adiantum.c revision 1.5
1 /* $NetBSD: adiantum.c,v 1.5 2020/07/26 04:05:20 riastradh Exp $ */ 2 3 /*- 4 * Copyright (c) 2020 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * The Adiantum wide-block cipher, from 31 * 32 * Paul Crowley and Eric Biggers, `Adiantum: length-preserving 33 * encryption for entry-level processors', IACR Transactions on 34 * Symmetric Cryptology 2018(4), pp. 39--61. 35 * 36 * https://doi.org/10.13154/tosc.v2018.i4.39-61 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(1, "$NetBSD: adiantum.c,v 1.5 2020/07/26 04:05:20 riastradh Exp $"); 41 42 #include <sys/types.h> 43 #include <sys/endian.h> 44 45 #ifdef _KERNEL 46 47 #include <sys/module.h> 48 #include <sys/systm.h> 49 50 #include <lib/libkern/libkern.h> 51 52 #include <crypto/adiantum/adiantum.h> 53 #include <crypto/aes/aes.h> 54 #include <crypto/chacha/chacha.h> 55 56 #else /* !defined(_KERNEL) */ 57 58 #include <sys/cdefs.h> 59 60 #include <assert.h> 61 #include <stdint.h> 62 #include <stdio.h> 63 #include <string.h> 64 65 #include <openssl/aes.h> 66 67 struct aesenc { 68 AES_KEY enckey; 69 }; 70 71 struct aesdec { 72 AES_KEY deckey; 73 }; 74 75 #define AES_256_NROUNDS 14 76 #define aes_setenckey256(E, K) AES_set_encrypt_key((K), 256, &(E)->enckey) 77 #define aes_setdeckey256(D, K) AES_set_decrypt_key((K), 256, &(D)->deckey) 78 #define aes_enc(E, P, C, NR) AES_encrypt(P, C, &(E)->enckey) 79 #define aes_dec(D, C, P, NR) AES_decrypt(C, P, &(D)->deckey) 80 81 #include "adiantum.h" 82 83 #define CTASSERT __CTASSERT 84 #define KASSERT assert 85 #define MIN(x,y) ((x) < (y) ? (x) : (y)) 86 87 static void 88 hexdump(int (*prf)(const char *, ...) __printflike(1,2), const char *prefix, 89 const void *buf, size_t len) 90 { 91 const uint8_t *p = buf; 92 size_t i; 93 94 (*prf)("%s (%zu bytes)\n", prefix, len); 95 for (i = 0; i < len; i++) { 96 if (i % 16 == 8) 97 (*prf)(" "); 98 else 99 (*prf)(" "); 100 (*prf)("%02hhx", p[i]); 101 if ((i + 1) % 16 == 0) 102 (*prf)("\n"); 103 } 104 if (i % 16) 105 (*prf)("\n"); 106 } 107 108 #endif /* _KERNEL */ 109 110 /* Arithmetic modulo 2^128, represented by 16-digit strings in radix 2^8. */ 112 113 /* s := a + b (mod 2^128) */ 114 static inline void 115 add128(uint8_t s[restrict static 16], 116 const uint8_t a[static 16], const uint8_t b[static 16]) 117 { 118 unsigned i, c; 119 120 c = 0; 121 for (i = 0; i < 16; i++) { 122 c = a[i] + b[i] + c; 123 s[i] = c & 0xff; 124 c >>= 8; 125 } 126 } 127 128 /* s := a - b (mod 2^128) */ 129 static inline void 130 sub128(uint8_t d[restrict static 16], 131 const uint8_t a[static 16], const uint8_t b[static 16]) 132 { 133 unsigned i, c; 134 135 c = 0; 136 for (i = 0; i < 16; i++) { 137 c = a[i] - b[i] - c; 138 d[i] = c & 0xff; 139 c = 1 & (c >> 8); 140 } 141 } 142 143 static int 144 addsub128_selftest(void) 145 { 146 static const uint8_t zero[16] = { 147 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 148 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 149 }; 150 static const uint8_t one[16] = { 151 0x01,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 152 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 153 }; 154 static const uint8_t negativeone[16] = { 155 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 156 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 157 }; 158 static const uint8_t a[16] = { 159 0x03,0x80,0x00,0x00, 0x00,0x00,0x00,0x00, 160 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 161 }; 162 static const uint8_t b[16] = { 163 0x01,0x82,0x00,0x00, 0x00,0x00,0x00,0x00, 164 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 165 }; 166 static const uint8_t c[16] = { 167 0x02,0xfe,0xff,0xff, 0xff,0xff,0xff,0xff, 168 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 169 }; 170 uint8_t r[16]; 171 int result = 0; 172 173 sub128(r, zero, one); 174 if (memcmp(r, negativeone, 16)) { 175 hexdump(printf, "sub128 1", r, sizeof r); 176 result = -1; 177 } 178 179 sub128(r, a, b); 180 if (memcmp(r, c, 16)) { 181 hexdump(printf, "sub128 2", r, sizeof r); 182 result = -1; 183 } 184 185 return result; 186 } 187 188 /* Poly1305 */ 190 191 struct poly1305 { 192 uint32_t r[5]; /* evaluation point */ 193 uint32_t h[5]; /* value */ 194 }; 195 196 static void 197 poly1305_init(struct poly1305 *P, const uint8_t key[static 16]) 198 { 199 200 /* clamp */ 201 P->r[0] = (le32dec(key + 0) >> 0) & 0x03ffffff; 202 P->r[1] = (le32dec(key + 3) >> 2) & 0x03ffff03; 203 P->r[2] = (le32dec(key + 6) >> 4) & 0x03ffc0ff; 204 P->r[3] = (le32dec(key + 9) >> 6) & 0x03f03fff; 205 P->r[4] = (le32dec(key + 12) >> 8) & 0x000fffff; 206 207 /* initialize polynomial evaluation */ 208 P->h[0] = P->h[1] = P->h[2] = P->h[3] = P->h[4] = 0; 209 } 210 211 static void 212 poly1305_update_blocks(struct poly1305 *P, const uint8_t *m, size_t mlen) 213 { 214 uint32_t r0 = P->r[0]; 215 uint32_t r1 = P->r[1]; 216 uint32_t r2 = P->r[2]; 217 uint32_t r3 = P->r[3]; 218 uint32_t r4 = P->r[4]; 219 uint32_t h0 = P->h[0]; 220 uint32_t h1 = P->h[1]; 221 uint32_t h2 = P->h[2]; 222 uint32_t h3 = P->h[3]; 223 uint32_t h4 = P->h[4]; 224 uint32_t m0, m1, m2, m3, m4; /* 26-bit message chunks */ 225 uint64_t k0, k1, k2, k3, k4; /* 64-bit extension of h */ 226 uint64_t p0, p1, p2, p3, p4; /* columns of product */ 227 uint32_t c; /* carry */ 228 229 while (mlen) { 230 if (__predict_false(mlen < 16)) { 231 /* Handle padding for uneven last block. */ 232 uint8_t buf[16]; 233 unsigned i; 234 235 for (i = 0; i < mlen; i++) 236 buf[i] = m[i]; 237 buf[i++] = 1; 238 for (; i < 16; i++) 239 buf[i] = 0; 240 m0 = le32dec(buf + 0) >> 0; 241 m1 = le32dec(buf + 3) >> 2; 242 m2 = le32dec(buf + 6) >> 4; 243 m3 = le32dec(buf + 9) >> 6; 244 m4 = le32dec(buf + 12) >> 8; 245 mlen = 0; 246 247 explicit_memset(buf, 0, sizeof buf); 248 } else { 249 m0 = le32dec(m + 0) >> 0; 250 m1 = le32dec(m + 3) >> 2; 251 m2 = le32dec(m + 6) >> 4; 252 m3 = le32dec(m + 9) >> 6; 253 m4 = le32dec(m + 12) >> 8; 254 m4 |= 1u << 24; 255 m += 16; 256 mlen -= 16; 257 } 258 259 /* k := h + m, extended to 64 bits */ 260 k0 = h0 + (m0 & 0x03ffffff); 261 k1 = h1 + (m1 & 0x03ffffff); 262 k2 = h2 + (m2 & 0x03ffffff); 263 k3 = h3 + m3; 264 k4 = h4 + m4; 265 266 /* p := k * r = (h + m)*r mod 2^130 - 5 */ 267 p0 = r0*k0 + 5*r4*k1 + 5*r3*k2 + 5*r2*k3 + 5*r1*k4; 268 p1 = r1*k0 + r0*k1 + 5*r4*k2 + 5*r3*k3 + 5*r2*k4; 269 p2 = r2*k0 + r1*k1 + r0*k2 + 5*r4*k3 + 5*r3*k4; 270 p3 = r3*k0 + r2*k1 + r1*k2 + r0*k3 + 5*r4*k4; 271 p4 = r4*k0 + r3*k1 + r2*k2 + r1*k3 + r0*k4; 272 273 /* propagate carries and update h */ 274 p0 += 0; c = p0 >> 26; h0 = p0 & 0x03ffffff; 275 p1 += c; c = p1 >> 26; h1 = p1 & 0x03ffffff; 276 p2 += c; c = p2 >> 26; h2 = p2 & 0x03ffffff; 277 p3 += c; c = p3 >> 26; h3 = p3 & 0x03ffffff; 278 p4 += c; c = p4 >> 26; h4 = p4 & 0x03ffffff; 279 280 /* reduce 2^130 = 5 */ 281 h0 += c*5; c = h0 >> 26; h0 &= 0x03ffffff; 282 h1 += c; 283 } 284 285 /* update hash values */ 286 P->h[0] = h0; 287 P->h[1] = h1; 288 P->h[2] = h2; 289 P->h[3] = h3; 290 P->h[4] = h4; 291 } 292 293 static void 295 poly1305_final(uint8_t h[static 16], struct poly1305 *P) 296 { 297 uint32_t h0 = P->h[0]; 298 uint32_t h1 = P->h[1]; 299 uint32_t h2 = P->h[2]; 300 uint32_t h3 = P->h[3]; 301 uint32_t h4 = P->h[4]; 302 uint32_t s0, s1, s2, s3, s4; /* h - (2^130 - 5) */ 303 uint32_t m; /* mask */ 304 uint32_t c; 305 306 /* propagate carries */ 307 h1 += 0; c = h1 >> 26; h1 &= 0x03ffffff; 308 h2 += c; c = h2 >> 26; h2 &= 0x03ffffff; 309 h3 += c; c = h3 >> 26; h3 &= 0x03ffffff; 310 h4 += c; c = h4 >> 26; h4 &= 0x03ffffff; 311 312 /* reduce 2^130 = 5 */ 313 h0 += c*5; c = h0 >> 26; h0 &= 0x03ffffff; 314 h1 += c; 315 316 /* s := h - (2^130 - 5) */ 317 c = 5; 318 s0 = h0 + c; c = s0 >> 26; s0 &= 0x03ffffff; 319 s1 = h1 + c; c = s1 >> 26; s1 &= 0x03ffffff; 320 s2 = h2 + c; c = s2 >> 26; s2 &= 0x03ffffff; 321 s3 = h3 + c; c = s3 >> 26; s3 &= 0x03ffffff; 322 s4 = h4 + c; 323 s4 -= 0x04000000; 324 325 /* m := -1 if h < 2^130 - 5 else 0 */ 326 m = -(s4 >> 31); 327 328 /* conditional subtract */ 329 h0 = (m & h0) | (~m & s0); 330 h1 = (m & h1) | (~m & s1); 331 h2 = (m & h2) | (~m & s2); 332 h3 = (m & h3) | (~m & s3); 333 h4 = (m & h4) | (~m & s4); 334 335 /* reduce modulo 2^128 */ 336 le32enc(h + 0, ((h1 << 26) | (h0 >> 0)) & 0xffffffff); 337 le32enc(h + 4, ((h2 << 20) | (h1 >> 6)) & 0xffffffff); 338 le32enc(h + 8, ((h3 << 14) | (h2 >> 12)) & 0xffffffff); 339 le32enc(h + 12, ((h4 << 8) | (h3 >> 18)) & 0xffffffff); 340 } 341 342 static void 344 poly1305(uint8_t h[static 16], const uint8_t *m, size_t mlen, 345 const uint8_t k[static 16]) 346 { 347 struct poly1305 P; 348 349 poly1305_init(&P, k); 350 poly1305_update_blocks(&P, m, mlen); 351 poly1305_final(h, &P); 352 } 353 354 static int 355 poly1305_selftest(void) 356 { 357 /* https://tools.ietf.org/html/rfc7539#section-2.5.2 */ 358 static const uint8_t r[16] = { 359 0x85,0xd6,0xbe,0x78, 0x57,0x55,0x6d,0x33, 360 0x7f,0x44,0x52,0xfe, 0x42,0xd5,0x06,0xa8, 361 }; 362 static const uint8_t s[16] = { 363 0x01,0x03,0x80,0x8a, 0xfb,0x0d,0xb2,0xfd, 364 0x4a,0xbf,0xf6,0xaf, 0x41,0x49,0xf5,0x1b, 365 }; 366 static const uint8_t m[] = { 367 0x43,0x72,0x79,0x70, 0x74,0x6f,0x67,0x72, 368 0x61,0x70,0x68,0x69, 0x63,0x20,0x46,0x6f, 369 0x72,0x75,0x6d,0x20, 0x52,0x65,0x73,0x65, 370 0x61,0x72,0x63,0x68, 0x20,0x47,0x72,0x6f, 371 0x75,0x70, 372 }; 373 static const uint8_t expected[16] = { 374 0xa8,0x06,0x1d,0xc1, 0x30,0x51,0x36,0xc6, 375 0xc2,0x2b,0x8b,0xaf, 0x0c,0x01,0x27,0xa9, 376 }; 377 uint8_t h[16], t[16]; 378 int result = 0; 379 380 poly1305(h, m, sizeof m, r); 381 add128(t, h, s); 382 if (memcmp(t, expected, 16)) { 383 hexdump(printf, "poly1305 h", h, sizeof h); 384 