1 /* $NetBSD: adiantum.c,v 1.5 2020/07/26 04:05:20 riastradh Exp $ */ 2 3 /*- 4 * Copyright (c) 2020 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * The Adiantum wide-block cipher, from 31 * 32 * Paul Crowley and Eric Biggers, `Adiantum: length-preserving 33 * encryption for entry-level processors', IACR Transactions on 34 * Symmetric Cryptology 2018(4), pp. 39--61. 35 * 36 * https://doi.org/10.13154/tosc.v2018.i4.39-61 37 */ 38 39 #include <sys/cdefs.h> 40 __KERNEL_RCSID(1, "$NetBSD: adiantum.c,v 1.5 2020/07/26 04:05:20 riastradh Exp $"); 41 42 #include <sys/types.h> 43 #include <sys/endian.h> 44 45 #ifdef _KERNEL 46 47 #include <sys/module.h> 48 #include <sys/systm.h> 49 50 #include <lib/libkern/libkern.h> 51 52 #include <crypto/adiantum/adiantum.h> 53 #include <crypto/aes/aes.h> 54 #include <crypto/chacha/chacha.h> 55 56 #else /* !defined(_KERNEL) */ 57 58 #include <sys/cdefs.h> 59 60 #include <assert.h> 61 #include <stdint.h> 62 #include <stdio.h> 63 #include <string.h> 64 65 #include <openssl/aes.h> 66 67 struct aesenc { 68 AES_KEY enckey; 69 }; 70 71 struct aesdec { 72 AES_KEY deckey; 73 }; 74 75 #define AES_256_NROUNDS 14 76 #define aes_setenckey256(E, K) AES_set_encrypt_key((K), 256, &(E)->enckey) 77 #define aes_setdeckey256(D, K) AES_set_decrypt_key((K), 256, &(D)->deckey) 78 #define aes_enc(E, P, C, NR) AES_encrypt(P, C, &(E)->enckey) 79 #define aes_dec(D, C, P, NR) AES_decrypt(C, P, &(D)->deckey) 80 81 #include "adiantum.h" 82 83 #define CTASSERT __CTASSERT 84 #define KASSERT assert 85 #define MIN(x,y) ((x) < (y) ? (x) : (y)) 86 87 static void 88 hexdump(int (*prf)(const char *, ...) __printflike(1,2), const char *prefix, 89 const void *buf, size_t len) 90 { 91 const uint8_t *p = buf; 92 size_t i; 93 94 (*prf)("%s (%zu bytes)\n", prefix, len); 95 for (i = 0; i < len; i++) { 96 if (i % 16 == 8) 97 (*prf)(" "); 98 else 99 (*prf)(" "); 100 (*prf)("%02hhx", p[i]); 101 if ((i + 1) % 16 == 0) 102 (*prf)("\n"); 103 } 104 if (i % 16) 105 (*prf)("\n"); 106 } 107 108 #endif /* _KERNEL */ 109 110 /* Arithmetic modulo 2^128, represented by 16-digit strings in radix 2^8. */ 111 112 /* s := a + b (mod 2^128) */ 113 static inline void 114 add128(uint8_t s[restrict static 16], 115 const uint8_t a[static 16], const uint8_t b[static 16]) 116 { 117 unsigned i, c; 118 119 c = 0; 120 for (i = 0; i < 16; i++) { 121 c = a[i] + b[i] + c; 122 s[i] = c & 0xff; 123 c >>= 8; 124 } 125 } 126 127 /* s := a - b (mod 2^128) */ 128 static inline