,0x7a,0x33,0xce, 0xd1,0x6e,0x9d,0x7b, 1759 0x1f,0x91,0x37,0xb8, 0x37,0x80,0xfb,0xe0, 1760 0x52,0x26,0xd0,0x9a, 0xd4,0x48,0x02,0x41, 1761 0x05,0xe3,0x5a,0x94, 0xf1,0x65,0x61,0x19, 1762 0xb8,0x88,0x4e,0x2b, 0xea,0xba,0x8b,0x58, 1763 0x8b,0x42,0x01,0x00, 0xa8,0xfe,0x00,0x5c, 1764 0xfe,0x1c,0xee,0x31, 0x15,0x69,0xfa,0xb3, 1765 0x9b,0x5f,0x22,0x8e, 0x0d,0x2c,0xe3,0xa5, 1766 0x21,0xb9,0x99,0x8a, 0x8e,0x94,0x5a,0xef, 1767 0x13,0x3e,0x99,0x96, 0x79,0x6e,0xd5,0x42, 1768 0x36,0x03,0xa9,0xe2, 0xca,0x65,0x4e,0x8a, 1769 0x8a,0x30,0xd2,0x7d, 0x74,0xe7,0xf0,0xaa, 1770 0x23,0x26,0xdd,0xcb, 0x82,0x39,0xfc,0x9d, 1771 0x51,0x76,0x21,0x80, 0xa2,0xbe,0x93,0x03, 1772 0x47,0xb0,0xc1,0xb6, 0xdc,0x63,0xfd,0x9f, 1773 0xca,0x9d,0xa5,0xca, 0x27,0x85,0xe2,0xd8, 1774 0x15,0x5b,0x7e,0x14, 0x7a,0xc4,0x89,0xcc, 1775 0x74,0x14,0x4b,0x46, 0xd2,0xce,0xac,0x39, 1776 0x6b,0x6a,0x5a,0xa4, 0x0e,0xe3,0x7b,0x15, 1777 0x94,0x4b,0x0f,0x74, 0xcb,0x0c,0x7f,0xa9, 1778 0xbe,0x09,0x39,0xa3, 0xdd,0x56,0x5c,0xc7, 1779 0x99,0x56,0x65,0x39, 0xf4,0x0b,0x7d,0x87, 1780 0xec,0xaa,0xe3,0x4d, 0x22,0x65,0x39,0x4e, 1781 }, 1782 .h = { 1783 0x64,0x3a,0xbc,0xc3, 0x3f,0x74,0x40,0x51, 1784 0x6e,0x56,0x01,0x1a, 0x51,0xec,0x36,0xde, 1785 }, 1786 }, 1787 }; 1788 const uint8_t *pk; 1789 const uint8_t *nhk; 1790 static uint32_t nhk32[268]; 1791 uint8_t h[16]; 1792 unsigned i, j; 1793 int result = 0; 1794 1795 for (i = 0; i < __arraycount(C); i++) { 1796 pk = C[i].k; 1797 nhk = C[i].k + 16; 1798 for (j = 0; j < 268; j++) 1799 nhk32[j] = le32dec(nhk + 4*j); 1800 nhpoly1305(h, C[i].m, C[i].mlen, pk, nhk32); 1801 if (memcmp(h, C[i].h, 16)) { 1802 char prefix[16]; 1803 snprintf(prefix, sizeof prefix, "nhpoly1305 %u", i); 1804 hexdump(printf, prefix, h, 32); 1805 result = -1; 1806 } 1807 } 1808 1809 return result; 1810 } 1811 1812 void 1814 adiantum_init(struct adiantum *A, const uint8_t key[static 32]) 1815 { 1816 uint8_t nonce[24] = {1}; 1817 unsigned i; 1818 1819 memcpy(A->ks, key, 32); 1820 1821 /* Relies on ordering of struct members. */ 1822 memset(A->kk, 0, 32 + 16 + 16 + 1072); 1823 xchacha_stream_xor(A->kk, A->kk, 32 + 16 + 16 + 1072, 0, nonce, A->ks, 1824 12); 1825 1826 /* Put the NH key words into host byte order. */ 1827 for (i = 0; i < __arraycount(A->kn); i++) 1828 A->kn[i] = le32toh(A->kn[i]); 1829 1830 /* Expand the AES key. */ 1831 aes_setenckey256(&A->kk_enc, A->kk); 1832 aes_setdeckey256(&A->kk_dec, A->kk); 1833 } 1834 1835 static void 1836 adiantum_hash(uint8_t h[static 16], const void *l, size_t llen, 1837 const void *t, size_t tlen, 1838 const uint8_t kt[static 16], 1839 const