hexdump(printf, "poly1305 t", t, sizeof t); 385 result = -1; 386 } 387 388 return result; 389 } 390 391 /* NHPoly1305 */ 393 394 static void 395 nh(uint8_t h[static 32], const uint8_t *m, size_t mlen, 396 const uint32_t k[static 268 /* u/w + 2s(r - 1) */]) 397 { 398 const unsigned w = 32; /* word size */ 399 const unsigned s = 2; /* stride */ 400 const unsigned r = 4; /* rounds */ 401 const unsigned u = 8192; /* unit count (bits per msg unit) */ 402 uint64_t h0 = 0, h1 = 0, h2 = 0, h3 = 0; 403 unsigned i; 404 405 CTASSERT(r*w/8 == 16); 406 CTASSERT(u/w + 2*s*(r - 1) == 268); 407 408 KASSERT(mlen <= u/8); 409 KASSERT(mlen % 16 == 0); 410 411 for (i = 0; i < mlen/16; i++) { 412 uint32_t m0 = le32dec(m + 16*i + 4*0); 413 uint32_t m1 = le32dec(m + 16*i + 4*1); 414 uint32_t m2 = le32dec(m + 16*i + 4*2); 415 uint32_t m3 = le32dec(m + 16*i + 4*3); 416 417 uint32_t k00 = k[4*i + 4*0 + 0]; 418 uint32_t k01 = k[4*i + 4*0 + 1]; 419 uint32_t k02 = k[4*i + 4*0 + 2]; 420 uint32_t k03 = k[4*i + 4*0 + 3]; 421 uint32_t k10 = k[4*i + 4*1 + 0]; 422 uint32_t k11 = k[4*i + 4*1 + 1]; 423 uint32_t k12 = k[4*i + 4*1 + 2]; 424 uint32_t k13 = k[4*i + 4*1 + 3]; 425 uint32_t k20 = k[4*i + 4*2 + 0]; 426 uint32_t k21 = k[4*i + 4*2 + 1]; 427 uint32_t k22 = k[4*i + 4*2 + 2]; 428 uint32_t k23 = k[4*i + 4*2 + 3]; 429 uint32_t k30 = k[4*i + 4*3 + 0]; 430 uint32_t k31 = k[4*i + 4*3 + 1]; 431 uint32_t k32 = k[4*i + 4*3 + 2]; 432 uint32_t k33 = k[4*i + 4*3 + 3]; 433 434 CTASSERT(s == 2); 435 h0 += (uint64_t)(m0 + k00) * (m2 + k02); 436 h1 += (uint64_t)(m0 + k10) * (m2 + k12); 437 h2 += (uint64_t)(m0 + k20) * (m2 + k22); 438 h3 += (uint64_t)(m0 + k30) * (m2 + k32); 439 h0 += (uint64_t)(m1 + k01) * (m3 + k03); 440 h1 += (uint64_t)(m1 + k11) * (m3 + k13); 441 h2 += (uint64_t)(m1 + k21) * (m3 + k23); 442 h3 += (uint64_t)(m1 + k31) * (m3 + k33); 443 } 444 445 le64enc(h + 8*0, h0); 446 le64enc(h + 8*1, h1); 447 le64enc(h + 8*2, h2); 448 le64enc(h + 8*3, h3); 449 } 450 451 static void 452 nhpoly1305(uint8_t h[static 16], const uint8_t *m, size_t mlen, 453 const uint8_t pk[static 16], 454 const uint32_t nhk[static 268 /* u/w + 2s(r - 1) */]) 455 { 456 struct poly1305 P; 457 uint8_t h0[32]; 458 459 /* 460 * In principle NHPoly1305 is defined on uneven message 461 * lengths, but that's a pain in the patootie. 462 */ 463 KASSERT(mlen % 16 == 0); 464 465 poly1305_init(&P, pk); 466 for (; mlen; m += MIN(mlen, 1024), mlen -= MIN(mlen, 1024)) { 467 nh(h0, m, MIN(mlen, 1024), nhk); 468 poly1305_update_blocks(&P, h0, 32); 469 } 470 poly1305_final(h, &P); 471 } 472 473 /* https://github.com/google/adiantum/blob/68971e9c6684121b2203b4b05a22768b84051b58/test_vectors/ours/NH/NH.json */ 475 static int 476 nh_selftest(void) 477 { 478 static const struct { 479 uint8_t k[1072]; 480 unsigned mlen; 481 uint8_t m[1024]; 482 uint8_t h[32]; 483 } C[] = { 484 [0] = { /* 16-byte message */ 485 .k = { 486 0x22,0x5b,0x80,0xc8, 0x18,0x05,0x37,0x09, 487 0x76,0x14,0x4b,0x67, 0xc4,0x50,0x7f,0x2b, 488 0x2c,0xff,0x56,0xc5, 0xd5,0x66,0x45,0x68, 489 0x35,0xe6,0xd2,0x9a, 0xe5,0xd0,0xc1,0xfb, 490 0xac,0x59,0x81,0x1a, 0x60,0xb0,0x3d,0x81, 491 0x4b,0xa3,0x5b,0xa9, 0xcc,0xb3,0xfe,0x2d, 492 0xc2,0x4d,0xd9,0x26, 0xad,0x36,0xcf,0x8c, 493 0x05,0x11,0x3b,0x8a, 0x99,0x15,0x81,0xc8, 494 0x23,0xf5,0x5a,0x94, 0x10,0x2f,0x92,0x80, 495 0x38,0xc5,0xb2,0x63, 0x80,0xd5,0xdc,0xa3, 496 0x6c,0x2f,0xaa,0x03, 0x96,0x4a,0x75,0x33, 497 0x4c,0xa8,0x60,0x05, 0x96,0xbf,0xe5,0x7a, 498 0xc8,0x4f,0x5c,0x22, 0xf9,0x92,0x74,0x4a, 499 0x75,0x5f,0xa2,0x2a, 0x8d,0x3f,0xe2,0x43, 500 0xfd,0xd9,0x04,0x8c, 0x8e,0xea,0x84,0xcc, 501 0x4d,0x3f,0x94,0x96, 0xed,0x1a,0x51,0xbb, 502 0x2f,0xc4,0x63,0x28, 0x31,0x0b,0xda,0x92, 503 0x1e,0x4d,0xe2,0x1d, 0x82,0xb5,0x65,0xb4, 504 0x75,0x69,0xd7,0x6f, 0x29,0xe4,0xbe,0x7e, 505 0xcc,0xbd,0x95,0xbd, 0x7a,0x62,0xea,0xfa, 506 0x33,0x34,0x80,0x58, 0xbf,0xfa,0x00,0x7e, 507 0xa7,0xb4,0xc9,0x32, 0x7c,0xc7,0x8f,0x8a, 508 0x28,0x27,0xdd,0xeb, 0xb9,0x1c,0x01,0xad, 509 0xec,0xf4,0x30,0x5e, 0xce,0x3b,0xaa,0x22, 510 0x60,0xbd,0x84,0xd9, 0x9e,0xaf,0xe8,0x4c, 511 0x44,0xb6,0x84,0x2d, 0x5c,0xe6,0x26,0xee, 512 0x8a,0xa2,0x0d,0xe3, 0x97,0xed,0xf5,0x47, 513 0xdb,0x50,0x72,0x4a, 0x5e,0x9a,0x8d,0x10, 514 0xc2,0x25,0xdd,0x5b, 0xd0,0x39,0xc4,0x5b, 515 0x2a,0x79,0x81,0xb7, 0x5c,0xda,0xed,0x77, 516 0x17,0x53,0xb5,0x8b, 0x1e,0x5f,0xf3,0x48, 517 0x30,0xac,0x97,0x7d, 0x29,0xe3,0xc9,0x18, 518 0xe1,0x2b,0x31,0xa0, 0x08,0xe9,0x15,0x59, 519 0x29,0xdb,0x84,0x2a, 0x33,0x98,0x8a,0xd4, 520 0xc3,0xfc,0xf7,0xca, 0x65,0x02,0x4d,0x9f, 521 0xe2,0xb1,0x5e,0xa6, 0x6a,0x01,0xf9,0xcf, 522 0x7e,0xa6,0x09,0xd9, 0x16,0x90,0x14,0x5f, 523 0x3a,0xf8,0xd8,0x34, 0x38,0xd6,0x1f,0x89, 524 0x0c,0x81,0xc2,0x68, 0xc4,0x65,0x78,0xf3, 525 0xfe,0x27,0x48,0x70, 0x38,0x43,0x48,0x5a, 526 0xc1,0x24,0xc5,0x6f, 0x65,0x63,0x1b,0xb0, 527 0x5b,0xb4,0x07,0x1e, 0x69,0x08,0x8f,0xfc, 528 0x93,0x29,0x04,0x16, 0x6a,0x8b,0xb3,0x3d, 529 0x0f,0xba,0x5f,0x46, 0xff,0xfe,0x77,0xa1, 530 0xb9,0xdc,0x29,0x66, 0x9a,0xd1,0x08,0xdd, 531 0x32,0xe3,0x21,0x7b, 0xcc,0x2e,0x5c,0xf7, 532 0x79,0x68,0xd4,0xc1, 0x8b,0x3c,0x5d,0x0e, 533 0xd4,0x26,0xa6,0x19, 0x92,0x45,0xf7,0x19, 534 0x0e,0xa2,0x17,0xd8, 0x1c,0x7f,0x8d,0xd6, 535 0x68,0x37,0x6c,0xbf, 0xb1,0x8a,0x5e,0x36, 536 0x4b,0xc0,0xca,0x21, 0x02,0x24,0x69,0x9b, 537 0x2b,0x19,0x0a,0x1b, 0xe3,0x17,0x30,0x57, 538 0xf6,0xfc,0xd6,0x66, 0x36,0x30,0xc2,0x11, 539 0x08,0x8d,0xc5,0x84, 0x67,0xa0,0x89,0xc3, 540 0x74,0x48,0x15,0xca, 0x6e,0x0c,0x6d,0x78, 541 0x66,0x15,0x73,0x85, 0xf9,0x8b,0xba,0xb2, 542 0x09,0xda,0x79,0xe6, 0x00,0x08,0x2a,0xda, 543 0x6b,0xd7,0xd1,0xa7, 0x8b,0x5f,0x11,0x87, 544 0x96,0x1b,0x23,0xb0, 0x6c,0x55,0xb6,0x86, 545 0xfb,0xff,0xe3,0x69, 0xac,0x43,0xcd,0x8f, 546 0x8a,0xe7,0x1c,0x3c, 0xa0,0x6a,0xd5,0x63, 547 0x80,0x66,0xd8,0x7f, 0xb5,0xb8,0x96,0xd4, 548 0xe2,0x20,0x40,0x53, 0x6d,0x0d,0x8b,0x6d, 549 0xd5,0x5d,0x51,0xfb, 0x4d,0x80,0x82,0x01, 550 0x14,0x97,0x96,0x9b, 0x13,0xb8,0x1d,0x76, 551 0x7a,0xa1,0xca,0x19, 0x90,0xec,0x7b,0xe0, 552 0x8e,0xa8,0xb4,0xf2, 0x33,0x67,0x0e,0x10, 553 0xb1,0xa2,0x82,0xea, 0x81,0x82,0xa2,0xc6, 554 0x78,0x51,0xa6,0xd3, 0x25,0xe4,0x9c,0xf2, 555 0x6b,0xa8,0xec,0xfb, 0xd4,0x1d,0x5b,0xa4, 556 0x79,0x66,0x62,0xb8, 0x2b,0x6f,0x9e,0x0f, 557 0xcc,0xcb,0x9e,0x92, 0x6f,0x06,0xdb,0xf0, 558 0x97,0xce,0x3f,0x90, 0xa2,0x1f,0xbe,0x3b, 559 0x7b,0x10,0xf0,0x23, 0x30,0x0c,0xc5,0x0c, 560 0x6c,0x78,0xfc,0xa8, 0x71,0x62,0xcf,0x98, 561 0xa2,0xb1,0x44,0xb5, 0xc6,0x3b,0x5c,0x63, 562 0x83,0x1d,0x35,0xf2, 0xc7,0x42,0x67,0x5d, 563 0xc1,0x26,0x36,0xc8, 0x6e,0x1d,0xf6,0xd5, 564 0x52,0x35,0xa4,0x9e, 0xce,0x4c,0x3b,0x92, 565 0x20,0x86,0xb7,0x89, 0x63,0x73,0x1a,0x8b, 566 0xa6,0x35,0xfe,0xb9, 0xdf,0x5e,0x0e,0x53, 567 0x0b,0xf2,0xb3,0x4d, 0x34,0x1d,0x66,0x33, 568 0x1f,0x08,0xf5,0xf5, 0x0a,0xab,0x76,0x19, 569 0xde,0x82,0x2f,0xcf, 0x11,0xa6,0xcb,0xb3, 570 0x17,0xec,0x8d,0xaf, 0xcb,0xf0,0x92,0x1e, 571 0xb8,0xa3,0x04,0x0a, 0xac,0x2c,0xae,0xc5, 572 0x0b,0xc4,0x4e,0xef, 0x0a,0xe2,0xda,0xe9, 573 0xd7,0x75,0x2d,0x95, 0xc7,0x1b,0xf3,0x0b, 574 0x43,0x19,0x16,0xd7, 0xc6,0x90,0x2d,0x6b, 575 0xe1,0xb2,0xce,0xbe, 0xd0,0x7d,0x15,0x99, 576 0x24,0x37,0xbc,0xb6, 0x8c,0x89,0x7a,0x8c, 577 0xcb,0xa7,0xf7,0x0b, 0x5f,0xd4,0x96,0x8d, 578 0xf5,0x80,0xa3,0xce, 0xf5,0x9e,0xed,0x60, 579 0x00,0x92,0xa5,0x67, 0xc9,0x21,0x79,0x0b, 580 0xfb,0xe2,0x57,0x0e, 0xdf,0xb6,0x16,0x90, 581 0xd3,0x75,0xf6,0xb0, 0xa3,0x4e,0x43,0x9a, 582 0xb7,0xf4,0x73,0xd8, 0x34,0x46,0xc6,0xbe, 583 0x80,0xec,0x4a,0xc0, 0x7f,0x9e,0xb6,0xb0, 584 0x58,0xc2,0xae,0xa1, 0xf3,0x60,0x04,0x62, 585 0x11,0xea,0x0f,0x90, 0xa9,0xea,0x6f,0x0c, 586 0x4c,0xcf,0xe8,0xd0, 0xea,0xbf,0xdb,0xf2, 587 0x53,0x0c,0x09,0x4d, 0xd4,0xed,0xf3,0x22, 588 0x10,0x99,0xc6,0x4f, 0xcf,0xcf,0x96,0xc9, 589 0xd9,0x6b,0x08,0x3b, 0xf0,0x62,0x2d,0xac, 590 0x55,0x38,0xd5,0x5c, 0x57,0xad,0x51,0xc3, 591 0xf5,0xd2,0x37,0x45, 0xb3,0x3f,0x6d,0xaf, 592 0x10,0x62,0x57,0xb9, 0x58,0x40,0xb3,0x3c, 593 0x6a,0x98,0x97,0x1a, 0x9c,0xeb,0x66,0xf1, 594 0xa5,0x93,0x0b,0xe7, 0x8b,0x29,0x0f,0xff, 595 0x2c,0xd0,0x90,0xf2, 0x67,0xa0,0x69,0xcd, 596 0xd3,0x59,0xad,0xad, 0xf1,0x1f,0xd7,0xad, 597 0x24,0x74,0x29,0xcd, 0x06,0xd5,0x42,0x90, 598 0xf9,0x96,0x4a,0xd9, 0xa0,0x37,0xe4,0x64, 599 0x8e,0x13,0x2a,0x2a, 0xe7,0xc2,0x1e,0xf6, 600 0xb2,0xd3,0xdc,0x9f, 0x33,0x32,0x0c,0x50, 601 0x88,0x37,0x8b,0x9b, 0xfe,0x6f,0xfd,0x05, 602 0x96,0x26,0x6c,0x96, 0x73,0x73,0xe1,0x09, 603 0x28,0xf3,0x7f,0xa6, 0x59,0xc5,0x2e,0xf4, 604 0xd3,0xd5,0xda,0x6b, 0xca,0x42,0x05,0xe5, 605 0xed,0x13,0xe2,0x4e, 0xcd,0xd5,0xd0,0xfb, 606 0x6e,0xf7,0x8a,0x3e, 0x91,0x9d,0x6b,0xc5, 607 0x33,0x05,0x07,0x86, 0xb2,0x26,0x41,0x6e, 608 0xf8,0x38,0x38,0x7a, 0xf0,0x6c,0x27,0x5a, 609 0x01,0xd8,0x03,0xe5, 0x91,0x33,0xaa,0x20, 610 0xcd,0xa7,0x4f,0x18, 0xa0,0x91,0x28,0x74, 611 0xc0,0x58,0x27,0x0f, 0x9b,0xa8,0x85,0xb0, 612 0xe0,0xfd,0x5b,0xdb, 0x5b,0xb8,0x86,0x79, 613 0x94,0x6d,0xde,0x26, 0x64,0x2d,0x6c,0xb9, 614 0xba,0xc7,0xf0,0xd7, 0xaa,0x68,0x68,0xd0, 615 0x40,0x71,0xdb,0x94, 0x54,0x62,0xa5,0x7f, 616 0x98,0xea,0xe3,0x4c, 0xe4,0x44,0x9a,0x03, 617 0xf9,0x1c,0x20,0x36, 0xeb,0x0d,0xa4,0x41, 618 0x24,0x06,0xcb,0x94, 0x86,0x35,0x22,0x62, 619 0x80,0x19,0x16,0xba, 0x2c,0x10,0x38,0x96, 620 }, 621 .mlen = 16, 622 .m = { 623 0xd3,0x82,0xe7,0x04, 0x35,0xcc,0xf7,0xa4, 624 0xf9,0xb2,0xc5,0xed, 0x5a,0xd9,0x58,0xeb, 625 }, 626 .h = { 627 0x41,0xd9,0xad,0x54, 0x5a,0x0d,0xcc,0x53, 628 0x48,0xf6,0x4c,0x75, 0x43,0x5d,0xdd,0x77, 629 0xda,0xca,0x7d,0xec, 0x91,0x3b,0x53,0x16, 630 0x5c,0x4b,0x58,0xdc, 0x70,0x0a,0x7b,0x37, 631 }, 632 }, 633 [1] = { /* 1008-byte message */ 634 .k = { 635 0xd9,0x94,0x65,0xda, 0xc2,0x60,0xdd,0xa9, 636 0x39,0xe5,0x37,0x11, 0xf6,0x74,0xa5,0x95, 637 0x36,0x07,0x24,0x99, 0x64,0x6b,0xda,0xe2, 638 0xd5,0xd1,0xd2,0xd9, 0x25,0xd5,0xcc,0x48, 639 