void 129 sub128(uint8_t d[restrict static 16], 130 const uint8_t a[static 16], const uint8_t b[static 16]) 131 { 132 unsigned i, c; 133 134 c = 0; 135 for (i = 0; i < 16; i++) { 136 c = a[i] - b[i] - c; 137 d[i] = c & 0xff; 138 c = 1 & (c >> 8); 139 } 140 } 141 142 static int 143 addsub128_selftest(void) 144 { 145 static const uint8_t zero[16] = { 146 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 147 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 148 }; 149 static const uint8_t one[16] = { 150 0x01,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 151 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 152 }; 153 static const uint8_t negativeone[16] = { 154 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 155 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 156 }; 157 static const uint8_t a[16] = { 158 0x03,0x80,0x00,0x00, 0x00,0x00,0x00,0x00, 159 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 160 }; 161 static const uint8_t b[16] = { 162 0x01,0x82,0x00,0x00, 0x00,0x00,0x00,0x00, 163 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, 164 }; 165 static const uint8_t c[16] = { 166 0x02,0xfe,0xff,0xff, 0xff,0xff,0xff,0xff, 167 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 168 }; 169 uint8_t r[16]; 170 int result = 0; 171 172 sub128(r, zero, one); 173 if (memcmp(r, negativeone, 16)) { 174 hexdump(printf, "sub128 1", r, sizeof r); 175 result = -1; 176 } 177 178 sub128(r, a, b); 179 if (memcmp(r, c, 16)) { 180 hexdump(printf, "sub128 2", r, sizeof r); 181 result = -1; 182 } 183 184 return result; 185 } 186 187 /* Poly1305 */ 188 189 struct poly1305 { 190 uint32_t r[5]; /* evaluation point */ 191 uint32_t h[5]; /* value */ 192 }; 193 194 static void 195 poly1305_init(struct poly1305 *P, const uint8_t key[static 16]) 196 { 197 198 /* clamp */ 199 P->r[0] = (le32dec(key + 0) >> 0) & 0x03ffffff; 200 P->r[1] = (le32dec(key + 3) >> 2) & 0x03ffff03; 201 P->r[2] = (le32dec(key + 6) >> 4) & 0x03ffc0ff; 202 P->r[3] = (le32dec(key + 9) >> 6) & 0x03f03fff; 203 P->r[4] = (le32dec(key + 12) >> 8) & 0x000fffff; 204 205 /* initialize polynomial evaluation */ 206 P->h[0] = P->h[1] = P->h[2] = P->h[3] = P->h[4] = 0; 207 } 208 209 static void 210 poly1305_update_blocks(struct poly1305 *P, const uint8_t *m, size_t mlen) 211 { 212 uint32_t r0 = P->r[0]; 213 uint32_t r1 = P->r[1]; 214 uint32_t r2 = P->r[2]; 215 uint32_t r3 = P->r[3]; 216 uint32_t r4 = P->r[4]; 217 uint32_t h0 = P->h[0]; 218 uint32_t h1 = P->h[1]; 