uint8_t kl[static 16], 1840 const uint32_t kn[static 268]) 1841 { 1842 struct poly1305 P; 1843 uint8_t llenbuf[16]; 1844 uint8_t ht[16]; 1845 uint8_t hl[16]; 1846 1847 KASSERT(llen % 16 == 0); 1848 1849 memset(llenbuf, 0, sizeof llenbuf); 1850 le64enc(llenbuf, 8*llen); 1851 1852 /* Compute H_T := Poly1305_{K_T}(le128(|l|) || tweak). */ 1853 poly1305_init(&P, kt); 1854 poly1305_update_blocks(&P, llenbuf, 16); 1855 poly1305_update_blocks(&P, t, tlen); 1856 poly1305_final(ht, &P); 1857 1858 /* Compute H_L := Poly1305_{K_L}(NH(pad_128(l))). */ 1859 nhpoly1305(hl, l, llen, kl, kn); 1860 1861 /* Compute H := H_T + H_L (mod 2^128). */ 1862 add128(h, ht, hl); 1863 } 1864 1865 void 1867 adiantum_enc(void *c, const void *p, size_t len, const void *t, size_t tlen, 1868 const struct adiantum *A) 1869 { 1870 size_t Rlen = 16; 1871 size_t Llen = len - Rlen; 1872 uint8_t *c8 = c; 1873 uint8_t *cL = c8; 1874 uint8_t *cR = c8 + Llen; 1875 const uint8_t *p8 = p; 1876 const uint8_t *pL = p8; 1877 const uint8_t *pR = p8 + Llen; 1878 uint8_t h[16]; 1879 uint8_t buf[16] __aligned(16); 1880 uint8_t nonce[24]; 1881 1882 KASSERT(len % 16 == 0); 1883 1884 adiantum_hash(h, pL, Llen, t, tlen, A->kt, A->kl, A->kn); 1885 add128(buf, pR, h); /* buf := P_M */ 1886 aes_enc(&A->kk_enc, buf, buf, AES_256_NROUNDS); /* buf := C_M */ 1887 1888 memcpy(nonce, buf, 16); 1889 le64enc(nonce + 16, 1); 1890 xchacha_stream_xor(cL, pL, Llen, 0, nonce, A->ks, 12); 1891 1892 adiantum_hash(h, cL, Llen, t, tlen, A->kt, A->kl, A->kn); 1893 sub128(cR, buf, h); 1894 1895 explicit_memset(h, 0, sizeof h); 1896 explicit_memset(buf, 0, sizeof buf); 1897 } 1898 1899 void 1900 adiantum_dec(void *p, const void *c, size_t len, const void *t, size_t tlen, 1901 const struct adiantum *A) 1902 { 1903 size_t Rlen = 16; 1904 size_t Llen = len - Rlen; 1905 const uint8_t *c8 = c; 1906 const uint8_t *cL = c8; 1907 const uint8_t *cR = c8 + Llen; 1908 uint8_t *p8 = p; 1909 uint8_t *pL = p8; 1910 uint8_t *pR = p8 + Llen; 1911 uint8_t h[16]; 1912 uint8_t buf[16] __aligned(16); 1913 uint8_t nonce[24]; 1914 1915 KASSERT(len % 16 == 0); 1916 1917 adiantum_hash(h, cL, Llen, t, tlen, A->kt, A->kl, A->kn); 1918 add128(buf, cR, h); /* buf := C_M */ 1919 1920 memcpy(nonce, buf, 16); 1921 le64enc(nonce + 16, 1); 1922 xchacha_stream_xor(pL, cL, Llen, 0, nonce, A->ks, 12); 1923 1924 aes_dec(&A->kk_dec, buf, buf, AES_256_NROUNDS); /* buf := P_M */ 1925 adiantum_hash(h, pL, Llen, t, tlen, A->kt, A->kl, A->kn); 1926 sub128(pR, buf, h); 1927 1928 explicit_memset(h, 0, sizeof h); 1929 explicit_memset(buf, 