0xf8,0xa5,0x9e,0xff, 0x84,0x5a,0xd1,0x6f, 640 0xb7,0x6a,0x4d,0xd2, 0xc8,0x13,0x3d,0xde, 641 0x17,0xed,0x64,0xf1, 0x2b,0xcc,0xdd,0x65, 642 0x11,0x16,0xf2,0xaf, 0x34,0xd2,0xc5,0x31, 643 0xaa,0x69,0x33,0x0a, 0x0b,0xc1,0xb4,0x6d, 644 0xaa,0xcd,0x43,0xc4, 0x0b,0xef,0xf9,0x7d, 645 0x97,0x3c,0xa7,0x22, 0xda,0xa6,0x6a,0xf0, 646 0xad,0xe3,0x6f,0xde, 0xfb,0x33,0xf3,0xd8, 647 0x96,0x5f,0xca,0xda, 0x18,0x63,0x03,0xd0, 648 0x8f,0xb6,0xc4,0x62, 0x9d,0x50,0x6c,0x8f, 649 0x85,0xdd,0x6d,0x52, 0x2d,0x45,0x01,0x36, 650 0x57,0x9f,0x51,0xf0, 0x70,0xe0,0xb2,0x99, 651 0x3a,0x11,0x68,0xbd, 0xe5,0xfa,0x7c,0x59, 652 0x12,0x5a,0xbc,0xd9, 0xd6,0x9a,0x09,0xe6, 653 0xa2,0x80,0x1f,0xd6, 0x47,0x20,0x82,0x4e, 654 0xac,0xb5,0x6d,0xde, 0x5b,0xff,0x9c,0xd4, 655 0x2a,0xae,0x27,0x7c, 0x0f,0x5a,0x5d,0x35, 656 0x2d,0xff,0x07,0xf9, 0x79,0x6a,0xf9,0x3e, 657 0xd9,0x22,0x62,0x30, 0x40,0xce,0xe1,0xf4, 658 0x46,0x0a,0x24,0xca, 0x7a,0x3e,0xa1,0x92, 659 0x1a,0x29,0xa0,0xbf, 0x23,0x95,0x99,0x31, 660 0xe3,0x51,0x25,0x3d, 0xaf,0x1e,0xfc,0xb3, 661 0x65,0xa2,0x10,0x37, 0xe6,0xa7,0x20,0xa0, 662 0xe3,0x6a,0xd4,0x81, 0x2c,0x8d,0xa0,0x87, 663 0xec,0xae,0x9f,0x44, 0x10,0xda,0x2e,0x17, 664 0xba,0xb2,0xa5,0x5c, 0x89,0xc6,0xfa,0x70, 665 0x7e,0xc2,0xe3,0xb6, 0xa0,0x98,0x9c,0xb8, 666 0x14,0x33,0x27,0x3a, 0x6e,0x4d,0x94,0x72, 667 0x4b,0xc8,0xac,0x24, 0x2f,0x85,0xd9,0xa4, 668 0xda,0x22,0x95,0xc5, 0xb3,0xfc,0xbe,0xd2, 669 0x96,0x57,0x91,0xf9, 0xfd,0x18,0x9c,0x56, 670 0x70,0x15,0x5f,0xe7, 0x40,0x45,0x28,0xb3, 671 0x2b,0x56,0x44,0xca, 0x6a,0x2b,0x0e,0x25, 672 0x66,0x3e,0x32,0x04, 0xe2,0xb7,0x91,0xc8, 673 0xd2,0x02,0x79,0x0f, 0x7e,0xa9,0xb3,0x86, 674 0xb2,0x76,0x74,0x18, 0x57,0x16,0x63,0x06, 675 0x6e,0x16,0xfa,0xef, 0x52,0x3c,0x5e,0x0d, 676 0x33,0x55,0xd2,0x8d, 0x57,0x4d,0xfe,0x54, 677 0x65,0x7a,0x54,0x52, 0xf0,0x7b,0x2c,0xf8, 678 0xd5,0x43,0xba,0x92, 0xa5,0x2e,0xbe,0x1a, 679 0xce,0x25,0x4f,0x34, 0x31,0xe7,0xa3,0xff, 680 0x90,0xf6,0xbc,0x0c, 0xbc,0x98,0xdf,0x4a, 681 0xc3,0xeb,0xb6,0x27, 0x68,0xa9,0xb5,0x33, 682 0xbc,0x13,0xe8,0x13, 0x7c,0x6b,0xec,0x31, 683 0xd9,0x79,0x2a,0xa7, 0xe4,0x02,0x4f,0x02, 684 0xd4,0x5c,0x57,0x4f, 0xa4,0xbc,0xa3,0xe1, 685 0x7e,0x36,0x8a,0xde, 0x11,0x55,0xec,0xb3, 686 0x8b,0x65,0x06,0x02, 0x9a,0x68,0x06,0x64, 687 0x63,0xc7,0x9a,0x67, 0xdc,0x70,0xbf,0xb5, 688 0xf8,0x49,0x2a,0xe1, 0x59,0x4c,0xe4,0x1e, 689 0xb5,0x56,0xa5,0xad, 0x24,0x82,0x8c,0xd0, 690 0x66,0xe4,0x72,0x79, 0x02,0x5d,0x0d,0xf9, 691 0x19,0x44,0xe3,0x86, 0x1a,0xda,0xda,0xf0, 692 0x2d,0x47,0xc0,0x07, 0x47,0x0b,0xf8,0x06, 693 0xf6,0x45,0x8a,0x7f, 0xb9,0xf9,0x33,0x2e, 694 0xc2,0xf1,0xf1,0x81, 0x41,0x99,0xcd,0xf6, 695 0xb1,0x71,0x1b,0xfa, 0x21,0x53,0x7c,0xa1, 696 0xeb,0x2a,0x38,0x5b, 0x9b,0xfe,0x96,0xa5, 697 0xe3,0x78,0x77,0x47, 0x98,0x0f,0x7d,0xef, 698 0xf6,0x05,0x37,0x88, 0x79,0x0c,0x21,0x8d, 699 0x87,0x1f,0xae,0xce, 0x83,0xaf,0xa3,0xd6, 700 0x6e,0xc5,0x3c,0x47, 0xc6,0xd6,0x4a,0xdc, 701 0x7c,0xcc,0xdc,0x11, 0x7c,0x7d,0x0f,0x03, 702 0xc1,0x80,0x75,0x2a, 0x64,0x76,0xf0,0x08, 703 0x0c,0x11,0x4b,0xe4, 0x05,0x41,0x78,0x0f, 704 0x86,0xa0,0xd6,0x61, 0xb0,0xfb,0x15,0x3d, 705 0x3c,0xc3,0xd5,0x1b, 0x72,0x0e,0x79,0x53, 706 0x07,0xd2,0x2c,0x6e, 0x83,0xbd,0x72,0x88, 707 0x41,0x07,0x4b,0xd2, 0xe9,0xcc,0x2a,0x9d, 708 0x5b,0x82,0x0d,0x02, 0x29,0x6e,0xf3,0xbc, 709 0x34,0x31,0x62,0x8d, 0x83,0xc1,0x7e,0x94, 710 0x21,0xd5,0xfd,0xa6, 0x6a,0x2b,0xe8,0x86, 711 0x05,0x48,0x97,0x41, 0xad,0xca,0xef,0x79, 712 0x5e,0xd8,0x51,0xc4, 0xae,0xf7,0xfa,0xac, 713 0x3d,0x74,0x2e,0xf4, 0x41,0x3b,0x19,0xc2, 714 0x04,0xf3,0x40,0xfe, 0x77,0x7c,0x6a,0x4c, 715 0x8e,0x24,0x84,0xe0, 0x70,0xe4,0xb2,0x19, 716 0x6c,0x0c,0x85,0x9e, 0xe1,0xad,0xa4,0x73, 717 0x90,0xdd,0xbf,0x7d, 0x1b,0x6f,0x8b,0x4d, 718 0x3b,0xec,0xd7,0xb0, 0xd9,0x90,0xf1,0xf5, 719 0xb9,0x32,0xe3,0x79, 0x15,0x08,0x3e,0x71, 720 0xed,0x91,0xc4,0x5c, 0x18,0xe8,0x16,0x52, 721 0xae,0x9d,0xf3,0x09, 0xac,0x57,0x11,0xf8, 722 0x16,0x55,0xd0,0x28, 0x60,0xc1,0x7e,0x6d, 723 0x87,0xc1,0x7a,0xe8, 0x5d,0xc5,0x12,0x68, 724 0x6d,0x63,0x39,0x27, 0x49,0xb8,0x0c,0x78, 725 0x92,0xea,0x6f,0x52, 0xeb,0x43,0xc2,0x0b, 726 0xd8,0x28,0x77,0xe5, 0x43,0x5f,0xb8,0xa6, 727 0x32,0xb7,0xaa,0x01, 0x1e,0xa6,0xde,0xe4, 728 0x9b,0x0f,0xb6,0x49, 0xcc,0x6f,0x2c,0x04, 729 0x41,0xcb,0xd8,0x80, 0xd1,0x15,0x5e,0x57, 730 0x1e,0x4a,0x77,0xbf, 0xc4,0xcb,0x09,0x7c, 731 0x6e,0x81,0xb8,0x64, 0x51,0x6a,0xf2,0x71, 732 0x06,0xf6,0x00,0xac, 0x79,0x2c,0x83,0x7a, 733 0x6c,0xa4,0x85,0x89, 0x69,0x06,0x26,0x72, 734 0xe1,0x00,0x66,0xc0, 0xc5,0x8e,0xc8,0x51, 735 0x6e,0x25,0xdd,0xc9, 0x54,0x98,0x45,0x64, 736 0xaa,0x51,0x18,0x1b, 0xe4,0xbe,0x1b,0xee, 737 0x13,0xd6,0x34,0x50, 0x4c,0xcf,0x3c,0x31, 738 0x9b,0xd2,0x6f,0x07, 0x79,0xf4,0x63,0x3f, 739 0x09,0x01,0x64,0xf1, 0xc1,0xf1,0xae,0xa9, 740 0x0c,0x60,0xc9,0x62, 0x84,0xf6,0xe8,0x15, 741 0x55,0xdf,0xdd,0x71, 0x95,0xa9,0x0f,0x65, 742 0x97,0x40,0x79,0x86, 0x95,0xd9,0x57,0x23, 743 0x2f,0x61,0x51,0xb5, 0x16,0x18,0x62,0xd2, 744 0x1a,0xd9,0x8b,0x88, 0x84,0xa9,0x9b,0x47, 745 0xd7,0x22,0x68,0xe9, 0x9c,0x69,0x68,0x74, 746 0x13,0x95,0xd3,0x99, 0x33,0xdb,0x30,0x96, 747 0xbf,0x01,0xc6,0x68, 0xbd,0x19,0x32,0xc1, 748 0xf8,0xa9,0x7f,0x2b, 0xc5,0x69,0x2f,0xa2, 749 0xce,0x5a,0x46,0x43, 0x8d,0x36,0x9c,0xfa, 750 0x5c,0x7f,0x03,0xe0, 0x80,0xaa,0xc7,0x9e, 751 0x3b,0xa3,0x27,0x6b, 0x2e,0xc6,0x59,0x0a, 752 0xf6,0x36,0x37,0xa6, 0xc0,0xd1,0xa1,0xa1, 753 0x7e,0xc1,0xf8,0x5b, 0x0f,0x9b,0xdd,0x6d, 754 0x9f,0x54,0x16,0x6b, 0x6e,0x53,0xfd,0xe8, 755 0x72,0xd0,0x3e,0x46, 0xce,0xaf,0x94,0x36, 756 0x85,0xa8,0xae,0x4c, 0x8d,0xb5,0xc2,0x1b, 757 0x5d,0x29,0x46,0x40, 0x87,0x50,0x59,0xdd, 758 0x04,0xbe,0xba,0x8f, 0x0b,0x9b,0xd2,0x50, 759 0x67,0x19,0x83,0x80, 0x87,0x5c,0x58,0x86, 760 0x20,0x39,0xbf,0xdf, 0xd2,0xc8,0xbb,0xe8, 761 0xc8,0xd8,0xe8,0x8d, 0xcc,0x97,0xe0,0xc9, 762 0x6c,0x2f,0x47,0xb6, 0x75,0x8f,0x0d,0x37, 763 0x5a,0x83,0xb0,0xce, 0x59,0xc2,0x0b,0x84, 764 0xa2,0x54,0xe5,0x38, 0x59,0x29,0x0f,0xa8, 765 0x26,0x2d,0x11,0xa9, 0x89,0x0e,0x0b,0x75, 766 0xe0,0xbc,0xf0,0xf8, 0x92,0x1f,0x29,0x71, 767 0x91,0xc4,0x63,0xcc, 0xf8,0x52,0xb5,0xd4, 768 0xb8,0x94,0x6a,0x30, 0x90,0xf7,0x44,0xbe, 769 }, 770 .mlen = 1008, 771 .m = { 772 0x05,0xe3,0x6f,0x44, 0xa4,0x40,0x35,0xf6, 773 0xeb,0x86,0xa9,0x6d, 0xed,0x16,0xdb,0xb6, 774 0x5b,0x59,0xda,0x30, 0x54,0x6c,0x59,0x35, 775 0x42,0x59,0x56,0x45, 0x9a,0x85,0x20,0x73, 776 0xcf,0x21,0xf5,0x98, 0x58,0x07,0x0e,0x7f, 777 0x44,0x1f,0xf1,0x53, 0x92,0xc7,0x81,0x53, 778 0x5e,0x97,0x8a,0x23, 0x1d,0xe8,0xad,0xca, 779 0x19,0x55,0x96,0x9d, 0x9b,0xfd,0x0a,0x0a, 780 0xad,0xa8,0x0f,0x76, 0xe2,0x6a,0x8f,0x33, 781 0x36,0xbf,0xcb,0x7a, 0xfd,0x61,0xc6,0xfb, 782 0x75,0xea,0xd4,0x09, 0x5e,0x70,0xfb,0x32, 783 0x54,0xe3,0x47,0x48, 0xd4,0x8c,0xa9,0x7c, 784 0x72,0xdb,0xdb,0xf7, 0x09,0x6d,0x58,0xa6, 785 0x42,0xb5,0x74,0x8c, 0x98,0x66,0x83,0x7a, 786 0x6d,0xeb,0x91,0xfb, 0x22,0x1c,0x78,0x3d, 787 0x22,0xa6,0xf8,0xb0, 0xd1,0x9f,0xc8,0x69, 788 0x8a,0xba,0xd3,0x78, 0x21,0xb0,0x7b,0x9f, 789 0xb8,0xed,0xe0,0x65, 0xff,0xa0,0x8b,0x4c, 790 0x17,0x9e,0xf7,0x3e, 0xa2,0x5f,0x82,0x77, 791 0xce,0x2a,0xda,0x41, 0x76,0x07,0x68,0xa4, 792 0xa1,0xbb,0xe0,0x1d, 0x7b,0xab,0x9c,0x03, 793 0x90,0x2c,0xd2,0x93, 0x46,0x43,0x3a,0x44, 794 0x29,0xe8,0xb5,0x7a, 0x23,0xbb,0xe9,0xaf, 795 0x2b,0x17,0x88,0x8f, 0x7a,0x81,0x7a,0x25, 796 0x3b,0xc7,0x1e,0x6e, 0xde,0x3e,0x54,0xbc, 797 0xc6,0xff,0x07,0xdc, 0xe6,0x29,0x02,0x4c, 798 0x95,0x57,0x0e,0x44, 0xc4,0x9c,0xc7,0x45, 799 0x01,0xd7,0x17,0xfd, 0x0f,0x1a,0x83,0x74, 800 0xa0,0xd5,0xb3,0x1a, 0xc0,0x97,0xdc,0xc3, 801 0x0f,0x3d,0x5d,0x8c, 0x02,0x58,0xc6,0x4d, 802 0x43,0x10,0xae,0xc9, 0x94,0xe2,0x9b,0xcd, 803 0xf9,0xcc,0xfe,0xbd, 0x9c,0x69,0xd0,0xec, 804 0xf8,0x67,0xde,0x98, 0xe5,0x50,0x5e,0x93, 805 0x6a,0x5b,0x31,0x2a, 0x62,0xee,0x03,0xbe, 806 0x76,0x9c,0x1d,0x13, 0x16,0x13,0xcf,0x63, 807 0x30,0x18,0x7d,0x1e, 0x55,0x94,0xf5,0x29, 808 0xb4,0x91,0xb4,0x76, 0x1c,0x31,0x9e,0xe5, 809 0x1b,0x0a,0xee,0x89, 0xb4,0xd9,0x45,0x19, 810 0xd7,0x47,0x2c,0x01, 0x20,0xe6,0x1d,0x7c, 811 0xb3,0x5e,0x1b,0x2a, 0x8c,0x3d,0x4d,0x1a, 812 0x6b,0x35,0x84,0x41, 0x6a,0xe4,0x32,0x8f, 813 0x9a,0x0d,0xbf,0x90, 0xff,0xcf,0x4c,0xfb, 814 0x9b,0x07,0x81,0x94, 0xcf,0x8e,0x1a,0x8a, 815 0xfc,0xbd,0x91,0xfe, 0xc3,0xe1,0x18,0xc7, 816 0x1f,0x0d,0x8e,0x1c, 0x2e,0xfc,0x02,0xe8, 817 0x39,0xbf,0x05,0x90, 0x58,0x94,0xee,0xe7, 818 0x15,0x31,0x5d,0x9f, 0x68,0x36,0x64,0x32, 819 0x25,0x49,0xdd,0x3e, 0xc8,0xb6,0x83,0x5e, 820 0x09,0x90,0xcd,0x48, 0xaf,0x9e,0xfe,0xd6, 821 0x79,0x8e,0x69,0x4b, 0x94,0xd5,0xf4,0x84, 822 0x7b,0xce,0xea,0x2f, 0x9b,0x79,0x7a,0x7c, 823 0x22,0x28,0x4d,0xa1, 0x38,0x1a,0x66,0x24, 824 0x79,0xa3,0xfa,0xfa, 0x8d,0x98,0x7c,0x54, 825 0x71,0x54,0xef,0x37, 0xa6,0xf1,0x97,0x54, 826 0xad,0xe7,0x67,0xa0, 0xf3,0x33,0xcf,0x4f, 827 0x4e,0xa3,0x47,0xee, 0x31,0xd3,0x98,0xf9, 828 0x7f,0x9f,0x44,0x18, 0x2f,0x13,0x1b,0x44, 829 0x57,0xcd,0x15,0x5b, 0xde,0x8f,0x1a,0x3c, 830 0xb5,0x1e,0xa7,0x2d, 0x4d,0xbe,0x85,0x08, 831 0x78,0xeb,0xe2,0x35, 0x3a,0xbe,0x55,0x6b, 832 0xc3,0xe1,0x0f,0x77, 0x43,0x41,0x11,0x5a, 833 0x61,0xc9,0x3b,0xbc, 0xad,0x88,0x9e,0xba, 834 0xc6,0xd2,0xdc,0x87, 0xd9,0x54,0xcc,0x86, 835 0x46,0xe6,0xa5,0x29, 0x2c,0x08,0x49,0x53, 836 0x2c,0xe3,0x0e,0x60, 0xc5,0x48,0xca,0x62, 837 0x3f,0xf6,0x93,0xc1, 0xba,0x8d,0x36,0x49, 838 0xe7,0x0f,0x9c,0x49, 0x7d,0xee,0x2a,0x22, 839 0xc3,0xe5,0x11,0x21, 0xfa,0xc7,0xeb,0x79, 840 0xcc,0x4d,0x75,0x4e, 0x66,0x33,0xf5,0x09, 841 0xa3,0xb9,0x60,0xa5, 0xd6,0xbd,0x38,0x75, 842 0x0c,0x2f,0x5f,0x1f, 0xea,0xa5,0x9d,0x45, 843 0x3c,0xe4,0x41,0xb8, 0xf6,0x4e,0x15,0x87, 844 0x0b,0x7f,0x42,0x4e, 0x51,0x3d,0xc4,0x9a, 845 0xb2,0xca,0x37,0x16, 0x0f,0xed,0x9e,0x0b, 846 0x93,0x86,0x12,0x93, 0x36,0x5e,0x39,0xc4, 847 0xf0,0xf4,0x48,0xdb, 0xeb,0x18,0x5e,0x50, 848 0x71,0x30,0x83,0xe5, 0x0f,0xb1,0x73,0xa7, 849 0xc6,0xf0,0xca,0x29, 0x0e,0xc4,0x07,0x5b, 850 0x8b,0x09,0x68,0x68, 