219 uint32_t h2 = P->h[2]; 220 uint32_t h3 = P->h[3]; 221 uint32_t h4 = P->h[4]; 222 uint32_t m0, m1, m2, m3, m4; /* 26-bit message chunks */ 223 uint64_t k0, k1, k2, k3, k4; /* 64-bit extension of h */ 224 uint64_t p0, p1, p2, p3, p4; /* columns of product */ 225 uint32_t c; /* carry */ 226 227 while (mlen) { 228 if (__predict_false(mlen < 16)) { 229 /* Handle padding for uneven last block. */ 230 uint8_t buf[16]; 231 unsigned i; 232 233 for (i = 0; i < mlen; i++) 234 buf[i] = m[i]; 235 buf[i++] = 1; 236 for (; i < 16; i++) 237 buf[i] = 0; 238 m0 = le32dec(buf + 0) >> 0; 239 m1 = le32dec(buf + 3) >> 2; 240 m2 = le32dec(buf + 6) >> 4; 241 m3 = le32dec(buf + 9) >> 6; 242 m4 = le32dec(buf + 12) >> 8; 243 mlen = 0; 244 245 explicit_memset(buf, 0, sizeof buf); 246 } else { 247 m0 = le32dec(m + 0) >> 0; 248 m1 = le32dec(m + 3) >> 2; 249 m2 = le32dec(m + 6) >> 4; 250 m3 = le32dec(m + 9) >> 6; 251 m4 = le32dec(m + 12) >> 8; 252 m4 |= 1u << 24; 253 m += 16; 254 mlen -= 16; 255 } 256 257 /* k := h + m, extended to 64 bits */ 258 k0 = h0 + (m0 & 0x03ffffff); 259 k1 = h1 + (m1 & 0x03ffffff); 260 k2 = h2 + (m2 & 0x03ffffff); 261 k3 = h3 + m3; 262 k4 = h4 + m4; 263 264 /* p := k * r = (h + m)*r mod 2^130 - 5 */ 265 p0 = r0*k0 + 5*r4*k1 + 5*r3*k2 + 5*r2*k3 + 5*r1*k4; 266 p1 = r1*k0 + r0*k1 + 5*r4*k2 + 5*r3*k3 + 5*r2*k4; 267 p2 = r2*k0 + r1*k1 + r0*k2 + 5*r4*k3 + 5*r3*k4; 268 p3 = r3*k0 + r2*k1 + r1*k2 + r0*k3 + 5*r4*k4; 269 p4 = r4*k0 + r3*k1 + r2*k2 + r1*k3 + r0*k4; 270 271 /* propagate carries and update h */ 272 p0 += 0; c = p0 >> 26; h0 = p0 & 0x03ffffff; 273 p1 += c; c = p1 >> 26; h1 = p1 & 0x03ffffff; 274 p2 += c; c = p2 >> 26; h2 = p2 & 0x03ffffff; 275 p3 += c; c = p3 >> 26; h3 = p3 & 0x03ffffff; 276 p4 += c; c = p4 >> 26; h4 = p4 & 0x03ffffff; 277 278 /* reduce 2^130 = 5 */ 279 h0 += c*5; c = h0 >> 26; h0 &= 0x03ffffff; 280 h1 += c; 281 } 282 283 /* update hash values */ 284 P->h[0] = h0; 285 P->h[1] = h1; 286 P->h[2] = h2; 287 P->h[3] = h3; 288 P->h[4] = h4; 289 } 290 291 static void 292 poly1305_final(uint8_t h[static 16], struct poly1305 *P) 293 { 294 uint32_t h0 = P->h[0]; 295 uint32_t h1 = P->h[1]; 296 uint32_t h2 = P->h[2]; 297 uint32_t h3 = P->h[3]; 298 uint32_t h4 = P->h[4]; 299 uint32_t s0, s1, s2, s3, s4; /* h - (2^130 - 5) */ 300 uint32_t m; /* mask */ 301 uint32_t c; 302 303 /* propagate carries */ 304 h1 += 0; c = h1 >> 26; h1 &= 0x03ffffff; 305 h2 += c; c = h2 >> 26; h2 &= 0x03ffffff; 306 h3 += c; c = h3 >> 26; h3 &= 0x03ffffff; 