0, sizeof buf); 1930 } 1931 1932 #ifdef _KERNEL 1934 1935 MODULE(MODULE_CLASS_MISC, adiantum, "aes,chacha"); 1936 1937 static int 1938 adiantum_modcmd(modcmd_t cmd, void *opaque) 1939 { 1940 1941 switch (cmd) { 1942 case MODULE_CMD_INIT: { 1943 int result = 0; 1944 result |= addsub128_selftest(); 1945 result |= poly1305_selftest(); 1946 result |= nh_selftest(); 1947 result |= nhpoly1305_selftest(); 1948 result |= adiantum_selftest(); 1949 if (result) 1950 panic("adiantum self-test failed"); 1951 aprint_debug("adiantum: self-test passed\n"); 1952 return 0; 1953 } 1954 case MODULE_CMD_FINI: 1955 return 0; 1956 default: 1957 return ENOTTY; 1958 } 1959 } 1960 1961 #else /* !defined(_KERNEL) */ 1963 1964 #include <err.h> 1965 #include <stdio.h> 1966 #include <unistd.h> 1967 1968 static int 1969 read_block(int fd, void *buf, size_t len) 1970 { 1971 char *p = buf; 1972 size_t n = len; 1973 ssize_t nread; 1974 1975 for (;;) { 1976 if ((nread = read(fd, p, n)) == -1) 1977 err(1, "read"); 1978 if (nread == 0) { 1979 if (n < len) 1980 errx(1, "partial block"); 1981 return -1; /* eof */ 1982 } 1983 if ((size_t)nread >= n) 1984 break; 1985 p += (size_t)nread; 1986 n -= (size_t)nread; 1987 } 1988 1989 return 0; 1990 } 1991 1992 static void 1993 write_block(int fd, const void *buf, size_t len) 1994 { 1995 const char *p = buf; 1996 size_t n = len; 1997 ssize_t nwrit; 1998 1999 for (;;) { 2000 if ((nwrit = write(fd, p, n)) == -1) 2001 err(1, "write"); 2002 if ((size_t)nwrit >= n) 2003 break; 2004 p += (size_t)nwrit; 2005 n -= (size_t)nwrit; 2006 } 2007 } 2008 2009 #define SECSIZE 512 2010 2011 static void 2012 process(void) 2013 { 2014 static const uint8_t k[32] = {0}; 2015 static uint8_t buf[65536]; 2016 static struct adiantum C; 2017 uint8_t blkno[16] = {0}; 2018 unsigned i; 2019 2020 adiantum_init(&C, k); 2021 while (read_block(STDIN_FILENO, buf, sizeof buf) == 0) { 2022 for (i = 0; i < sizeof buf; i += SECSIZE) { 2023 adiantum_enc(buf + i, buf + i, SECSIZE, blkno, 16, &C); 2024 le64enc(blkno, 1 + le32dec(blkno)); 2025 } 2026 write_block(STDOUT_FILENO, buf, sizeof buf); 2027 if (le64dec(blkno) == 1024*1024*1024/SECSIZE) 2028 return; 2029 } 2030 } 2031 2032 int 2033 main(void) 2034 { 2035 int result = 0; 2036 2037 result |= addsub128_selftest(); 2038 result |= poly1305_selftest(); 2039 result |= nh_selftest(); 2040 result |= nhpoly1305_selftest(); 2041 result |= adiantum_selftest(); 2042 if (result) 2043 return result; 2044 2045 process(); 2046 return 0; 2047 } 2048 2049 #endif /* _KERNEL */ 2050
Indexes created Sat Sep 20 22:09:52 GMT 2025