0x10,0x32,0x92,0x62, 851 0x6a,0x6c,0x56,0x8b, 0x01,0x46,0x9a,0x20, 852 0x89,0xe0,0x93,0x85, 0x8c,0x53,0x87,0xf6, 853 0x02,0xd3,0x8d,0x72, 0x31,0x35,0xa1,0x34, 854 0x63,0x70,0x61,0x80, 0x06,0xf1,0x54,0xb3, 855 0x5d,0xdf,0xad,0x9c, 0x7e,0x3a,0xc2,0x8f, 856 0x76,0x8b,0x4c,0x74, 0x2c,0x8c,0x6f,0x0a, 857 0x60,0x13,0xa8,0xce, 0x4c,0x49,0x70,0x90, 858 0x59,0x57,0xf5,0x7b, 0x03,0x94,0x37,0x87, 859 0xfa,0xfe,0xeb,0xe7, 0x2d,0x01,0x45,0x69, 860 0xb4,0x10,0x80,0x6d, 0x13,0x26,0xe3,0x9b, 861 0x49,0x2a,0x0b,0xb1, 0x36,0xf9,0x62,0x63, 862 0x33,0x2a,0xee,0x51, 0x5e,0x35,0xa4,0x2e, 863 0x34,0xa1,0x77,0xac, 0x27,0x99,0x03,0xc6, 864 0xe2,0x83,0x11,0x72, 0x77,0x30,0x8b,0xb7, 865 0xde,0x1a,0xa1,0x4b, 0xa9,0x9c,0x07,0x02, 866 0xf2,0xdc,0x06,0x45, 0xf2,0xab,0x31,0x46, 867 0x50,0x25,0x34,0x54, 0xa8,0x06,0x88,0x6c, 868 0xfc,0x88,0xb5,0xae, 0x30,0xbd,0xe1,0xe7, 869 0xfe,0x51,0x46,0x05, 0x9a,0x29,0xd9,0x93, 870 0x99,0x60,0x69,0x4a, 0x5c,0xb2,0x29,0x6b, 871 0xa1,0xbb,0x9d,0xe4, 0x9b,0x7d,0x4a,0xe5, 872 0x37,0xcb,0x16,0x6f, 0x44,0x93,0xe4,0x71, 873 0x34,0x7b,0x54,0xec, 0x5b,0x2b,0xe0,0xf7, 874 0x32,0xed,0x77,0xa6, 0xb3,0x7c,0x8d,0x1a, 875 0xc0,0x57,0xbe,0x2b, 0x6d,0x7f,0xd7,0x35, 876 0xe6,0x93,0xed,0x90, 0x26,0xfe,0x41,0xf3, 877 0x58,0x55,0x03,0xb7, 0xb2,0x94,0xe2,0x0c, 878 0x34,0xc3,0x06,0xc6, 0x9e,0x4b,0x17,0xc7, 879 0xb9,0x58,0x23,0x58, 0xd3,0x73,0x18,0x5e, 880 0xcf,0x28,0xac,0x90, 0xa0,0xba,0x35,0x90, 881 0x96,0xb3,0xc7,0x6c, 0xe1,0x07,0xdf,0x5d, 882 0xaa,0x2c,0xa6,0x6b, 0x82,0x2d,0x71,0x66, 883 0xb7,0x76,0x37,0xdb, 0x39,0x7f,0x22,0x8f, 884 0x38,0x70,0xd4,0xeb, 0xf8,0xf0,0x73,0xed, 885 0xb6,0x67,0x75,0xaf, 0xd7,0x5d,0x01,0x01, 886 0xc4,0xd6,0x7c,0xbc, 0xc3,0xe6,0xad,0x9a, 887 0x9c,0x6a,0x43,0x9b, 0xfb,0x34,0x55,0x47, 888 0xcd,0xeb,0x4e,0x2c, 0x29,0x6f,0xb0,0xeb, 889 0xb5,0x08,0xdb,0x6b, 0x40,0x26,0x51,0x54, 890 0x5a,0x97,0x64,0x74, 0x95,0xe6,0xae,0x8a, 891 0x4c,0xe9,0x44,0x47, 0x85,0xd6,0xcf,0xe0, 892 0x11,0x65,0x45,0xb3, 0xe1,0xfc,0x6a,0x01, 893 0x38,0x40,0x8a,0x71, 0xc5,0xd6,0x64,0xa8, 894 0x36,0x95,0x44,0x9c, 0x10,0x41,0xa3,0x71, 895 0xb4,0x70,0x02,0xdf, 0xf9,0xad,0x2b,0xec, 896 0x75,0xf7,0x09,0x6c, 0x5d,0x2a,0xd0,0x0b, 897 0x2e,0xb3,0xf0,0xd3, 0xce,0xdb,0x26,0x80, 898 }, 899 .h = { 900 0x2d,0xb3,0x7e,0x73, 0xde,0x6a,0x9e,0xa9, 901 0x54,0x9a,0x0f,0xb3, 0x0b,0xcc,0xc9,0xde, 902 0x7a,0x4e,0x4a,0x71, 0x07,0x33,0xee,0x06, 903 0x5c,0x9a,0xa1,0x30, 0x5e,0x39,0x4e,0x10, 904 }, 905 }, 906 [2] = { /* 1024-byte message */ 907 .k = { 908 0x4c,0xe4,0x3c,0x6e, 0xa0,0xe3,0x0e,0x64, 909 0x35,0x44,0x3e,0x0b, 0x4d,0x29,0xbe,0x04, 910 0xa7,0xaa,0x88,0xe0, 0xe0,0x07,0x7d,0xa8, 911 0x2b,0x87,0x7d,0x08, 0xa6,0x59,0xd0,0xa5, 912 0x03,0xae,0x9b,0xee, 0xd4,0x11,0x39,0x7d, 913 0x9e,0x1d,0x89,0xe3, 0xc6,0x92,0x36,0x07, 914 0xa4,0x43,0xad,0x2f, 0xd5,0x71,0x84,0x2d, 915 0xc0,0x37,0xed,0x62, 0x4e,0x2b,0x8c,0xd5, 916 0x1d,0xf7,0x00,0xbb, 0x3d,0x5e,0xcc,0xc5, 917 0x6d,0xdd,0x17,0xf2, 0x89,0x25,0x30,0x16, 918 0x04,0xd7,0x1f,0x84, 0x7d,0x61,0xa0,0x7a, 919 0x49,0x88,0x44,0x46, 0xc6,0x05,0xd1,0xc9, 920 0xa0,0x2a,0x86,0xdd, 0xd3,0x80,0x40,0xa4, 921 0x28,0xb3,0xa4,0x3b, 0x71,0x0a,0x7f,0x2d, 922 0x3b,0xcd,0xe6,0xac, 0x59,0xda,0x43,0x56, 923 0x6e,0x9a,0x3f,0x1e, 0x82,0xcf,0xb3,0xa0, 924 0xa1,0x46,0xcf,0x2e, 0x32,0x05,0xcd,0x68, 925 0xbb,0x51,0x71,0x8a, 0x16,0x75,0xbe,0x49, 926 0x7e,0xb3,0x63,0x30, 0x95,0x34,0xe6,0x85, 927 0x7e,0x9a,0xdd,0xe6, 0x43,0xd6,0x59,0xf8, 928 0x6a,0xb8,0x8f,0x5f, 0x5d,0xd9,0x55,0x41, 929 0x12,0xf9,0x98,0xc6, 0x93,0x7c,0x3f,0x46, 930 0xab,0x7c,0x8b,0x28, 0xde,0x9a,0xb1,0xf0, 931 0x6c,0x43,0x2a,0xb3, 0x70,0xc5,0x9d,0xc0, 932 0x26,0xcf,0xad,0x9c, 0x87,0x9b,0x3f,0x7c, 933 0x24,0xac,0xe7,0xd4, 0xe8,0x14,0xe3,0x3e, 934 0xf6,0x8a,0x97,0x87, 0x63,0x2c,0x88,0xdc, 935 0xc5,0x23,0x68,0x6e, 0x94,0xe1,0x09,0xc4, 936 0x44,0xda,0x8f,0xa7, 0x9f,0xc4,0x52,0xa4, 937 0x18,0x1d,0x3c,0x08, 0xca,0x0a,0x3e,0xb4, 938 0xbf,0xbe,0xc6,0x47, 0xe2,0x89,0x2b,0x07, 939 0x71,0xd9,0xc8,0x6a, 0x06,0xd5,0xd0,0x47, 940 0x4e,0x07,0x4f,0x6b, 0xdb,0xdf,0x3d,0xf0, 941 0x7c,0x5f,0x49,0x70, 0x17,0x4f,0x9f,0x33, 942 0x7e,0x4b,0x72,0x3b, 0x8c,0x68,0x22,0xf9, 943 0xd2,0xad,0xe4,0xe4, 0xb2,0x61,0x9d,0xb8, 944 0xc2,0x5c,0xf0,0x3b, 0x08,0xb2,0x75,0x30, 945 0x3a,0xd0,0x7d,0xf9, 0xb2,0x00,0x40,0x56, 946 0x79,0xe2,0x0d,0x31, 0x72,0xe2,0xc2,0xd1, 947 0x2e,0x27,0xe7,0xc8, 0x96,0x1a,0xc6,0x7e, 948 0xb8,0xc1,0x93,0xfb, 0x1d,0xbc,0xed,0x97, 949 0x2f,0x2f,0xea,0xa1, 0x40,0x49,0xf6,0x1d, 950 0xab,0x54,0x46,0x2e, 0x73,0xf2,0x74,0xf1, 951 0x6d,0x5c,0xe6,0xa0, 0xd4,0x73,0x1c,0xbc, 952 0x07,0x81,0xf5,0x94, 0xe6,0x18,0xdc,0x42, 953 0x68,0xb9,0xeb,0xfb, 0xa3,0x76,0x8c,0x83, 954 0x98,0xe9,0x96,0xa6, 0xa6,0x5e,0x0e,0xd1, 955 0xfc,0xb7,0x8e,0x8b, 0x9e,0xa4,0x00,0x76, 956 0x0e,0x35,0x92,0x5e, 0x05,0xa1,0x92,0xc4, 957 0x0c,0xd1,0xec,0x8c, 0x04,0x8e,0x65,0x56, 958 0x43,0xae,0x16,0x18, 0x2e,0x3e,0xfe,0x47, 959 0x92,0xe1,0x76,0x1b, 0xb6,0xcc,0x0b,0x82, 960 0xe1,0x8c,0x7b,0x43, 0xe4,0x90,0xed,0x28, 961 0x0b,0xe6,0x05,0xea, 0x4a,0xc0,0xf1,0x12, 962 0x54,0x09,0x93,0xda, 0xfc,0xf4,0x86,0xff, 963 0x4c,0xaa,0x7d,0xbe, 0xd0,0x4a,0xa6,0x9d, 964 0x6b,0x27,0x8f,0xb1, 0xb5,0x3a,0x9b,0xce, 965 0xe2,0x5c,0x29,0x35, 0xd6,0xe7,0xf3,0xa4, 966 0x5e,0x70,0xf6,0xc6, 0xde,0x63,0x86,0xf7, 967 0xc9,0xab,0x42,0xb9, 0xe7,0x5d,0x1c,0x68, 968 0x73,0xa3,0xed,0xb0, 0xa0,0xb6,0x18,0x15, 969 0xe6,0x57,0x4c,0x21, 0xf7,0xf3,0xc6,0x32, 970 0x4d,0x07,0x4a,0x14, 0xde,0xb2,0xc7,0xca, 971 0xf0,0x78,0xc4,0x85, 0xe3,0xdc,0xfb,0x35, 972 0x7c,0x6b,0xc0,0xb8, 0xcd,0x7a,0x22,0xfc, 973 0xe4,0xe8,0xe2,0x98, 0x6c,0x8e,0xdf,0x37, 974 0x8e,0x0f,0x25,0x23, 0xdd,0xea,0x40,0x6f, 975 0xb3,0x07,0x7e,0x7a, 0x6b,0xa1,0xa1,0xcf, 976 0x24,0xd9,0xad,0x72, 0x7a,0x45,0x49,0xca, 977 0xfe,0xc7,0x2e,0x6d, 0xaa,0xc1,0x08,0x2c, 978 0xe6,0xde,0xde,0x73, 0x01,0x9c,0xdc,0x65, 979 0x3a,0xdf,0xc6,0x15, 0x37,0x62,0x0b,0x2c, 980 0x9a,0x36,0xed,0x37, 0xd9,0xfc,0xa9,0xb3, 981 0x32,0xc3,0xde,0x26, 0xe7,0xf0,0x3f,0x02, 982 0xed,0x35,0x74,0xea, 0xdd,0x32,0xe9,0x96, 983 0x75,0x66,0xb8,0xf0, 0x75,0x98,0x8f,0x3a, 984 0xd0,0xc2,0xa1,0x98, 0x5f,0xf9,0x32,0x31, 985 0x00,0x18,0x7d,0xc5, 0x9d,0x15,0x5b,0xdc, 986 0x13,0x37,0x69,0xfc, 0x95,0x7a,0x62,0x0e, 987 0x8a,0x86,0xed,0x18, 0x78,0x3c,0x49,0xf4, 988 0x18,0x73,0xcd,0x2e, 0x7b,0xa3,0x40,0xd7, 989 0x01,0xf6,0xc7,0x2a, 0xc5,0xce,0x13,0x09, 990 0xb1,0xe5,0x25,0x17, 0xdf,0x9d,0x7e,0x0b, 991 0x50,0x46,0x62,0x78, 0xb5,0x25,0xb2,0xd9, 992 0x65,0xfa,0x5b,0xf7, 0xfe,0xc6,0xe0,0x7b, 993 0x7b,0x4e,0x14,0x2e, 0x0d,0x3a,0xd0,0xe0, 994 0xa0,0xd2,0xeb,0x4d, 0x87,0x11,0x42,0x28, 995 0x02,0x7e,0xa8,0x56, 0x5b,0x53,0xbd,0x76, 996 0x47,0x8f,0x5f,0x8b, 0xc7,0xd9,0x72,0xf7, 997 0x11,0xbb,0x94,0xdb, 0x0d,0x07,0xb7,0x0a, 998 0xcc,0x41,0x00,0xcd, 0xd0,0x50,0x25,0x31, 999 0xc9,0x47,0x6b,0xdd, 0x3f,0x70,0x24,0x3e, 1000 0xde,0x02,0x62,0x6c, 0xb4,0x44,0x92,0x8e, 1001 0x98,0x9c,0x0e,0x30, 0x2f,0x80,0xb9,0x5e, 1002 0x75,0x90,0xa6,0x02, 0xf0,0xed,0xb0,0x8b, 1003 0x44,0xa3,0x59,0x2d, 0xc3,0x08,0xe5,0xd9, 1004 0x89,0x6a,0x71,0x44, 0x04,0xc4,0xb2,0x61, 1005 0x5b,0xf5,0x46,0x44, 0xdc,0x36,0x2e,0xfd, 1006 0x41,0xf5,0xa1,0x3a, 0xb3,0x93,0x74,0x7d, 1007 0x54,0x5e,0x64,0xdc, 0xbc,0xd7,0x07,0x48, 1008 0x3e,0x73,0x81,0x22, 0x9c,0x5a,0xf6,0xde, 1009 0x94,0x42,0xe1,0x6c, 0x92,0xe7,0x6d,0xa0, 1010 0x5e,0xc3,0xd6,0xe9, 0x84,0xd9,0xba,0x57, 1011 0xef,0x85,0x6a,0x9b, 0xe6,0x9a,0x2b,0xf8, 1012 0x8d,0xfe,0x9d,0xad, 0x70,0x26,0x05,0x14, 1013 0x45,0x07,0xcb,0x72, 0xd4,0x8b,0x14,0x44, 1014 0x74,0x40,0x9c,0x29, 0x8b,0xba,0x40,0x09, 1015 0x52,0xfc,0xc5,0x40, 0xb1,0x25,0x69,0xaa, 1016 0x8f,0x12,0xc4,0xc6, 0x2b,0x3f,0x73,0x9d, 1017 0xff,0x52,0xd4,0xac, 0x77,0x43,0xdc,0xd2, 1018 0x06,0x9a,0x1b,0xfc, 0x0c,0x8f,0x6b,0x59, 1019 0xa5,0xd4,0xde,0x06, 0x16,0x34,0xef,0x75, 1020 0x22,0x54,0x9c,0x53, 0x38,0x0b,0x57,0xc7, 1021 0xaa,0x78,0x2d,0x3a, 0x9b,0xdd,0xed,0xb5, 1022 0x0b,0xb0,0x08,0x5f, 0x57,0xdb,0xfc,0xbe, 1023 0x44,0xfd,0x71,0x5f, 0x71,0x14,0xd5,0x14, 1024 0x70,0xb6,0xee,0xd0, 0xf3,0x37,0x6f,0x57, 1025 0x55,0x3c,0x7c,0x23, 0x6f,0xbe,0x83,0x5c, 1026 0xb5,0x64,0xfd,0x6d, 0x7c,0xe4,0x05,0x2b, 1027 0xdb,0xc4,0xf5,0xa0, 0xd3,0xa6,0x15,0x48, 1028 0xc2,0x50,0xf8,0xf7, 0xc2,0xab,0xb5,0x6a, 1029 0x0d,0x1a,0xb5,0x30, 0x33,0xf8,0x12,0x2d, 1030 0xfb,0xa6,0x2e,0xe5, 0xbe,0x40,0xba,0x48, 1031 0xef,0x05,0xc8,0x37, 0x3a,0x36,0xad,0x99, 1032 0x77,0x87,0x84,0xac, 0xd8,0xcb,0x7a,0x88, 1033 0x3e,0x2d,0x8b,0xbe, 0x9a,0x35,0x88,0x26, 1034 0xe9,0x20,0xd4,0x66, 0x80,0x8b,0xf8,0x54, 1035 0xba,0xcd,0xa8,0x47, 0x35,0x1b,0xc4,0x09, 1036 0x6d,0xff,0x0e,0x60, 0x7c,0xf3,0x68,0xbf, 1037 0xe3,0xe9,0x73,0x07, 0x84,0xf0,0x08,0x45, 1038 0x97,0x65,0x94,0xd1, 0x35,0x4e,0x67,0x0c, 1039 0xe3,0xb7,0x61,0x7b, 0x09,0x22,0xed,0x18, 1040 0xee,0x0b,0x54,0xc0, 0xab,0x8b,0xaa,0x71, 1041 0x4c,0x40,0xbf,0xf7, 0xe0,0x7e,0x08,0xaa, 1042 }, 1043 .mlen = 1024, 1044 .m = { 1045 0x1d,0xea,0xe5,0x2b, 0x4c,0x22,0x4d,0xf3, 1046 0x15,0x53,0xcb,0x41, 0xf5,0xcf,0x0b,0x7b, 1047 0xc9,0x80,0xc0,0x95, 0xd2,0x7b,0x08,0x4b, 1048 0x3d,0xcd,0xd8,0x3b, 0x2f,0x18,0xd4,0x70, 1049 0x38,0xb2,0xa7,0x2f, 0x7f,0xba,0xd8,0xed, 1050 0xbc,0x8f,0xac,0xe4, 0xe2,0x11,0x2d,0x6d, 1051 0xe6,0xa4,0x36,0x90, 0xc2,0x7f,0xdf,0xe3, 1052 0xdc,0x50,0xdb,0x6c, 0x56,0xcf,0x7d,0xd6, 1053 0xd0,0xcb,0xd6,0x9b, 0x01,0xbb,0xef,0x1c, 1054 0x0a,0x6c,0x92,0x23, 0xeb,0x77,0xf9,0xd1, 1055 0x25,0xdc,0x94,0x30, 0x30,0xa4,0x96,0x3e, 1056 0xdf,0x52,0x4c,0xe7, 0xdf,0x27,0x9f,0x73, 1057 0x78,0x0c,0x8c,0x7f, 0x9d,0xae,0x79,0x5d, 1058 0x91,0x5e,0x4b,0x02, 0xa9,0x31,0x9c,0xff, 1059 0x46,0x73,0xec,0x0d, 0x5a,0xb8,0xeb,0x48, 1060 0x19,0x9c,0x44,0xe0, 0xc8,0x81,0x96,0x4c, 1061 0x47,0x0c,0xe7,0x1d, 0x2a,0x9c,0xd5,0xe0, 1062 0xe7,0xd6,0xa0,0x88, 0xf0,0xf6,0xda,0xa7, 1063 0x6a,0xdd,0xfd,0x4f, 0x00,0x6e,0x25,0x7d, 1064 0xb9,0x81,0x19,0x2f, 0x4e,0xcc,0x8d,0x6e, 