307 h4 += c; c = h4 >> 26; h4 &= 0x03ffffff; 308 309 /* reduce 2^130 = 5 */ 310 h0 += c*5; c = h0 >> 26; h0 &= 0x03ffffff; 311 h1 += c; 312 313 /* s := h - (2^130 - 5) */ 314 c = 5; 315 s0 = h0 + c; c = s0 >> 26; s0 &= 0x03ffffff; 316 s1 = h1 + c; c = s1 >> 26; s1 &= 0x03ffffff; 317 s2 = h2 + c; c = s2 >> 26; s2 &= 0x03ffffff; 318 s3 = h3 + c; c = s3 >> 26; s3 &= 0x03ffffff; 319 s4 = h4 + c; 320 s4 -= 0x04000000; 321 322 /* m := -1 if h < 2^130 - 5 else 0 */ 323 m = -(s4 >> 31); 324 325 /* conditional subtract */ 326 h0 = (m & h0) | (~m & s0); 327 h1 = (m & h1) | (~m & s1); 328 h2 = (m & h2) | (~m & s2); 329 h3 = (m & h3) | (~m & s3); 330 h4 = (m & h4) | (~m & s4); 331 332 /* reduce modulo 2^128 */ 333 le32enc(h + 0, ((h1 << 26) | (h0 >> 0)) & 0xffffffff); 334 le32enc(h + 4, ((h2 << 20) | (h1 >> 6)) & 0xffffffff); 335 le32enc(h + 8, ((h3 << 14) | (h2 >> 12)) & 0xffffffff); 336 le32enc(h + 12, ((h4 << 8) | (h3 >> 18)) & 0xffffffff); 337 } 338 339 static void 340 poly1305(uint8_t h[static 16], const uint8_t *m, size_t mlen, 341 const uint8_t k[static 16]) 342 { 343 struct poly1305 P; 344 345 poly1305_init(&P, k); 346 poly1305_update_blocks(&P, m, mlen); 347 poly1305_final(h, &P); 348 } 349 350 static int 351 poly1305_selftest(void) 352 { 353 /* https://tools.ietf.org/html/rfc7539#section-2.5.2 */ 354 static const uint8_t r[16] = { 355 0x85,0xd6,0xbe,0x78, 0x57,0x55,0x6d,0x33, 356 0x7f,0x44,0x52,0xfe, 0x42,0xd5,0x06,0xa8, 357 }; 358 static const uint8_t s[16] = { 359 0x01,0x03,0x80,0x8a, 0xfb,0x0d,0xb2,0xfd, 360 0x4a,0xbf,0xf6,0xaf, 0x41,0x49,0xf5,0x1b, 361 }; 362 static const uint8_t m[] = { 363 0x43,0x72,0x79,0x70, 0x74,0x6f,0x67,0x72, 364 0x61,0x70,0x68,0x69, 0x63,0x20,0x46,0x6f, 365 0x72,0x75,0x6d,0x20, 0x52,0x65,0x73,0x65, 366 0x61,0x72,0x63,0x68, 0x20,0x47,0x72,0x6f, 367 0x75,0x70, 368 }; 369 static const uint8_t expected[16] = { 370 0xa8,0x06,0x1d,0xc1, 0x30,0x51,0x36,0xc6, 371 0xc2,0x2b,0x8b,0xaf, 0x0c,0x01,0x27,0xa9, 372 }; 373 uint8_t h[16], t[16]; 374 int result = 0; 375 376 poly1305(h, m, sizeof m, r); 377 add128(t, h, s); 378 if (memcmp(t, expected, 16)) { 379 hexdump(printf, "poly1305 h", h, sizeof h); 380 hexdump(printf, "poly1305 t", t, sizeof t); 381 result = -1; 382 } 383 384 return result; 385 } 386 387 /* NHPoly1305 */ 388 389 static void 390 nh(uint8_t h[static 32], const uint8_t *m, size_t mlen, 391 const uint32_t k[static 268 /* u/w + 2s(r - 1) */]) 392 { 393 const unsigned w = 32; /* word size */ 394 const unsigned s = 2; /* stride */ 395 const unsigned r = 4; /* rounds */ 396 const unsigned u = 8192; /* unit count (bits per msg unit) */ 397 uint64_t h0 = 0, h1 = 0, h2 = 0, h3 = 0; 398 unsigned i; 399 400 CTASSERT(r*w/8 == 16); 401 CTASSERT(u/w + 2*s*(r - 1) == 268); 402 403 KASSERT(mlen <= u/8); 404 KASSERT(mlen % 16 == 0); 405 406 for (i = 0; i < mlen/16; i++) { 407 uint32_t m0 = le32dec(m + 16*i + 4*0); 408 uint32_t m1 = le32dec(m + 16*i + 4*1); 409 uint32_t m2 = le32dec(m + 16*i + 4*2); 410 uint32_t m3 = le32dec(m + 16*i + 4*3); 411 412 uint32_t k00 = k[4*i + 4*0 + 0]; 413 uint32_t k01 = k[4*i + 4*0 + 1]; 414 uint32_t k02 = k[4*i + 4*0 + 2]; 415 uint32_t k03 = k[4*i + 4*0 + 3]; 416 uint32_t k10 = k[4*i + 4*1 + 0]; 417 uint32_t k11 = k[4*i + 4*1 + 1]; 418 uint32_t k12 = k[4*i + 4*1 + 2]; 419 uint32_t k13 = k[4*i + 4*1 + 3]; 420 uint32_t k20 = k[4*i + 4*2 + 0]; 421 uint32_t k21 = k[4*i + 4*2 + 1]; 422 uint32_t k22 = k[4*i + 4*2 + 2]; 423 uint32_t k23 = k[4*i + 4*2 + 3]; 424 uint32_t k30 = k[4*i + 4*3 + 0]; 425 uint32_t k31 = k[4*i + 4*3 + 1]; 426 uint32_t k32 = k[4*i + 4*3 + 2]; 427 uint32_t k33 = k[4*i + 4*3 + 3]; 428 429 CTASSERT(s == 2); 430 h0 += (uint64_t)(m0 + k00) * (m2 + k02); 431 h1 += (uint64_t)(m0 + k10) * (m2 + k12); 432 h2 += (uint64_t)(m0 + k20) * (m2 + k22); 433 h3 += (uint64_t)(m0 + k30) * (m2 + k32); 434 h0 += (uint64_t)(m1 + k01) * (m3 + k03); 435 h1 += (uint64_t)(m1 + k11) * (m3 + k13); 436 h2 += (uint64_t)(m1 + k21) * (m3 + k23); 437 h3 += (uint64_t)(m1 + k31) * (m3 + k33); 438 } 439 440 le64enc(h + 8*0, h0); 441 le64enc(h + 8*1, h1); 442 le64enc(h + 8*2, h2); 443 le64enc(h + 8*3, h3); 444 } 445 446 static void 447 nhpoly1305(uint8_t h[static 16], const uint8_t *m, size_t mlen, 448 const uint8_t pk[static 16], 449 const uint32_t nhk[static 268 /* u/w + 2s(r - 1) */]) 450 { 451 struct poly1305 P; 452 uint8_t h0[32]; 453 454 /* 455 * In principle NHPoly1305 is defined on uneven message 456 * lengths, but that's a pain in the patootie. 457 */ 458 KASSERT(mlen % 16 == 0); 459 460 poly1305_init(&P, pk); 461 for (; mlen; m += MIN(mlen, 1024), mlen -= MIN(mlen, 1024)) { 462 nh(h0, m, MIN(mlen, 1024), nhk); 463 poly1305_update_blocks(&P, h0, 32); 464 } 465 poly1305_final(h, &P); 466 } 467 468 /* https://github.com/google/adiantum/blob/68971e9c6684121b2203b4b05a22768b84051b58/test_vectors/ours/NH/NH.json */ 469 static int 470 nh_selftest(void) 471 { 472 static const struct { 473 uint8_t k[1072]; 474 unsigned mlen; 475 uint8_t