1065 0xa6,0x92,0xcf,0xd8, 0x6e,0x78,0x0a,0xf6, 1066 0x8a,0x43,0xeb,0x60, 0x0c,0x8b,0x93,0x50, 1067 0x88,0xd1,0x67,0x05, 0x0c,0xdc,0x43,0x85, 1068 0x50,0x91,0x63,0xa4, 0x32,0x14,0x66,0x84, 1069 0xdb,0x04,0x9f,0x77, 0x95,0x60,0x19,0xc6, 1070 0x98,0x60,0x62,0xe4, 0xc6,0xee,0x70,0x76, 1071 0xb0,0x59,0x80,0x59, 0x46,0xae,0x99,0x26, 1072 0x62,0x4a,0xf0,0x45, 0x8f,0xf0,0x70,0x5b, 1073 0x52,0xfc,0xee,0x4d, 0x30,0x47,0xc8,0xae, 1074 0xe2,0xbc,0x2c,0x73, 0x78,0x67,0xf1,0x00, 1075 0xb4,0xda,0x01,0xad, 0x3b,0xc4,0x5c,0x6c, 1076 0x65,0xca,0x84,0x22, 0x95,0x32,0x95,0x20, 1077 0x4d,0xdc,0x96,0x2e, 0x61,0xe4,0xc8,0xec, 1078 0x2d,0xbf,0xc1,0x5d, 0x70,0xf9,0x75,0xf2, 1079 0xad,0x0a,0xc9,0xd7, 0x0a,0x81,0x3c,0xa1, 1080 0x13,0xec,0x63,0xd4, 0xd0,0x67,0xf4,0xcc, 1081 0x6e,0xb8,0x52,0x08, 0x46,0xc9,0x2a,0x92, 1082 0x59,0xd9,0x14,0x17, 0xde,0x2f,0xc7,0x36, 1083 0xd5,0xd5,0xfc,0x8a, 0x63,0xd5,0x5f,0xe3, 1084 0xdd,0x55,0x00,0x8e, 0x5e,0xc9,0xed,0x04, 1085 0x1d,0xeb,0xae,0xc5, 0xd0,0xf9,0x73,0x28, 1086 0xf3,0x81,0xd5,0xb4, 0x60,0xb2,0x42,0x81, 1087 0x68,0xf3,0xb9,0x73, 0x07,0x2e,0x34,0x8e, 1088 0x47,0x12,0xae,0x7c, 0xa8,0xc2,0xce,0xad, 1089 0x0f,0x6e,0x44,0xa5, 0x35,0x5e,0x61,0x6b, 1090 0xfc,0x67,0x9c,0x82, 0xa1,0xd2,0xff,0xfe, 1091 0x60,0x7c,0x40,0x02, 0x24,0x9e,0x8b,0x90, 1092 0xa0,0x89,0xd9,0x83, 0x04,0xd8,0xef,0x9c, 1093 0x96,0x28,0x77,0x3e, 0xe3,0xb0,0xf8,0x3d, 1094 0xfb,0x91,0x8f,0x6f, 0x83,0x58,0x1e,0x4b, 1095 0x64,0xc7,0xf6,0xe0, 0x85,0x03,0xe3,0xf9, 1096 0x6b,0xc9,0x9e,0x9d, 0x57,0x25,0xe4,0x69, 1097 0x08,0x59,0x28,0x4a, 0x52,0x9c,0x49,0x19, 1098 0x24,0x49,0xba,0xb1, 0x82,0xd4,0xcf,0xd0, 1099 0x1e,0x1d,0xc2,0x02, 0x42,0x4e,0xdf,0xf7, 1100 0x2b,0x3d,0x99,0xf6, 0x99,0xa4,0x3a,0xe1, 1101 0x9d,0x68,0xc8,0x08, 0xec,0xec,0x1c,0xa8, 1102 0x41,0x4a,0x27,0x84, 0xe9,0x0d,0x95,0x54, 1103 0x1a,0xca,0x5f,0x5d, 0x5a,0x96,0xb9,0x5b, 1104 0x6e,0xbc,0x39,0x7f, 0x7a,0x20,0xc5,0xb2, 1105 0x60,0x0c,0xa3,0x78, 0xc3,0x2b,0x87,0xcc, 1106 0xea,0xb0,0x4d,0x27, 0xfb,0x6c,0x58,0x51, 1107 0xce,0x90,0xca,0xd6, 0x86,0x91,0x4d,0x2c, 1108 0x8c,0x82,0xf0,0xc9, 0x9a,0x0a,0x73,0xb3, 1109 0xcb,0xa9,0xd4,0x26, 0x4d,0x74,0xbe,0x0e, 1110 0x4a,0x6e,0x10,0xeb, 0x4e,0xba,0x4e,0xba, 1111 0x0d,0x26,0x69,0x87, 0x5e,0x08,0x2b,0x43, 1112 0xbe,0x97,0x4e,0x2a, 0x63,0xbc,0x52,0xb7, 1113 0xda,0x23,0x23,0x11, 0xfa,0xcf,0x89,0xac, 1114 0x90,0x5f,0x60,0x7a, 0x50,0xb7,0xbe,0x79, 1115 0x0b,0x2c,0xf0,0x27, 0xf0,0xfb,0xaf,0x64, 1116 0xc8,0x57,0x7c,0xeb, 0x1c,0xf7,0x36,0xec, 1117 0x09,0x97,0x66,0x31, 0x54,0xe4,0x00,0xcf, 1118 0x68,0x24,0x77,0x1a, 0xbc,0x27,0x3a,0xad, 1119 0x8a,0x01,0x7e,0x45, 0xe7,0xe4,0xa4,0xeb, 1120 0x38,0x62,0x9d,0x90, 0xea,0x00,0x9c,0x03, 1121 0x5e,0xb2,0x7d,0xd8, 0x2f,0xe9,0xc9,0x3c, 1122 0x1a,0x5c,0x21,0x1a, 0x59,0x45,0x62,0x47, 1123 0x93,0x1b,0xdc,0xd8, 0x3e,0x07,0x8b,0x75, 1124 0xd0,0x6d,0xcc,0x8d, 0xec,0x79,0xa8,0x9a, 1125 0x51,0xa5,0x50,0x18, 0xae,0x44,0x93,0x75, 1126 0xc1,0xc8,0x1e,0x10, 0x59,0x1e,0x0b,0xb3, 1127 0x06,0x30,0xa8,0x66, 0x8d,0x8e,0xd6,0x4d, 1128 0x0d,0x8a,0xb4,0x28, 0xdc,0xfb,0x5d,0x59, 1129 0xe0,0x92,0x77,0x38, 0xfa,0xad,0x46,0x46, 1130 0x25,0x15,0x4c,0xca, 0x09,0x2b,0x31,0xe9, 1131 0x36,0xe8,0xc2,0x67, 0x34,0x4d,0x5e,0xa0, 1132 0x8f,0x9a,0xe8,0x7f, 0xf2,0x2a,0x92,0x78, 1133 0xde,0x09,0x75,0xe7, 0xe5,0x50,0x0a,0x2e, 1134 0x88,0x63,0xc0,0x8f, 0xa8,0x73,0x0f,0xe5, 1135 0x1e,0x9d,0xdb,0xce, 0x53,0xe0,0x42,0x94, 1136 0x7b,0x5c,0xa1,0x5e, 0x1e,0x8f,0x0a,0x6e, 1137 0x8b,0x1a,0xad,0x93, 0x70,0x86,0xf1,0x69, 1138 0x70,0x93,0x24,0xe3, 0x83,0x2f,0xa8,0x04, 1139 0xba,0x27,0x0a,0x2e, 0x03,0xeb,0x69,0xd9, 1140 0x56,0x0e,0xc4,0x10, 0x55,0x31,0x2c,0x3f, 1141 0xd1,0xb2,0x94,0x0f, 0x28,0x15,0x3c,0x02, 1142 0x15,0x5e,0xec,0x26, 0x9c,0xc3,0xfc,0xa7, 1143 0x5c,0xb0,0xfa,0xc0, 0x02,0xf9,0x01,0x3f, 1144 0x01,0x73,0x24,0x22, 0x50,0x28,0x2a,0xca, 1145 0xb1,0xf2,0x03,0x00, 0x2f,0xc6,0x6f,0x28, 1146 0x4f,0x4b,0x4f,0x1a, 0x9a,0xb8,0x16,0x93, 1147 0x31,0x60,0x7c,0x3d, 0x35,0xc8,0xd6,0x90, 1148 0xde,0x8c,0x89,0x39, 0xbd,0x21,0x11,0x05, 1149 0xe8,0xc4,0x04,0x3b, 0x65,0xa5,0x15,0xcf, 1150 0xcf,0x15,0x14,0xf6, 0xe7,0x2e,0x3c,0x47, 1151 0x59,0x0b,0xaa,0xc0, 0xd4,0xab,0x04,0x14, 1152 0x9c,0xd7,0xe2,0x43, 0xc7,0x87,0x09,0x03, 1153 0x27,0xd2,0x0a,0xff, 0x8d,0xd5,0x80,0x34, 1154 0x93,0xa2,0x2c,0xb1, 0x4e,0x16,0x2d,0x82, 1155 0x51,0x5c,0x3c,0xe5, 0x75,0x51,0x7b,0xb4, 1156 0xd8,0x1e,0x59,0x98, 0x0f,0x75,0xed,0x02, 1157 0x1c,0x13,0xf6,0x02, 0xda,0xf9,0x47,0xf7, 1158 0x45,0x25,0x0f,0x58, 0x22,0x5d,0xef,0xf0, 1159 0x1b,0xdb,0xae,0xaf, 0xbe,0xc6,0xe1,0xcd, 1160 0x70,0x46,0x6e,0x03, 0x9a,0x20,0x77,0x00, 1161 0x3c,0x32,0xb5,0x8f, 0x04,0xb6,0x6f,0xa2, 1162 0x31,0xc9,0x7c,0xf9, 0x84,0x67,0x87,0xfb, 1163 0x7b,0x13,0xb0,0x4d, 0x35,0xfd,0x37,0x5b, 1164 0xf4,0x25,0xf0,0x02, 0x74,0xa0,0x69,0xd4, 1165 0x53,0x61,0x4b,0x54, 0x68,0x94,0x0e,0x08, 1166 0x25,0x82,0x90,0xfc, 0x25,0xb6,0x63,0xe2, 1167 0x07,0x9f,0x42,0xf1, 0xbb,0x33,0xea,0xab, 1168 0x92,0x54,0x2b,0x9f, 0x88,0xc0,0x31,0x2b, 1169 0xfd,0x36,0x50,0x80, 0xfc,0x1a,0xff,0xab, 1170 0xe8,0xc4,0x7f,0xb6, 0x98,0xb9,0x2e,0x17, 1171 0xca,0x28,0x3d,0xdf, 0x0f,0x07,0x43,0x20, 1172 0xf0,0x07,0xea,0xe5, 0xcd,0x4e,0x81,0x34, 1173 }, 1174 .h = { 1175 0x9d,0x22,0x88,0xfd, 0x41,0x43,0x88,0x45, 1176 0x34,0xfe,0x85,0xc4, 0xb9,0xff,0xe1,0x55, 1177 0x40,0x1d,0x25,0x37, 0xd1,0xf8,0xfc,0x2b, 1178 0x3a,0xf5,0x3b,0x69, 0xbf,0xa6,0x9d,0xed, 1179 }, 1180 }, 1181 }; 1182 static uint32_t k[268]; 1183 uint8_t h[32]; 1184 unsigned i, j; 1185 int result = 0; 1186 1187 for (i = 0; i < __arraycount(C); i++) { 1188 for (j = 0; j < 268; j++) 1189 k[j] = le32dec(C[i].k + 4*j); 1190 nh(h, C[i].m, C[i].mlen, k); 1191 if (memcmp(h, C[i].h, 32)) { 1192 char prefix[10]; 1193 snprintf(prefix, sizeof prefix, "nh %u", i); 1194 hexdump(printf, prefix, h, 32); 1195 result = -1; 1196 } 1197 } 1198 1199 return result; 1200 } 1201 1202 /* https://github.com/google/adiantum/blob/a5ad5134ab11b10a3ee982c52385953fac88fedc/test_vectors/ours/NHPoly1305/NHPoly1305.json */ 1204 static int 1205 nhpoly1305_selftest(void) 1206 { 1207 static const struct { 1208 uint8_t k[1088]; 1209 unsigned mlen; 1210 uint8_t m[1024]; 1211 uint8_t h[16]; 1212 } C[] = { 1213 [0] = { /* 0-byte message */ 1214 .k = { 1215 /* Poly1305 key */ 1216 0xd2,0x5d,0x4c,0xdd, 0x8d,0x2b,0x7f,0x7a, 1217 0xd9,0xbe,0x71,0xec, 0xd1,0x83,0x52,0xe3, 1218 1219 /* NH key */ 1220 0xe1,0xad,0xd7,0x5c, 0x0a,0x75,0x9d,0xec, 1221 0x1d,0x13,0x7e,0x5d, 0x71,0x07,0xc9,0xe4, 1222 0x57,0x2d,0x44,0x68, 0xcf,0xd8,0xd6,0xc5, 1223 0x39,0x69,0x7d,0x32, 0x75,0x51,0x4f,0x7e, 1224 0xb2,0x4c,0xc6,0x90, 0x51,0x6e,0xd9,0xd6, 1225 0xa5,0x8b,0x2d,0xf1, 0x94,0xf9,0xf7,0x5e, 1226 0x2c,0x84,0x7b,0x41, 0x0f,0x88,0x50,0x89, 1227 0x30,0xd9,0xa1,0x38, 0x46,0x6c,0xc0,0x4f, 1228 0xe8,0xdf,0xdc,0x66, 0xab,0x24,0x43,0x41, 1229 0x91,0x55,0x29,0x65, 0x86,0x28,0x5e,0x45, 1230 0xd5,0x2d,0xb7,0x80, 0x08,0x9a,0xc3,0xd4, 1231 0x9a,0x77,0x0a,0xd4, 0xef,0x3e,0xe6,0x3f, 1232 0x6f,0x2f,0x9b,0x3a, 0x7d,0x12,0x1e,0x80, 1233 0x6c,0x44,0xa2,0x25, 0xe1,0xf6,0x60,0xe9, 1234 0x0d,0xaf,0xc5,0x3c, 0xa5,0x79,0xae,0x64, 1235 0xbc,0xa0,0x39,0xa3, 0x4d,0x10,0xe5,0x4d, 1236 0xd5,0xe7,0x89,0x7a, 0x13,0xee,0x06,0x78, 1237 0xdc,0xa4,0xdc,0x14, 0x27,0xe6,0x49,0x38, 1238 0xd0,0xe0,0x45,0x25, 0x36,0xc5,0xf4,0x79, 1239 0x2e,0x9a,0x98,0x04, 0xe4,0x2b,0x46,0x52, 1240 0x7c,0x33,0xca,0xe2, 0x56,0x51,0x50,0xe2, 1241 0xa5,0x9a,0xae,0x18, 0x6a,0x13,0xf8,0xd2, 1242 0x21,0x31,0x66,0x02, 0xe2,0xda,0x8d,0x7e, 1243 0x41,0x19,0xb2,0x61, 0xee,0x48,0x8f,0xf1, 1244 0x65,0x24,0x2e,0x1e, 0x68,0xce,0x05,0xd9, 1245 0x2a,0xcf,0xa5,0x3a, 0x57,0xdd,0x35,0x91, 1246 0x93,0x01,0xca,0x95, 0xfc,0x2b,0x36,0x04, 1247 0xe6,0x96,0x97,0x28, 0xf6,0x31,0xfe,0xa3, 1248 0x9d,0xf6,0x6a,0x1e, 0x80,0x8d,0xdc,0xec, 1249 0xaf,0x66,0x11,0x13, 0x02,0x88,0xd5,0x27, 1250 0x33,0xb4,0x1a,0xcd, 0xa3,0xf6,0xde,0x31, 1251 0x8e,0xc0,0x0e,0x6c, 0xd8,0x5a,0x97,0x5e, 1252 0xdd,0xfd,0x60,0x69, 0x38,0x46,0x3f,0x90, 1253 0x5e,0x97,0xd3,0x32, 0x76,0xc7,0x82,0x49, 1254 0xfe,0xba,0x06,0x5f, 0x2f,0xa2,0xfd,0xff, 1255 0x80,0x05,0x40,0xe4, 0x33,0x03,0xfb,0x10, 1256 0xc0,0xde,0x65,0x8c, 0xc9,0x8d,0x3a,0x9d, 1257 0xb5,0x7b,0x36,0x4b, 0xb5,0x0c,0xcf,0x00, 1258 0x9c,0x87,0xe4,0x49, 0xad,0x90,0xda,0x4a, 1259 0xdd,0xbd,0xff,0xe2, 0x32,0x57,0xd6,0x78, 1260 0x36,0x39,0x6c,0xd3, 0x5b,0x9b,0x88,0x59, 1261 0x2d,0xf0,0x46,0xe4, 0x13,0x0e,0x2b,0x35, 1262 0x0d,0x0f,0x73,0x8a, 0x4f,0x26,0x84,0x75, 1263 0x88,0x3c,0xc5,0x58, 0x66,0x18,0x1a,0xb4, 1264 0x64,0x51,0x34,0x27, 0x1b,0xa4,0x11,0xc9, 1265 0x6d,0x91,0x8a,0xfa, 0x32,0x60,0x9d,0xd7, 1266 0x87,0xe5,0xaa,0x43, 0x72,0xf8,0xda,0xd1, 1267 0x48,0x44,0x13,0x61, 0xdc,0x8c,0x76,0x17, 1268 0x0c,0x85,0x4e,0xf3, 0xdd,0xa2,0x42,0xd2, 1269 0x74,0xc1,0x30,0x1b, 0xeb,0x35,0x31,0x29, 1270 0x5b,0xd7,0x4c,0x94, 0x46,0x35,0xa1,0x23, 1271 0x50,0xf2,0xa2,0x8e, 0x7e,0x4f,0x23,0x4f, 1272 0x51,0xff,0xe2,0xc9, 0xa3,0x7d,0x56,0x8b, 1273 0x41,0xf2,0xd0,0xc5, 0x57,0x7e,0x59,0xac, 1274 0xbb,0x65,0xf3,0xfe, 0xf7,0x17,0xef,0x63, 1275 0x7c,0x6f,0x23,0xdd, 0x22,0x8e,0xed,0x84, 1276 0x0e,0x3b,0x09,0xb3, 0xf3,0xf4,0x8f,0xcd, 1277 0x37,0xa8,0xe1,0xa7, 0x30,0xdb,0xb1,0xa2, 1278 0x9c,0xa2,0xdf,0x34, 0x17,0x3e,0x68,0x44, 1279 0xd0,0xde,0x03,0x50, 0xd1,0x48,0x6b,0x20, 1280 0xe2,0x63,0x45,0xa5, 0xea,0x87,0xc2,0x42, 1281 0x95,0x03,0x49,0x05, 0xed,0xe0,0x90,0x29, 1282 0x1a,0xb8,0xcf,0x9b, 0x43,0xcf,0x29,0x7a, 1283 0x63,0x17,0x41,0x9f, 0xe0,0xc9,0x10,0xfd, 1284 0x2c,0x56,0x8c,0x08, 0x55,0xb4,0xa9,0x27, 1285 0x0f,0x23,0xb1,0x05, 0x6a,0x12,0x46,0xc7, 1286 0xe1,0xfe,0x28,0x93, 0x93,0xd7,0x2f,0xdc, 1287 0x98,0x30,0xdb,0x75, 0x8a,0xbe,0x97,0x7a, 1288 0x02,0xfb,0x8c,0xba, 0xbe,0x25,0x09,0xbe, 1289 0xce,0xcb,0xa2,0xef, 0x79,0x4d,0x0e,0x9d, 1290 0x1b,0x9d,0xb6,0x39, 0x34,0x38,0xfa,0x07, 1291 0xec,0xe8,0xfc,0x32, 