m[1024]; 476 uint8_t h[32]; 477 } C[] = { 478 [0] = { /* 16-byte message */ 479 .k = { 480 0x22,0x5b,0x80,0xc8, 0x18,0x05,0x37,0x09, 481 0x76,0x14,0x4b,0x67, 0xc4,0x50,0x7f,0x2b, 482 0x2c,0xff,0x56,0xc5, 0xd5,0x66,0x45,0x68, 483 0x35,0xe6,0xd2,0x9a, 0xe5,0xd0,0xc1,0xfb, 484 0xac,0x59,0x81,0x1a, 0x60,0xb0,0x3d,0x81, 485 0x4b,0xa3,0x5b,0xa9, 0xcc,0xb3,0xfe,0x2d, 486 0xc2,0x4d,0xd9,0x26, 0xad,0x36,0xcf,0x8c, 487 0x05,0x11,0x3b,0x8a, 0x99,0x15,0x81,0xc8, 488 0x23,0xf5,0x5a,0x94, 0x10,0x2f,0x92,0x80, 489 0x38,0xc5,0xb2,0x63, 0x80,0xd5,0xdc,0xa3, 490 0x6c,0x2f,0xaa,0x03, 0x96,0x4a,0x75,0x33, 491 0x4c,0xa8,0x60,0x05, 0x96,0xbf,0xe5,0x7a, 492 0xc8,0x4f,0x5c,0x22, 0xf9,0x92,0x74,0x4a, 493 0x75,0x5f,0xa2,0x2a, 0x8d,0x3f,0xe2,0x43, 494 0xfd,0xd9,0x04,0x8c, 0x8e,0xea,0x84,0xcc, 495 0x4d,0x3f,0x94,0x96, 0xed,0x1a,0x51,0xbb, 496 0x2f,0xc4,0x63,0x28, 0x31,0x0b,0xda,0x92, 497 0x1e,0x4d,0xe2,0x1d, 0x82,0xb5,0x65,0xb4, 498 0x75,0x69,0xd7,0x6f, 0x29,0xe4,0xbe,0x7e, 499 0xcc,0xbd,0x95,0xbd, 0x7a,0x62,0xea,0xfa, 500 0x33,0x34,0x80,0x58, 0xbf,0xfa,0x00,0x7e, 501 0xa7,0xb4,0xc9,0x32, 0x7c,0xc7,0x8f,0x8a, 502 0x28,0x27,0xdd,0xeb, 0xb9,0x1c,0x01,0xad, 503 0xec,0xf4,0x30,0x5e, 0xce,0x3b,0xaa,0x22, 504 0x60,0xbd,0x84,0xd9, 0x9e,0xaf,0xe8,0x4c, 505 0x44,0xb6,0x84,0x2d, 0x5c,0xe6,0x26,0xee, 506 0x8a,0xa2,0x0d,0xe3, 0x97,0xed,0xf5,0x47, 507 0xdb,0x50,0x72,0x4a, 0x5e,0x9a,0x8d,0x10, 508 0xc2,0x25,0xdd,0x5b, 0xd0,0x39,0xc4,0x5b, 509 0x2a,0x79,0x81,0xb7, 0x5c,0xda,0xed,0x77, 510 0x17,0x53,0xb5,0x8b, 0x1e,0x5f,0xf3,0x48, 511 0x30,0xac,0x97,0x7d, 0x29,0xe3,0xc9,0x18, 512 0xe1,0x2b,0x31,0xa0, 0x08,0xe9,0x15,0x59, 513 0x29,0xdb,0x84,0x2a, 0x33,0x98,0x8a,0xd4, 514 0xc3,0xfc,0xf7,0xca, 0x65,0x02,0x4d,0x9f, 515 0xe2,0xb1,0x5e,0xa6, 0x6a,0x01,0xf9,0xcf, 516 0x7e,0xa6,0x09,0xd9, 0x16,0x90,0x14,0x5f, 517 0x3a,0xf8,0xd8,0x34, 0x38,0xd6,0x1f,0x89, 518 0x0c,0x81,0xc2,0x68, 0xc4,0x65,0x78,0xf3, 519 0xfe,0x27,0x48,0x70, 0x38,0x43,0x48,0x5a, 520 0xc1,0x24,0xc5,0x6f, 0x65,0x63,0x1b,0xb0, 521 0x5b,0xb4,0x07,0x1e, 0x69,0x08,0x8f,0xfc, 522 0x93,0x29,0x04,0x16, 0x6a,0x8b,0xb3,0x3d, 523 0x0f,0xba,0x5f,0x46, 0xff,0xfe,0x77,0xa1, 524 0xb9,0xdc,0x29,0x66, 0x9a,0xd1,0x08,0xdd, 525 0x32,0xe3,0x21,0x7b, 0xcc,0x2e,0x5c,0xf7, 526 0x79,0x68,0xd4,0xc1, 0x8b,0x3c,0x5d,0x0e, 527 0xd4,0x26,0xa6,0x19, 0x92,0x45,0xf7,0x19, 528 0x0e,0xa2,0x17,0xd8, 0x1c,0x7f,0x8d,0xd6, 529 0x68,0x37,0x6c,0xbf, 0xb1,0x8a,0x5e,0x36, 530 0x4b,0xc0,0xca,0x21, 0x02,0x24,0x69,0x9b, 531 0x2b,0x19,0x0a,0x1b, 0xe3,0x17,0x30,0x57, 532 0xf6,0xfc,0xd6,0x66, 0x36,0x30,0xc2,0x11, 533 0x08,0x8d,0xc5,0x84, 0x67,0xa0,0x89,0xc3, 534 0x74,0x48,0x15,0xca, 0x6e,0x0c,0x6d,0x78, 535 0x66,0x15,0x73,0x85, 0xf9,0x8b,0xba,0xb2, 536 0x09,0xda,0x79,0xe6, 0x00,0x08,0x2a,0xda, 537 0x6b,0xd7,0xd1,0xa7, 0x8b,0x5f,0x11,0x87, 538 0x96,0x1b,0x23,0xb0, 0x6c,0x55,0xb6,0x86, 539 0xfb,0xff,0xe3,0x69, 0xac,0x43,0xcd,0x8f, 540 0x8a,0xe7,0x1c,0x3c, 0xa0,0x6a,0xd5,0x63, 541 0x80,0x66,0xd8,0x7f, 0xb5,0xb8,0x96,0xd4, 542 0xe2,0x20,0x40,0x53, 0x6d,0x0d,0x8b,0x6d, 543 0xd5,0x5d,0x51,0xfb, 0x4d,0x80,0x82,0x01, 544 0x14,0x97,0x96,0x9b, 0x13,0xb8,0x1d,0x76, 545 0x7a,0xa1,0xca,0x19, 0x90,0xec,0x7b,0xe0, 546 0x8e,0xa8,0xb4,0xf2, 0x33,0x67,0x0e,0x10, 547 0xb1,0xa2,0x82,0xea, 0x81,0x82,0xa2,0xc6, 548 0x78,0x51,0xa6,0xd3, 0x25,0xe4,0x9c,0xf2, 549 0x6b,0xa8,0xec,0xfb, 0xd4,0x1d,0x5b,0xa4, 550 0x79,0x66,0x62,0xb8, 0x2b,0x6f,0x9e,0x0f, 551 0xcc,0xcb,0x9e,0x92, 0x6f,0x06,0xdb,0xf0, 552 0x97,0xce,0x3f,0x90, 0xa2,0x1f,0xbe,0x3b, 553 0x7b,0x10,0xf0,0x23, 0x30,0x0c,0xc5,0x0c, 554 0x6c,0x78,0xfc,0xa8, 0x71,0x62,0xcf,0x98, 555 0xa2,0xb1,0x44,0xb5, 0xc6,0x3b,0x5c,0x63, 556 0x83,0x1d,0x35,0xf2, 0xc7,0x42,0x67,0x5d, 557 0xc1,0x26,0x36,0xc8, 0x6e,0x1d,0xf6,0xd5, 558 0x52,0x35,0xa4,0x9e, 0xce,0x4c,0x3b,0x92, 559 0x20,0x86,0xb7,0x89, 0x63,0x73,0x1a,0x8b, 560 0xa6,0x35,0xfe,0xb9, 0xdf,0x5e,0x0e,0x53, 561 0x0b,0xf2,0xb3,0x4d, 0x34,0x1d,0x66,0x33, 562 0x1f,0x08,0xf5,0xf5, 0x0a,0xab,0x76,0x19, 563 0xde,0x82,0x2f,0xcf, 0x11,0xa6,0xcb,0xb3, 564 0x17,0xec,0x8d,0xaf, 0xcb,0xf0,0x92,0x1e, 565 0xb8,0xa3,0x04,0x0a, 0xac,0x2c,0xae,0xc5, 566 0x0b,0xc4,0x4e,0xef, 0x0a,0xe2,0xda,0xe9, 567 0xd7,0x75,0x2d,0x95, 0xc7,0x1b,0xf3,0x0b, 568 0x43,0x19,0x16,0xd7, 0xc6,0x90,0x2d,0x6b, 569 0xe1,0xb2,0xce,0xbe, 0xd0,0x7d,0x15,0x99, 570 0x24,0x37,0xbc,0xb6, 0x8c,0x89,0x7a,0x8c, 571 0xcb,0xa7,0xf7,0x0b, 0x5f,0xd4,0x96,0x8d, 572 0xf5,0x80,0xa3,0xce, 0xf5,0x9e,0xed,0x60, 573 0x00,0x92,0xa5,0x67, 0xc9,0x21,0x79,0x0b, 574 0xfb,0xe2,0x57,0x0e, 0xdf,0xb6,0x16,0x90, 575 0xd3,0x75,0xf6,0xb0, 0xa3,0x4e,0x43,0x9a, 576 0xb7,0xf4,0x73,0xd8, 0x34,0x46,0xc6,0xbe, 577 0x80,0xec,0x4a,0xc0, 0x7f,0x9e,0xb6,0xb0, 578 0x58,0xc2,0xae,0xa1, 0xf3,0x60,0x04,0x62, 579 0x11,0xea,0x0f,0x90, 0xa9,0xea,0x6f,0x0c, 580 0x4c,0xcf,0xe8,0xd0, 0xea,0xbf,0xdb,0xf2, 581 0x53,0x0c,0x09,0x4d, 0xd4,0xed,0xf3,0x22, 582 0x10,0x99,0xc6,0x4f, 0xcf,0xcf,0x96,0xc9, 583 0xd9,0x6b,0x08,0x3b, 0xf0,0x62,0x2d,0xac, 584 0x55,0x38,0xd5,0x5c, 0x57,0xad,0x51,0xc3, 585 0xf5,0xd2,0x37,0x45, 