0x85,0x1d,0xf7,0x85, 1292 0x63,0xc3,0x3c,0xc0, 0x02,0x75,0xd7,0x3f, 1293 0xb2,0x68,0x60,0x66, 0x65,0x81,0xc6,0xb1, 1294 0x42,0x65,0x4b,0x4b, 0x28,0xd7,0xc7,0xaa, 1295 0x9b,0xd2,0xdc,0x1b, 0x01,0xe0,0x26,0x39, 1296 0x01,0xc1,0x52,0x14, 0xd1,0x3f,0xb7,0xe6, 1297 0x61,0x41,0xc7,0x93, 0xd2,0xa2,0x67,0xc6, 1298 0xf7,0x11,0xb5,0xf5, 0xea,0xdd,0x19,0xfb, 1299 0x4d,0x21,0x12,0xd6, 0x7d,0xf1,0x10,0xb0, 1300 0x89,0x07,0xc7,0x5a, 0x52,0x73,0x70,0x2f, 1301 0x32,0xef,0x65,0x2b, 0x12,0xb2,0xf0,0xf5, 1302 0x20,0xe0,0x90,0x59, 0x7e,0x64,0xf1,0x4c, 1303 0x41,0xb3,0xa5,0x91, 0x08,0xe6,0x5e,0x5f, 1304 0x05,0x56,0x76,0xb4, 0xb0,0xcd,0x70,0x53, 1305 0x10,0x48,0x9c,0xff, 0xc2,0x69,0x55,0x24, 1306 0x87,0xef,0x84,0xea, 0xfb,0xa7,0xbf,0xa0, 1307 0x91,0x04,0xad,0x4f, 0x8b,0x57,0x54,0x4b, 1308 0xb6,0xe9,0xd1,0xac, 0x37,0x2f,0x1d,0x2e, 1309 0xab,0xa5,0xa4,0xe8, 0xff,0xfb,0xd9,0x39, 1310 0x2f,0xb7,0xac,0xd1, 0xfe,0x0b,0x9a,0x80, 1311 0x0f,0xb6,0xf4,0x36, 0x39,0x90,0x51,0xe3, 1312 0x0a,0x2f,0xb6,0x45, 0x76,0x89,0xcd,0x61, 1313 0xfe,0x48,0x5f,0x75, 0x1d,0x13,0x00,0x62, 1314 0x80,0x24,0x47,0xe7, 0xbc,0x37,0xd7,0xe3, 1315 0x15,0xe8,0x68,0x22, 0xaf,0x80,0x6f,0x4b, 1316 0xa8,0x9f,0x01,0x10, 0x48,0x14,0xc3,0x02, 1317 0x52,0xd2,0xc7,0x75, 0x9b,0x52,0x6d,0x30, 1318 0xac,0x13,0x85,0xc8, 0xf7,0xa3,0x58,0x4b, 1319 0x49,0xf7,0x1c,0x45, 0x55,0x8c,0x39,0x9a, 1320 0x99,0x6d,0x97,0x27, 0x27,0xe6,0xab,0xdd, 1321 0x2c,0x42,0x1b,0x35, 0xdd,0x9d,0x73,0xbb, 1322 0x6c,0xf3,0x64,0xf1, 0xfb,0xb9,0xf7,0xe6, 1323 0x4a,0x3c,0xc0,0x92, 0xc0,0x2e,0xb7,0x1a, 1324 0xbe,0xab,0xb3,0x5a, 0xe5,0xea,0xb1,0x48, 1325 0x58,0x13,0x53,0x90, 0xfd,0xc3,0x8e,0x54, 1326 0xf9,0x18,0x16,0x73, 0xe8,0xcb,0x6d,0x39, 1327 0x0e,0xd7,0xe0,0xfe, 0xb6,0x9f,0x43,0x97, 1328 0xe8,0xd0,0x85,0x56, 0x83,0x3e,0x98,0x68, 1329 0x7f,0xbd,0x95,0xa8, 0x9a,0x61,0x21,0x8f, 1330 0x06,0x98,0x34,0xa6, 0xc8,0xd6,0x1d,0xf3, 1331 0x3d,0x43,0xa4,0x9a, 0x8c,0xe5,0xd3,0x5a, 1332 0x32,0xa2,0x04,0x22, 0xa4,0x19,0x1a,0x46, 1333 0x42,0x7e,0x4d,0xe5, 0xe0,0xe6,0x0e,0xca, 1334 0xd5,0x58,0x9d,0x2c, 0xaf,0xda,0x33,0x5c, 1335 0xb0,0x79,0x9e,0xc9, 0xfc,0xca,0xf0,0x2f, 1336 0xa8,0xb2,0x77,0xeb, 0x7a,0xa2,0xdd,0x37, 1337 0x35,0x83,0x07,0xd6, 0x02,0x1a,0xb6,0x6c, 1338 0x24,0xe2,0x59,0x08, 0x0e,0xfd,0x3e,0x46, 1339 0xec,0x40,0x93,0xf4, 0x00,0x26,0x4f,0x2a, 1340 0xff,0x47,0x2f,0xeb, 0x02,0x92,0x26,0x5b, 1341 0x53,0x17,0xc2,0x8d, 0x2a,0xc7,0xa3,0x1b, 1342 0xcd,0xbc,0xa7,0xe8, 0xd1,0x76,0xe3,0x80, 1343 0x21,0xca,0x5d,0x3b, 0xe4,0x9c,0x8f,0xa9, 1344 0x5b,0x7f,0x29,0x7f, 0x7c,0xd8,0xed,0x6d, 1345 0x8c,0xb2,0x86,0x85, 0xe7,0x77,0xf2,0x85, 1346 0xab,0x38,0xa9,0x9d, 0xc1,0x4e,0xc5,0x64, 1347 0x33,0x73,0x8b,0x59, 0x03,0xad,0x05,0xdf, 1348 0x25,0x98,0x31,0xde, 0xef,0x13,0xf1,0x9b, 1349 0x3c,0x91,0x9d,0x7b, 0xb1,0xfa,0xe6,0xbf, 1350 0x5b,0xed,0xa5,0x55, 0xe6,0xea,0x6c,0x74, 1351 0xf4,0xb9,0xe4,0x45, 0x64,0x72,0x81,0xc2, 1352 0x4c,0x28,0xd4,0xcd, 0xac,0xe2,0xde,0xf9, 1353 0xeb,0x5c,0xeb,0x61, 0x60,0x5a,0xe5,0x28, 1354 }, 1355 .mlen = 0, 1356 .h = {0}, 1357 }, 1358 [1] = { /* 16-byte message */ 1359 .k = { 1360 /* Poly1305 key */ 1361 0x29,0x21,0x43,0xcb, 0xcb,0x13,0x07,0xde, 1362 0xbf,0x48,0xdf,0x8a, 0x7f,0xa2,0x84,0xde, 1363 1364 /* NH key */ 1365 0x72,0x23,0x9d,0xf5, 0xf0,0x07,0xf2,0x4c, 1366 0x20,0x3a,0x93,0xb9, 0xcd,0x5d,0xfe,0xcb, 1367 0x99,0x2c,0x2b,0x58, 0xc6,0x50,0x5f,0x94, 1368 0x56,0xc3,0x7c,0x0d, 0x02,0x3f,0xb8,0x5e, 1369 0x7b,0xc0,0x6c,0x51, 0x34,0x76,0xc0,0x0e, 1370 0xc6,0x22,0xc8,0x9e, 0x92,0xa0,0x21,0xc9, 1371 0x85,0x5c,0x7c,0xf8, 0xe2,0x64,0x47,0xc9, 1372 0xe4,0xa2,0x57,0x93, 0xf8,0xa2,0x69,0xcd, 1373 0x62,0x98,0x99,0xf4, 0xd7,0x7b,0x14,0xb1, 1374 0xd8,0x05,0xff,0x04, 0x15,0xc9,0xe1,0x6e, 1375 0x9b,0xe6,0x50,0x6b, 0x0b,0x3f,0x22,0x1f, 1376 0x08,0xde,0x0c,0x5b, 0x08,0x7e,0xc6,0x2f, 1377 0x6c,0xed,0xd6,0xb2, 0x15,0xa4,0xb3,0xf9, 1378 0xa7,0x46,0x38,0x2a, 0xea,0x69,0xa5,0xde, 1379 0x02,0xc3,0x96,0x89, 0x4d,0x55,0x3b,0xed, 1380 0x3d,0x3a,0x85,0x77, 0xbf,0x97,0x45,0x5c, 1381 0x9e,0x02,0x69,0xe2, 0x1b,0x68,0xbe,0x96, 1382 0xfb,0x64,0x6f,0x0f, 0xf6,0x06,0x40,0x67, 1383 0xfa,0x04,0xe3,0x55, 0xfa,0xbe,0xa4,0x60, 1384 0xef,0x21,0x66,0x97, 0xe6,0x9d,0x5c,0x1f, 1385 0x62,0x37,0xaa,0x31, 0xde,0xe4,0x9c,0x28, 1386 0x95,0xe0,0x22,0x86, 0xf4,0x4d,0xf3,0x07, 1387 0xfd,0x5f,0x3a,0x54, 0x2c,0x51,0x80,0x71, 1388 0xba,0x78,0x69,0x5b, 0x65,0xab,0x1f,0x81, 1389 0xed,0x3b,0xff,0x34, 0xa3,0xfb,0xbc,0x73, 1390 0x66,0x7d,0x13,0x7f, 0xdf,0x6e,0xe2,0xe2, 1391 0xeb,0x4f,0x6c,0xda, 0x7d,0x33,0x57,0xd0, 1392 0xd3,0x7c,0x95,0x4f, 0x33,0x58,0x21,0xc7, 1393 0xc0,0xe5,0x6f,0x42, 0x26,0xc6,0x1f,0x5e, 1394 0x85,0x1b,0x98,0x9a, 0xa2,0x1e,0x55,0x77, 1395 0x23,0xdf,0x81,0x5e, 0x79,0x55,0x05,0xfc, 1396 0xfb,0xda,0xee,0xba, 0x5a,0xba,0xf7,0x77, 1397 0x7f,0x0e,0xd3,0xe1, 0x37,0xfe,0x8d,0x2b, 1398 0xd5,0x3f,0xfb,0xd0, 0xc0,0x3c,0x0b,0x3f, 1399 0xcf,0x3c,0x14,0xcf, 0xfb,0x46,0x72,0x4c, 1400 0x1f,0x39,0xe2,0xda, 0x03,0x71,0x6d,0x23, 1401 0xef,0x93,0xcd,0x39, 0xd9,0x37,0x80,0x4d, 1402 0x65,0x61,0xd1,0x2c, 0x03,0xa9,0x47,0x72, 1403 0x4d,0x1e,0x0e,0x16, 0x33,0x0f,0x21,0x17, 1404 0xec,0x92,0xea,0x6f, 0x37,0x22,0xa4,0xd8, 1405 0x03,0x33,0x9e,0xd8, 0x03,0x69,0x9a,0xe8, 1406 0xb2,0x57,0xaf,0x78, 0x99,0x05,0x12,0xab, 1407 0x48,0x90,0x80,0xf0, 0x12,0x9b,0x20,0x64, 1408 0x7a,0x1d,0x47,0x5f, 0xba,0x3c,0xf9,0xc3, 1409 0x0a,0x0d,0x8d,0xa1, 0xf9,0x1b,0x82,0x13, 1410 0x3e,0x0d,0xec,0x0a, 0x83,0xc0,0x65,0xe1, 1411 0xe9,0x95,0xff,0x97, 0xd6,0xf2,0xe4,0xd5, 1412 0x86,0xc0,0x1f,0x29, 0x27,0x63,0xd7,0xde, 1413 0xb7,0x0a,0x07,0x99, 0x04,0x2d,0xa3,0x89, 1414 0xa2,0x43,0xcf,0xf3, 0xe1,0x43,0xac,0x4a, 1415 0x06,0x97,0xd0,0x05, 0x4f,0x87,0xfa,0xf9, 1416 0x9b,0xbf,0x52,0x70, 0xbd,0xbc,0x6c,0xf3, 1417 0x03,0x13,0x60,0x41, 0x28,0x09,0xec,0xcc, 1418 0xb1,0x1a,0xec,0xd6, 0xfb,0x6f,0x2a,0x89, 1419 0x5d,0x0b,0x53,0x9c, 0x59,0xc1,0x84,0x21, 1420 0x33,0x51,0x47,0x19, 0x31,0x9c,0xd4,0x0a, 1421 0x4d,0x04,0xec,0x50, 0x90,0x61,0xbd,0xbc, 1422 0x7e,0xc8,0xd9,0x6c, 0x98,0x1d,0x45,0x41, 1423 0x17,0x5e,0x97,0x1c, 0xc5,0xa8,0xe8,0xea, 1424 0x46,0x58,0x53,0xf7, 0x17,0xd5,0xad,0x11, 1425 0xc8,0x54,0xf5,0x7a, 0x33,0x90,0xf5,0x19, 1426 0xba,0x36,0xb4,0xfc, 0x52,0xa5,0x72,0x3d, 1427 0x14,0xbb,0x55,0xa7, 0xe9,0xe3,0x12,0xf7, 1428 0x1c,0x30,0xa2,0x82, 0x03,0xbf,0x53,0x91, 1429 0x2e,0x60,0x41,0x9f, 0x5b,0x69,0x39,0xf6, 1430 0x4d,0xc8,0xf8,0x46, 0x7a,0x7f,0xa4,0x98, 1431 0x36,0xff,0x06,0xcb, 0xca,0xe7,0x33,0xf2, 1432 0xc0,0x4a,0xf4,0x3c, 0x14,0x44,0x5f,0x6b, 1433 0x75,0xef,0x02,0x36, 0x75,0x08,0x14,0xfd, 1434 0x10,0x8e,0xa5,0x58, 0xd0,0x30,0x46,0x49, 1435 0xaf,0x3a,0xf8,0x40, 0x3d,0x35,0xdb,0x84, 1436 0x11,0x2e,0x97,0x6a, 0xb7,0x87,0x7f,0xad, 1437 0xf1,0xfa,0xa5,0x63, 0x60,0xd8,0x5e,0xbf, 1438 0x41,0x78,0x49,0xcf, 0x77,0xbb,0x56,0xbb, 1439 0x7d,0x01,0x67,0x05, 0x22,0xc8,0x8f,0x41, 1440 0xba,0x81,0xd2,0xca, 0x2c,0x38,0xac,0x76, 1441 0x06,0xc1,0x1a,0xc2, 0xce,0xac,0x90,0x67, 1442 0x57,0x3e,0x20,0x12, 0x5b,0xd9,0x97,0x58, 1443 0x65,0x05,0xb7,0x04, 0x61,0x7e,0xd8,0x3a, 1444 0xbf,0x55,0x3b,0x13, 0xe9,0x34,0x5a,0x37, 1445 0x36,0xcb,0x94,0x45, 0xc5,0x32,0xb3,0xa0, 1446 0x0c,0x3e,0x49,0xc5, 0xd3,0xed,0xa7,0xf0, 1447 0x1c,0x69,0xcc,0xea, 0xcc,0x83,0xc9,0x16, 1448 0x95,0x72,0x4b,0xf4, 0x89,0xd5,0xb9,0x10, 1449 0xf6,0x2d,0x60,0x15, 0xea,0x3c,0x06,0x66, 1450 0x9f,0x82,0xad,0x17, 0xce,0xd2,0xa4,0x48, 1451 0x7c,0x65,0xd9,0xf8, 0x02,0x4d,0x9b,0x4c, 1452 0x89,0x06,0x3a,0x34, 0x85,0x48,0x89,0x86, 1453 0xf9,0x24,0xa9,0x54, 0x72,0xdb,0x44,0x95, 1454 0xc7,0x44,0x1c,0x19, 0x11,0x4c,0x04,0xdc, 1455 0x13,0xb9,0x67,0xc8, 0xc3,0x3a,0x6a,0x50, 1456 0xfa,0xd1,0xfb,0xe1, 0x88,0xb6,0xf1,0xa3, 1457 0xc5,0x3b,0xdc,0x38, 0x45,0x16,0x26,0x02, 1458 0x3b,0xb8,0x8f,0x8b, 0x58,0x7d,0x23,0x04, 1459 0x50,0x6b,0x81,0x9f, 0xae,0x66,0xac,0x6f, 1460 0xcf,0x2a,0x9d,0xf1, 0xfd,0x1d,0x57,0x07, 1461 0xbe,0x58,0xeb,0x77, 0x0c,0xe3,0xc2,0x19, 1462 0x14,0x74,0x1b,0x51, 0x1c,0x4f,0x41,0xf3, 1463 0x32,0x89,0xb3,0xe7, 0xde,0x62,0xf6,0x5f, 1464 0xc7,0x6a,0x4a,0x2a, 0x5b,0x0f,0x5f,0x87, 1465 0x9c,0x08,0xb9,0x02, 0x88,0xc8,0x29,0xb7, 1466 0x94,0x52,0xfa,0x52, 0xfe,0xaa,0x50,0x10, 1467 0xba,0x48,0x75,0x5e, 0x11,0x1b,0xe6,0x39, 1468 0xd7,0x82,0x2c,0x87, 0xf1,0x1e,0xa4,0x38, 1469 0x72,0x3e,0x51,0xe7, 0xd8,0x3e,0x5b,0x7b, 1470 0x31,0x16,0x89,0xba, 0xd6,0xad,0x18,0x5e, 1471 0xba,0xf8,0x12,0xb3, 0xf4,0x6c,0x47,0x30, 1472 0xc0,0x38,0x58,0xb3, 0x10,0x8d,0x58,0x5d, 1473 0xb4,0xfb,0x19,0x7e, 0x41,0xc3,0x66,0xb8, 1474 0xd6,0x72,0x84,0xe1, 0x1a,0xc2,0x71,0x4c, 1475 0x0d,0x4a,0x21,0x7a, 0xab,0xa2,0xc0,0x36, 1476 0x15,0xc5,0xe9,0x46, 0xd7,0x29,0x17,0x76, 1477 0x5e,0x47,0x36,0x7f, 0x72,0x05,0xa7,0xcc, 1478 0x36,0x63,0xf9,0x47, 0x7d,0xe6,0x07,0x3c, 1479 0x8b,0x79,0x1d,0x96, 0x61,0x8d,0x90,0x65, 1480 0x7c,0xf5,0xeb,0x4e, 0x6e,0x09,0x59,0x6d, 1481 0x62,0x50,0x1b,0x0f, 0xe0,0xdc,0x78,0xf2, 1482 0x5b,0x83,0x1a,0xa1, 0x11,0x75,0xfd,0x18, 1483 0xd7,0xe2,0x8d,0x65, 0x14,0x21,0xce,0xbe, 1484 0xb5,0x87,0xe3,0x0a, 0xda,0x24,0x0a,0x64, 1485 0xa9,0x9f,0x03,0x8d, 0x46,0x5d,0x24,0x1a, 1486 0x8a,0x0c,0x42,0x01, 0xca,0xb1,0x5f,0x7c, 1487 0xa5,0xac,0x32,0x4a, 0xb8,0x07,0x91,0x18, 1488 0x6f,0xb0,0x71,0x3c, 0xc9,0xb1,0xa8,0xf8, 1489 0x5f,0x69,0xa5,0xa1, 0xca,0x9e,0x7a,0xaa, 1490 0xac,0xe9,0xc7,0x47, 0x41,0x75,0x25,0xc3, 1491 0x73,0xe2,0x0b,0xdd, 0x6d,0x52,0x71,0xbe, 1492 0xc5,0xdc,0xb4,0xe7, 0x01,0x26,0x53,0x77, 1493 0x86,0x90,0x85,0x68, 0x6b,0x7b,0x03,0x53, 1494 0xda,0x52,0x52,0x51, 0x68,0xc8,0xf3,0xec, 1495 0x6c,0xd5,0x03,0x7a, 0xa3,0x0e,0xb4,0x02, 1496 0x5f,0x1a,0xab,0xee, 0xca,0x67,0x29,0x7b, 1497 0xbd,0x96,0x59,0xb3, 0x8b,0x32,0x7a,0x92, 1498 0x9f,0xd8,0x25,0x2b, 0xdf,0xc0,0x4c,0xda, 1499 }, 1500 .mlen = 16, 1501 .m = { 1502 0xbc,0xda,0x81,0xa8, 0x78,0x79,0x1c,0xbf, 1503 0x77,0x53,0xba,0x4c, 0x30,0x5b,0xb8,0x33, 1504 }, 1505 .h = { 1506 0x04,0xbf,0x7f,0x6a, 0xce,0x72,0xea,0x6a, 1507 0x79,0xdb,0xb0,0xc9, 0x60,0xf6,0x12,0xcc, 1508 }, 1509 }, 1510 [2] = { /* 1024-byte message */ 1511 .k = { 1512 0x65,0x4d,0xe3,0xf8, 0xd2,0x4c,0xac,0x28, 1513 0x68,0xf5,0xb3,0x81, 0x71,0x4b,0xa1,0xfa, 1514 0x04,0x0e,0xd3,0x81, 0x36,0xbe,0x0c,0x81, 1515 0x5e,0xaf,0xbc,0x3a, 0xa4,0xc0,0x8e,0x8b, 1516 0x55,0x63,0xd3,0x52, 0x97,0x88,0xd6,0x19, 1517 0xbc,0x96,0xdf,0x49, 0xff,0x04,0x63,0xf5, 1518 0x0c,0x11,0x13,0xaa, 0x9e,0x1f,0x5a,0xf7, 1519 0xdd,0xbd,0x37,0x80, 0xc3,0xd0,0xbe,0xa7, 1520 0x05,0xc8,0x3c,0x98, 0x1e,0x05,0x3c,0x84, 1521 0x39,0x61,0xc4,0xed, 0xed,0x71,0x1b,0xc4, 1522 0x74,0x45,0x2c,0xa1, 0x56,0x70,0x97,0xfd, 1523 0x44,0x18,0x07,0x7d, 0xca,0x60,0x1f,0x73, 1524 0x3b,0x6d,0x21,0xcb, 0x61,0x87,0x70,0x25, 1525 0x46,0x21,0xf1,0x1f, 0x21,0x91,0x31,0x2d, 1526 0x5d,0xcc,0xb7,0xd1, 0x84,0x3e,0x3d,0xdb, 1527 0x03,0x53,0x2a,0x82, 0xa6,0x9a,0x95,0xbc, 1528 0x1a,0x1e,0x0a,0x5e, 0x07,0x43,0xab,0x43, 1529 0xaf,0x92,0x82,0x06, 0x91,0x04,0x09,0xf4, 1530 0x17,0x0a,0x9a,0x2c, 0x54,0xdb,0xb8,0xf4, 1531 0xd0,0xf0,0x10,0x66, 0x24,0x8d,0xcd,0xda, 1532 0xfe,0x0e,0x45,0x9d, 0x6f,0xc4,0x4e,0xf4, 1533 0x96,0xaf,0x13,0xdc, 0xa9,0xd4,0x8c,0xc4, 1534 0xc8,0x57,0x39,0x3c, 0xc2,0xd3,0x0a,0x76, 1535 0x4a,0x1f,0x75,0x83, 0x44,0xc7,0xd1,0x39, 1536 0xd8,0xb5,0x41,0xba, 0x73,0x87,0xfa,0x96, 1537 0xc7,0x18,0x53,0xfb, 0x9b,0xda,0xa0,0x97, 1538 0x1d,0xee,0x60,0x85, 0x9e,0x14,0xc3,0xce, 1539 0xc4,0x05,0x29,0x3b, 0x95,0x30,0xa3,0xd1, 1540 0x9f,0x82,0x6a,0x04, 0xf5,0xa7,0x75,0x57, 1541 0x82,0x04,0xfe,0x71, 0x51,0x71,0xb1,0x49, 1542 0x50,0xf8,0xe0,0x96, 0xf1,0xfa,0xa8,0x88, 1543 0x3f,0xa0,0x86,0x20, 0xd4,0x60,0x79,0x59, 1544 0x17,0x2d,0xd1,0x09, 0xf4,0xec,0x05,0x57, 1545 0xcf,0x62,0x7e,0x0e, 0x7e,0x60,0x78,0xe6, 1546 0x08,0x60,0x29,0xd8, 0xd5,0x08,0x1a,0x24, 1547 0xc4,0x6c,0x24,0xe7, 0x92,0x08,0x3d,0x8a, 1548 0x98,0x7a,0xcf,0x99, 0x0a,0x65,0x0e,0xdc, 1549 0x8c,0x8a,0xbe,0x92, 0x82,0x91,0xcc,0x62, 1550 0x30,0xb6,0xf4,0x3f, 0xc6,0x8a,0x7f,0x12, 1551 0x4a,0x8a,0x49,0xfa, 0x3f,0x5c,0xd4,0x5a, 1552 0xa6,0x82,0xa3,0xe6, 0xaa,0x34,0x76,0xb2, 1553 0xab,0x0a,0x30,0xef, 0x6c,0x77,0x58,0x3f, 1554 0x05,0x6b,0xcc,0x5c, 0xae,0xdc,0xd7,0xb9, 1555 0x51,0x7e,0x8d,0x32, 0x5b,0x24,0x25,0xbe, 1556 0x2b,0x24,0x01,0xcf, 0x80,0xda,0x16,0xd8, 1557 0x90,0x72,0x2c,0xad, 0x34,0x8d,0x0c,0x74, 1558 0x02,0xcb,0xfd,0xcf, 0x6e,0xef,0x97,0xb5, 1559 0x4c,0xf2,0x68,0xca, 0xde,0x43,0x9e,0x8a, 1560 0xc5,0x5f,0x31,0x7f, 0x14,0x71,0x38,0xec, 1561 0xbd,0x98,0xe5,0x71, 0xc4,0xb5,0xdb,0xef, 1562 0x59,0xd2,0xca,0xc0, 0xc1,0x86,0x75,0x01, 1563 0xd4,0x15,0x0d,0x6f, 0xa4,0xf7,0x7b,0x37, 1564 0x47,0xda,0x18,0x93, 0x63,0xda,0xbe,0x9e, 1565 0x07,0xfb,0xb2,0x83, 0xd5,0xc4,0x34,0x55, 1566 0xee,0x73,0xa1,0x42, 0x96,0xf9,0x66,0x41, 1567 0xa4,0xcc,0xd2,0x93, 0x6e,0xe1,0x0a,0xbb, 1568 0xd2,0xdd,0x18,0x23, 0xe6,0x6b,0x98,0x0b, 1569 0x8a,0x83,0x59,0x2c, 0xc3,0xa6,0x59,0x5b, 1570 0x01,0x22,0x59,0xf7, 0xdc,0xb0,0x87,0x7e, 1571 0xdb,0x7d,0xf4,0x71, 0x41,0xab,0xbd,0xee, 1572 0x79,0xbe,0x3c,0x01, 0x76,0x0b,0x2d,0x0a, 1573 0x42,0xc9,0x77,0x8c, 0xbb,0x54,0x95,0x60, 1574 0x43,0x2e,0xe0,0x17, 0x52,0xbd,0x90,0xc9, 1575 0xc2,0x2c,0xdd,0x90, 0x24,0x22,0x76,0x40, 1576 0x5c,0xb9,0x41,0xc9, 0xa1,0xd5,0xbd,0xe3, 1577 0x44,0xe0,0xa4,0xab, 0xcc,0xb8,0xe2,0x32, 1578 0x02,0x15,0x04,0x1f, 0x8c,0xec,0x5d,0x14, 1579 0xac,0x18,0xaa,0xef, 0x6e,0x33,0x19,0x6e, 1580 0xde,0xfe,0x19,0xdb, 0xeb,0x61,0xca,0x18, 1581 0xad,0xd8,0x3d,0xbf, 0x09,0x11,0xc7,0xa5, 1582 0x86,0x0b,0x0f,0xe5, 0x3e,0xde,0xe8,0xd9, 1583 0x0a,0x69,0x9e,0x4c, 0x20,0xff,0xf9,0xc5, 1584 0xfa,0xf8,0xf3,0x7f, 0xa5,0x01,0x4b,0x5e, 1585 0x0f,0xf0,0x3b,0x68, 0xf0,0x46,0x8c,0x2a, 1586 0x7a,0xc1,0x8f,0xa0, 0xfe,0x6a,0x5b,0x44, 1587 0x70,0x5c,0xcc,0x92, 0x2c,0x6f,0x0f,0xbd, 1588 0x25,0x3e,0xb7,0x8e, 0x73,0x58,0xda,0xc9, 1589 0xa5,0xaa,0x9e,0xf3, 0x9b,0xfd,0x37,0x3e, 1590 0xe2,0x88,0xa4,0x7b, 0xc8,0x5c,0xa8,0x93, 1591 0x0e,0xe7,0x9a,0x9c, 0x2e,0x95,0x18,0x9f, 1592 0xc8,0x45,0x0c,0x88, 0x9e,0x53,0x4f,0x3a, 1593 0x76,0xc1,0x35,0xfa, 0x17,0xd8,0xac,0xa0, 1594 0x0c,0x2d,0x47,0x2e, 0x4f,0x69,0x9b,0xf7, 1595 0xd0,0xb6,0x96,0x0c, 0x19,0xb3,0x08,0x01, 1596 0x65,0x7a,0x1f,0xc7, 0x31,0x86,0xdb,0xc8, 1597 0xc1,0x99,0x8f,0xf8, 0x08,0x4a,0x9d,0x23, 1598 0x22,0xa8,0xcf,0x27, 0x01,0x01,0x88,0x93, 1599 0x9c,0x86,0x45,0xbd, 0xe0,0x51,0xca,0x52, 1600 0x84,0xba,0xfe,0x03, 0xf7,0xda,0xc5,0xce, 1601 0x3e,0x77,0x75,0x86, 0xaf,0x84,0xc8,0x05, 1602 0x44,0x01,0x0f,0x02, 0xf3,0x58,0xb0,0x06, 1603 0x5a,0xd7,0x12,0x30, 0x8d,0xdf,0x1f,0x1f, 1604 0x0a,0xe6,0xd2,0xea, 0xf6,0x3a,0x7a,0x99, 1605 0x63,0xe8,0xd2,0xc1, 0x4a,0x45,0x8b,0x40, 1606 0x4d,0x0a,0xa9,0x76, 0x92,0xb3,0xda,0x87, 1607 0x36,0x33,0xf0,0x78, 0xc3,0x2f,0x5f,0x02, 1608 0x1a,0x6a,0x2c,0x32, 0xcd,0x76,0xbf,0xbd, 1609 0x5a,0x26,0x20,0x28, 0x8c,0x8c,0xbc,0x52, 1610 0x3d,0x0a,0xc9,0xcb, 0xab,0xa4,0x21,0xb0, 1611 0x54,0x40,0x81,0x44, 0xc7,0xd6,0x1c,0x11, 1612 0x44,0xc6,0x02,0x92, 0x14,0x5a,0xbf,0x1a, 1613 0x09,0x8a,0x18,0xad, 0xcd,0x64,0x3d,0x53, 1614 0x4a,0xb6,0xa5,0x1b, 0x57,0x0e,0xef,0xe0, 1615 0x8c,0x44,0x5f,0x7d, 0xbd,0x6c,0xfd,0x60, 1616 0xae,0x02,0x24,0xb6, 0x99,0xdd,0x8c,0xaf, 1617 0x59,0x39,0x75,0x3c, 0xd1,0x54,0x7b,0x86, 1618 0xcc,0x99,0xd9,0x28, 0x0c,0xb0,0x94,0x62, 1619 0xf9,0x51,0xd1,0x19, 0x96,0x2d,0x66,0xf5, 1620 0x55,0xcf,0x9e,0x59, 0xe2,0x6b,0x2c,0x08, 1621 0xc0,0x54,0x48,0x24, 0x45,0xc3,0x8c,0x73, 1622 0xea,0x27,0x6e,0x66, 0x7d,0x1d,0x0e,0x6e, 1623 0x13,0xe8,0x56,0x65, 0x3a,0xb0,0x81,0x5c, 1624 0xf0,0xe8,0xd8,0x00, 0x6b,0xcd,0x8f,0xad, 1625 0xdd,0x53,0xf3,0xa4, 0x6c,0x43,0xd6,0x31, 1626 0xaf,0xd2,0x76,0x1e, 0x91,0x12,0xdb,0x3c, 1627 0x8c,0xc2,0x81,0xf0, 0x49,0xdb,0xe2,0x6b, 1628 0x76,0x62,0x0a,0x04, 0xe4,0xaa,0x8a,0x7c, 1629 0x08,0x0b,0x5d,0xd0, 0xee,0x1d,0xfb,0xc4, 1630 0x02,0x75,0x42,0xd6, 0xba,0xa7,0x22,0xa8, 1631 0x47,0x29,0xb7,0x85, 0x6d,0x93,0x3a,0xdb, 1632 0x00,0x53,0x0b,0xa2, 0xeb,0xf8,0xfe,0x01, 1633 0x6f,0x8a,0x31,0xd6, 0x17,0x05,0x6f,0x67, 1634 0x88,0x95,0x32,0xfe, 0x4f,0xa6,0x4b,0xf8, 1635 0x03,0xe4,0xcd,0x9a, 0x18,0xe8,0x4e,0x2d, 1636 0xf7,0x97,0x9a,0x0c, 0x7d,0x9f,0x7e,0x44, 1637 0x69,0x51,0xe0,0x32, 0x6b,0x62,0x86,0x8f, 1638 0xa6,0x8e,0x0b,0x21, 0x96,0xe5,0xaf,0x77, 1639 0xc0,0x83,0xdf,0xa5, 0x0e,0xd0,0xa1,0x04, 1640 0xaf,0xc1,0x10,0xcb, 0x5a,0x40,0xe4,0xe3, 1641 0x38,0x7e,0x07,0xe8, 0x4d,0xfa,0xed,0xc5, 1642 0xf0,0x37,0xdf,0xbb, 0x8a,0xcf,0x3d,0xdc, 1643 0x61,0xd2,0xc6,0x2b, 0xff,0x07,0xc9,0x2f, 1644 0x0c,0x2d,0x5c,0x07, 0xa8,0x35,0x6a,0xfc, 1645 0xae,0x09,0x03,0x45, 0x74,0x51,0x4d,0xc4, 1646 0xb8,0x23,0x87,0x4a, 0x99,0x27,0x20,0x87, 1647 0x62,0x44,0x0a,0x4a, 0xce,0x78,0x47,0x22, 1648 }, 1649 .mlen = 1024, 1650 .m = { 1651 0x8e,0xb0,0x4c,0xde, 0x9c,0x4a,0x04,0x5a, 1652 0xf6,0xa9,0x7f,0x45, 0x25,0xa5,0x7b,0x3a, 1653 0xbc,0x4d,0x73,0x39, 0x81,0xb5,0xbd,0x3d, 1654 0x21,0x6f,0xd7,0x37, 0x50,0x3c,0x7b,0x28, 1655 0xd1,0x03,0x3a,0x17, 0xed,0x7b,0x7c,0x2a, 1656 0x16,0xbc,0xdf,0x19, 0x89,0x52,0x71,0x31, 1657 0xb6,0xc0,0xfd,0xb5, 0xd3,0xba,0x96,0x99, 1658 0xb6,0x34,0x0b,0xd0, 0x99,0x93,0xfc,0x1a, 1659 0x01,0x3c,0x85,0xc6, 0x9b,0x78,0x5c,0x8b, 1660 0xfe,0xae,0xd2,0xbf, 0xb2,0x6f,0xf9,0xed, 1661 0xc8,0x25,0x17,0xfe, 0x10,0x3b,0x7d,0xda, 1662 0xf4,0x8d,0x35,0x4b, 0x7c,0x7b,0x82,0xe7, 1663 0xc2,0xb3,0xee,0x60, 0x4a,0x03,0x86,0xc9, 1664 0x4e,0xb5,0xc4,0xbe, 0xd2,0xbd,0x66,0xf1, 1665 0x13,0xf1,0x09,0xab, 0x5d,0xca,0x63,0x1f, 1666 0xfc,0xfb,0x57,0x2a, 0xfc,0xca,0x66,0xd8, 1667 0x77,0x84,0x38,0x23, 0x1d,0xac,0xd3,0xb3, 1668 0x7a,0xad,0x4c,0x70, 0xfa,0x9c,0xc9,0x61, 1669 0xa6,0x1b,0xba,0x33, 0x4b,0x4e,0x33,0xec, 1670 0xa0,0xa1,0x64,0x39, 0x40,0x05,0x1c,0xc2, 1671 0x3f,0x49,0x9d,0xae, 0xf2,0xc5,0xf2,0xc5, 1672 0xfe,0xe8,0xf4,0xc2, 0xf9,0x96,0x2d,0x28, 1673 0x92,0x30,0x44,0xbc, 0xd2,0x7f,0xe1,0x6e, 1674 0x62,0x02,0x8f,0x3d, 0x1c,0x80,0xda,0x0e, 1675 0x6a,0x90,0x7e,0x75, 0xff,0xec,0x3e,0xc4, 1676 0xcd,0x16,0x34,0x3b, 0x05,0x6d,0x4d,0x20, 1677 0x1c,0x7b,0xf5,0x57, 0x4f,0xfa,0x3d,0xac, 1678 0xd0,0x13,0x55,0xe8, 0xb3,0xe1,0x1b,0x78, 1679 0x30,0xe6,0x9f,0x84, 0xd4,0x69,0xd1,0x08, 1680 0x12,0x77,0xa7,0x4a, 0xbd,0xc0,0xf2,0xd2, 1681 0x78,0xdd,0xa3,0x81, 0x12,0xcb,0x6c,0x14, 1682 0x90,0x61,0xe2,0x84, 0xc6,0x2b,0x16,0xcc, 1683 0x40,0x99,0x50,0x88, 0x01,0x09,0x64,0x4f, 1684 0x0a,0x80,0xbe,0x61, 0xae,0x46,0xc9,0x0a, 1685 0x5d,0xe0,0xfb,0x72, 0x7a,0x1a,0xdd,0x61, 1686 0x63,0x20,0x05,0xa0, 0x4a,0xf0,0x60,0x69, 1687 0x7f,0x92,0xbc,0xbf, 0x4e,0x39,0x4d,0xdd, 1688 0x74,0xd1,0xb7,0xc0, 0x5a,0x34,0xb7,0xae, 1689 0x76,0x65,0x2e,0xbc, 0x36,0xb9,0x04,0x95, 1690 0x42,0xe9,0x6f,0xca, 0x78,0xb3,0x72,0x07, 1691 0xa3,0xba,0x02,0x94, 0x67,0x4c,0xb1,0xd7, 1692 0xe9,0x30,0x0d,0xf0, 0x3b,0xb8,0x10,0x6d, 1693 0xea,0x2b,0x21,0xbf, 0x74,0x59,0x82,0x97, 1694 0x85,0xaa,0xf1,0xd7, 0x54,0x39,0xeb,0x05, 1695 0xbd,0xf3,0x40,0xa0, 0x97,0xe6,0x74,0xfe, 1696 0xb4,0x82,0x5b,0xb1, 0x36,0xcb,0xe8,0x0d, 1697 0xce,0x14,0xd9,0xdf, 0xf1,0x94,0x22,0xcd, 1698 0xd6,0x00,0xba,0x04, 0x4c,0x05,0x0c,0xc0, 1699 0xd1,0x5a,0xeb,0x52, 0xd5,0xa8,0x8e,0xc8, 1700 0x97,0xa1,0xaa,0xc1, 0xea,0xc1,0xbe,0x7c, 1701 0x36,0xb3,0x36,0xa0, 0xc6,0x76,0x66,0xc5, 1702 0xe2,0xaf,0xd6,0x5c, 0xe2,0xdb,0x2c,0xb3, 1703 0x6c,0xb9,0x99,0x7f, 0xff,0x9f,0x03,0x24, 1704 0xe1,0x51,0x44,0x66, 0xd8,0x0c,0x5d,0x7f, 1705 0x5c,0x85,0x22,0x2a, 0xcf,0x6d,0x79,0x28, 1706 0xab,0x98,0x01,0x72, 0xfe,0x80,0x87,0x5f, 1707 0x46,0xba,0xef,0x81, 0x24,0xee,0xbf,0xb0, 1708 0x24,0x74,0xa3,0x65, 0x97,0x12,0xc4,0xaf, 1709 0x8b,0xa0,0x39,0xda, 0x8a,0x7e,0x74,0x6e, 1710 0x1b,0x42,0xb4,0x44, 0x37,0xfc,0x59,0xfd, 1711 0x86,0xed,0xfb,0x8c, 0x66,0x33,0xda,0x63, 1712 0x75,0xeb,0xe1,0xa4, 0x85,0x4f,0x50,0x8f, 1713 0x83,0x66,0x0d,0xd3, 0x37,0xfa,0xe6,0x9c, 1714 0x4f,0x30,0x87,0x35, 0x18,0xe3,0x0b,0xb7, 1715 0x6e,0x64,0x54,0xcd, 0x70,0xb3,0xde,0x54, 1716 0xb7,0x1d,0xe6,0x4c, 0x4d,0x55,0x12,0x12, 1717 0xaf,0x5f,0x7f,0x5e, 0xee,0x9d,0xe8,0x8e, 1718 0x32,0x9d,0x4e,0x75, 0xeb,0xc6,0xdd,0xaa, 1719 0x48,0x82,0xa4,0x3f, 0x3c,0xd7,0xd3,0xa8, 1720 0x63,0x9e,0x64,0xfe, 0xe3,0x97,0x00,0x62, 1721 0xe5,0x40,0x5d,0xc3, 0xad,0x72,0xe1,0x28, 1722 0x18,0x50,0xb7,0x75, 0xef,0xcd,0x23,0xbf, 1723 0x3f,0xc0,0x51,0x36, 0xf8,0x41,0xc3,0x08, 1724 0xcb,0xf1,0x8d,0x38, 0x34,0xbd,0x48,0x45, 1725 0x75,0xed,0xbc,0x65, 0x7b,0xb5,0x0c,0x9b, 1726 0xd7,0x67,0x7d,0x27, 0xb4,0xc4,0x80,0xd7, 1727 0xa9,0xb9,0xc7,0x4a, 0x97,0xaa,0xda,0xc8, 1728 0x3c,0x74,0xcf,0x36, 0x8f,0xe4,0x41,0xe3, 1729 0xd4,0xd3,0x26,0xa7, 0xf3,0x23,0x9d,0x8f, 1730 0x6c,0x20,0x05,0x32, 0x3e,0xe0,0xc3,0xc8, 1731 0x56,0x3f,0xa7,0x09, 0xb7,0xfb,0xc7,0xf7, 1732 0xbe,0x2a,0xdd,0x0f, 0x06,0x7b,0x0d,0xdd, 1733 0xb0,0xb4,0x86,0x17, 0xfd,0xb9,0x04,0xe5, 1734 0xc0,0x64,0x5d,0xad, 0x2a,0x36,0x38,0xdb, 1735 0x24,0xaf,0x5b,0xff, 0xca,0xf9,0x41,0xe8, 1736 0xf9,0x2f,0x1e,0x5e, 0xf9,0xf5,0xd5,0xf2, 1737 0xb2,0x88,0xca,0xc9, 0xa1,0x31,0xe2,0xe8, 1738 0x10,0x95,0x65,0xbf, 0xf1,0x11,0x61,0x7a, 1739 0x30,0x1a,0x54,0x90, 0xea,0xd2,0x30,0xf6, 1740 0xa5,0xad,0x60,0xf9, 0x4d,0x84,0x21,0x1b, 1741 0xe4,0x42,0x22,0xc8, 0x12,0x4b,0xb0,0x58, 1742 0x3e,0x9c,0x2d,0x32, 0x95,0x0a,0x8e,0xb0, 1743 0x0a,0x7e,0x77,0x2f, 0xe8,0x97,0x31,0x6a, 1744 0xf5,0x59,0xb4,0x26, 0xe6,0x37,0x12,0xc9, 1745 0xcb,0xa0,0x58,0x33, 0x6f,0xd5,0x55,0x55, 1746 0x3c,0xa1,0x33,0xb1, 0x0b,0x7e,0x2e,0xb4, 1747 0x43,0x2a,0x84,0x39, 0xf0,0x9c,0xf4,0x69, 1748 0x4f,0x1e,0x79,0xa6, 0x15,0x1b,0x87,0xbb, 1749 0xdb,0x9b,0xe0,0xf1, 0x0b,0xba,0xe3,0x6e, 1750 0xcc,0x2f,0x49,0x19, 0x22,0x29,0xfc,0x71, 1751 0xbb,0x77,0x38,0x18, 0x61,0xaf,0x85,0x76, 1752 0xeb,0xd1,0x09,0xcc, 0x86,0x04,0x20,0x9a, 1753 0x66,0x53,0x2f,0x44, 0x8b,0xc6,0xa3,0xd2, 1754 0x5f,0xc7,0x79,0x82, 0x66,0xa8,0x6e,0x75, 1755 0x7d,0x94,0xd1,0x86, 0x75,0x0f,0xa5,0x4f, 1756 0x3c,0x7a,0x33,0xce, 0xd1,0x6e,0x9d,0x7b, 1757 0x1f,0x91,0x37,0xb8, 0x37,0x80,0xfb,0xe0, 1758 0x52,0x26,0xd0,0x9a, 0xd4,0x48,0x02,0x41, 1759 0x05,0xe3,0x5a,0x94, 0xf1,0x65,0x61,0x19, 1760 0xb8,0x88,0x4e,0x2b, 0xea,0xba,0x8b,0x58, 1761 0x8b,0x42,0x01,0x00, 0xa8,0xfe,0x00,0x5c, 1762 0xfe,0x1c,0xee,0x31, 0x15,0x69,0xfa,0xb3, 1763 0x9b,0x5f,0x22,0x8e, 0x0d,0x2c,0xe3,0xa5, 1764 0x21,0xb9,0x99,0x8a, 0x8e,0x94,0x5a,0xef, 1765 0x13,0x3e,0x99,0x96, 0x79,0x6e,0xd5,0x42, 1766 0x36,0x03,0xa9,0xe2, 0xca,0x65,0x4e,0x8a, 1767 0x8a,0x30,0xd2,0x7d, 0x74,0xe7,0xf0,0xaa, 1768 0x23,0x26,0xdd,0xcb, 0x82,0x39,0xfc,0x9d, 1769 0x51,0x76,0x21,0x80, 0xa2,0xbe,0x93,0x03, 1770 0x47,0xb0,0xc1,0xb6, 0xdc,0x63,0xfd,0x9f, 1771 0xca,0x9d,0xa5,0xca, 0x27,0x85,0xe2,0xd8, 1772 0x15,0x5b,0x7e,0x14, 0x7a,0xc4,0x89,0xcc, 1773 0x74,0x14,0x4b,0x46, 0xd2,0xce,0xac,0x39, 1774 0x6b,0x6a,0x5a,0xa4, 0x0e,0xe3,0x7b,0x15, 1775 0x94,0x4b,0x0f,0x74, 0xcb,0x0c,0x7f,0xa9, 1776 0xbe,0x09,0x39,0xa3, 0xdd,0x56,0x5c,0xc7, 1777 0x99,0x56,0x65,0x39, 0xf4,0x0b,0x7d,0x87, 1778 0xec,0xaa,0xe3,0x4d, 0x22,0x65,0x39,0x4e, 1779 }, 1780 .h = { 1781 0x64,0x3a,0xbc,0xc3, 0x3f,0x74,0x40,0x51, 1782 0x6e,0x56,0x01,0x1a, 0x51,0xec,0x36,0xde, 1783 }, 1784 }, 1785 }; 1786 const uint8_t *pk; 1787 const uint8_t *nhk; 1788 static uint32_t nhk32[268]; 1789 uint8_t h[16]; 1790 unsigned i, j; 1791 int result = 0; 1792 1793 for (i = 0; i < __arraycount(C); i++) { 1794 pk = C[i].k; 1795 nhk = C[i].k + 16; 1796 for (j = 0; j < 268; j++) 1797 nhk32[j] = le32dec(nhk + 4*j); 1798 nhpoly1305(h, C[i].m, C[i].mlen, pk, nhk32); 1799 if (memcmp(h, C[i].h, 16)) { 1800 char prefix[16]; 1801 snprintf(prefix, sizeof prefix, "nhpoly1305 %u", i); 1802 hexdump(printf, prefix, h, 32); 1803 result = -1; 1804 } 1805 } 1806 1807 return result; 1808 } 1809 1810 void 1812 adiantum_init(struct adiantum *A, const uint8_t key[static 32]) 1813 { 1814 uint8_t nonce[24] = {1}; 1815 unsigned i; 1816 1817 memcpy(A->ks, key, 32); 1818 1819 /* Relies on ordering of struct members. */ 1820 memset(A->kk, 0, 32 + 16 + 16 + 1072); 1821 xchacha_stream_xor(A->kk, A->kk, 32 + 16 + 16 + 1072, 0, nonce, A->ks, 1822 12); 1823 1824 /* Put the NH key words into host byte order. */ 1825 for (i = 0; i < __arraycount(A->kn); i++) 1826 A->kn[i] = le32toh(A->kn[i]); 1827 1828 /* Expand the AES key. */ 1829 aes_setenckey256(&A->kk_enc, A->kk); 1830 aes_setdeckey256(&A->kk_dec, A->kk); 1831 } 1832 1833 static void 1834 adiantum_hash(uint8_t h[static 16], const void *l, size_t llen, 1835 const void *t, size_t tlen, 1836 const uint8_t kt[static 16], 1837 const uint8_t kl[static 16], 1838 const uint32_t kn[static 268]) 1839 { 1840 struct poly1305 P; 1841 uint8_t llenbuf[16]; 1842 uint8_t ht[16]; 1843 uint8_t hl[16]; 1844 1845 KASSERT(llen % 16 == 0); 1846 1847 memset(llenbuf, 0, sizeof llenbuf); 1848 le64enc(llenbuf, 8*llen); 1849 1850 /* Compute H_T := Poly1305_{K_T}(le128(|l|) || tweak). */ 1851 poly1305_init(&P, kt); 1852 poly1305_update_blocks(&P, llenbuf, 16); 1853 poly1305_update_blocks(&P, t, tlen); 1854 poly1305_final(ht, &P); 1855 1856 /* Compute H_L := Poly1305_{K_L}(NH(pad_128(l))). */ 1857 nhpoly1305(hl, l, llen, kl, kn); 1858 1859 /* Compute H := H_T + H_L (mod 2^128). */ 1860 add128(h, ht, hl); 1861 } 1862 1863 void 1865 adiantum_enc(void *c, const void *p, size_t len, const void *t, size_t tlen, 1866 const struct adiantum *A) 1867 { 1868 size_t Rlen = 16; 1869 size_t Llen = len - Rlen; 1870 uint8_t *c8 = c; 1871 uint8_t *cL = c8; 1872 uint8_t *cR = c8 + Llen; 1873 const uint8_t *p8 = p; 1874 const uint8_t *pL = p8; 1875 const uint8_t *pR = p8 + Llen; 1876 uint8_t h[16]; 1877 uint8_t buf[16] __aligned(16); 1878 uint8_t nonce[24]; 1879 1880 KASSERT(len % 16 == 0); 1881 1882 adiantum_hash(h, pL, Llen, t, tlen, A->kt, A->kl, A->kn); 1883 add128(buf, pR, h); /* buf := P_M */ 1884 aes_enc(&A->kk_enc, buf, buf, AES_256_NROUNDS); /* buf := C_M */ 1885 1886 memcpy(nonce, buf, 16); 1887 le64enc(nonce + 16, 1); 1888 xchacha_stream_xor(cL, pL, Llen, 0, nonce, A->ks, 12); 1889 1890 adiantum_hash(h, cL, Llen, t, tlen, A->kt, A->kl, A->kn); 1891 sub128(cR, buf, h); 1892 1893 explicit_memset(h, 0, sizeof h); 1894 explicit_memset(buf, 0, sizeof buf); 1895 } 1896 1897 void 1898 adiantum_dec(void *p, const void *c, size_t len, const void *t, size_t tlen, 1899 const struct adiantum *A) 1900 { 1901 size_t Rlen = 16; 1902 size_t Llen = len - Rlen; 1903 const uint8_t *c8 = c; 1904 const uint8_t *cL = c8; 1905 const uint8_t *cR = c8 + Llen; 1906 uint8_t *p8 = p; 1907 uint8_t *pL = p8; 1908 uint8_t *pR = p8 + Llen; 1909 uint8_t h[16]; 1910 uint8_t buf[16] __aligned(16); 1911 uint8_t nonce[24]; 1912 1913 KASSERT(len % 16 == 0); 1914 1915 adiantum_hash(h, cL, Llen, t, tlen, A->kt, A->kl, A->kn); 1916 add128(buf, cR, h); /* buf := C_M */ 1917 1918 memcpy(nonce, buf, 16); 1919 le64enc(nonce + 16, 1); 1920 xchacha_stream_xor(pL, cL, Llen, 0, nonce, A->ks, 12); 1921 1922 aes_dec(&A->kk_dec, buf, buf, AES_256_NROUNDS); /* buf := P_M */ 1923 adiantum_hash(h, pL, Llen, t, tlen, A->kt, A->kl, A->kn); 1924 sub128(pR, buf, h); 1925 1926 explicit_memset(h, 0, sizeof h); 1927 explicit_memset(buf, 0, sizeof buf); 1928 } 1929 1930 #ifdef _KERNEL 1932 1933 MODULE(MODULE_CLASS_MISC, adiantum, "aes,chacha"); 1934 1935 static int 1936 adiantum_modcmd(modcmd_t cmd, void *opaque) 1937 { 1938 1939 switch (cmd) { 1940 case MODULE_CMD_INIT: { 1941 int result = 0; 1942 result |= addsub128_selftest(); 1943 result |= poly1305_selftest(); 1944 result |= nh_selftest(); 1945 result |= nhpoly1305_selftest(); 1946 result |= adiantum_selftest(); 1947 if (result) 1948 panic("adiantum self-test failed"); 1949 aprint_verbose("adiantum: self-test passed\n"); 1950 return 0; 1951 } 1952 case MODULE_CMD_FINI: 1953 return 0; 1954 default: 1955 return ENOTTY; 1956 } 1957 } 1958 1959 #else /* !defined(_KERNEL) */ 1961 1962 #include <err.h> 1963 #include <stdio.h> 1964 #include <unistd.h> 1965 1966 static int 1967 read_block(int fd, void *buf, size_t len) 1968 { 1969 char *p = buf; 1970 size_t n = len; 1971 ssize_t nread; 1972 1973 for (;;) { 1974 if ((nread = read(fd, p, n)) == -1) 1975 err(1, "read"); 1976 if (nread == 0) { 1977 if (n < len) 1978 errx(1, "partial block"); 1979 return -1; /* eof */ 1980 } 1981 if ((size_t)nread >= n) 1982 break; 1983 p += (size_t)nread; 1984 n -= (size_t)nread; 1985 } 1986 1987 return 0; 1988 } 1989 1990 static void 1991 write_block(int fd, const void *buf, size_t len) 1992 { 1993 const char *p = buf; 1994 size_t n = len; 1995 ssize_t nwrit; 1996 1997 for (;;) { 1998 if ((nwrit = write(fd, p, n)) == -1) 1999 err(1, "write"); 2000 if ((size_t)nwrit >= n) 2001 break; 2002 p += (size_t)nwrit; 2003 n -= (size_t)nwrit; 2004 } 2005 } 2006 2007 #define SECSIZE 512 2008 2009 static void 2010 process(void) 2011 { 2012 static const uint8_t k[32] = {0}; 2013 static uint8_t buf[65536]; 2014 static struct adiantum C; 2015 uint8_t blkno[16] = {0}; 2016 unsigned i; 2017 2018 adiantum_init(&C, k); 2019 while (read_block(STDIN_FILENO, buf, sizeof buf) == 0) { 2020 for (i = 0; i < sizeof buf; i += SECSIZE) { 2021 adiantum_enc(buf + i, buf + i, SECSIZE, blkno, 16, &C); 2022 le64enc(blkno, 1 + le32dec(blkno)); 2023 } 2024 write_block(STDOUT_FILENO, buf, sizeof buf); 2025 if (le64dec(blkno) == 1024*1024*1024/SECSIZE) 2026 return; 2027 } 2028 } 2029 2030 int 2031 main(void) 2032 { 2033 int result = 0; 2034 2035 result |= addsub128_selftest(); 2036 result |= poly1305_selftest(); 2037 result |= nh_selftest(); 2038 result |= nhpoly1305_selftest(); 2039 result |= adiantum_selftest(); 2040 if (result) 2041 return result; 2042 2043 process(); 2044 return 0; 2045 } 2046 2047 #endif /* _KERNEL */ 2048
Indexes created Sun Sep 28 16:09:52 GMT 2025