0xb3,0x3f,0x6d,0xaf, 586 0x10,0x62,0x57,0xb9, 0x58,0x40,0xb3,0x3c, 587 0x6a,0x98,0x97,0x1a, 0x9c,0xeb,0x66,0xf1, 588 0xa5,0x93,0x0b,0xe7, 0x8b,0x29,0x0f,0xff, 589 0x2c,0xd0,0x90,0xf2, 0x67,0xa0,0x69,0xcd, 590 0xd3,0x59,0xad,0xad, 0xf1,0x1f,0xd7,0xad, 591 0x24,0x74,0x29,0xcd, 0x06,0xd5,0x42,0x90, 592 0xf9,0x96,0x4a,0xd9, 0xa0,0x37,0xe4,0x64, 593 0x8e,0x13,0x2a,0x2a, 0xe7,0xc2,0x1e,0xf6, 594 0xb2,0xd3,0xdc,0x9f, 0x33,0x32,0x0c,0x50, 595 0x88,0x37,0x8b,0x9b, 0xfe,0x6f,0xfd,0x05, 596 0x96,0x26,0x6c,0x96, 0x73,0x73,0xe1,0x09, 597 0x28,0xf3,0x7f,0xa6, 0x59,0xc5,0x2e,0xf4, 598 0xd3,0xd5,0xda,0x6b, 0xca,0x42,0x05,0xe5, 599 0xed,0x13,0xe2,0x4e, 0xcd,0xd5,0xd0,0xfb, 600 0x6e,0xf7,0x8a,0x3e, 0x91,0x9d,0x6b,0xc5, 601 0x33,0x05,0x07,0x86, 0xb2,0x26,0x41,0x6e, 602 0xf8,0x38,0x38,0x7a, 0xf0,0x6c,0x27,0x5a, 603 0x01,0xd8,0x03,0xe5, 0x91,0x33,0xaa,0x20, 604 0xcd,0xa7,0x4f,0x18, 0xa0,0x91,0x28,0x74, 605 0xc0,0x58,0x27,0x0f, 0x9b,0xa8,0x85,0xb0, 606 0xe0,0xfd,0x5b,0xdb, 0x5b,0xb8,0x86,0x79, 607 0x94,0x6d,0xde,0x26, 0x64,0x2d,0x6c,0xb9, 608 0xba,0xc7,0xf0,0xd7, 0xaa,0x68,0x68,0xd0, 609 0x40,0x71,0xdb,0x94, 0x54,0x62,0xa5,0x7f, 610 0x98,0xea,0xe3,0x4c, 0xe4,0x44,0x9a,0x03, 611 0xf9,0x1c,0x20,0x36, 0xeb,0x0d,0xa4,0x41, 612 0x24,0x06,0xcb,0x94, 0x86,0x35,0x22,0x62, 613 0x80,0x19,0x16,0xba, 0x2c,0x10,0x38,0x96, 614 }, 615 .mlen = 16, 616 .m = { 617 0xd3,0x82,0xe7,0x04, 0x35,0xcc,0xf7,0xa4, 618 0xf9,0xb2,0xc5,0xed, 0x5a,0xd9,0x58,0xeb, 619 }, 620 .h = { 621 0x41,0xd9,0xad,0x54, 0x5a,0x0d,0xcc,0x53, 622 0x48,0xf6,0x4c,0x75, 0x43,0x5d,0xdd,0x77, 623 0xda,0xca,0x7d,0xec, 0x91,0x3b,0x53,0x16, 624 0x5c,0x4b,0x58,0xdc, 0x70,0x0a,0x7b,0x37, 625 }, 626 }, 627 [1] = { /* 1008-byte message */ 628 .k = { 629 0xd9,0x94,0x65,0xda, 0xc2,0x60,0xdd,0xa9, 630 0x39,0xe5,0x37,0x11, 0xf6,0x74,0xa5,0x95, 631 0x36,0x07,0x24,0x99, 0x64,0x6b,0xda,0xe2, 632 0xd5,0xd1,0xd2,0xd9, 0x25,0xd5,0xcc,0x48, 633 0xf8,0xa5,0x9e,0xff, 0x84,0x5a,0xd1,0x6f, 634 0xb7,0x6a,0x4d,0xd2, 0xc8,0x13,0x3d,0xde, 635 0x17,0xed,0x64,0xf1, 0x2b,0xcc,0xdd,0x65, 636 0x11,0x16,0xf2,0xaf, 0x34,0xd2,0xc5,0x31, 637 0xaa,0x69,0x33,0x0a, 0x0b,0xc1,0xb4,0x6d, 638 0xaa,0xcd,0x43,0xc4, 0x0b,0xef,0xf9,0x7d, 639 0x97,0x3c,0xa7,0x22, 0xda,0xa6,0x6a,0xf0, 640 0xad,0xe3,0x6f,0xde, 0xfb,0x33,0xf3,0xd8, 641 0x96,0x5f,0xca,0xda, 0x18,0x63,0x03,0xd0, 642 0x8f,0xb6,0xc4,0x62, 0x9d,0x50,0x6c,0x8f, 643 0x85,0xdd,0x6d,0x52, 0x2d,0x45,0x01,0x36, 644 0x57,0x9f,0x51,0xf0, 0x70,0xe0,0xb2,0x99, 645 0x3a,0x11,0x68,0xbd, 0xe5,0xfa,0x7c,0x59, 646 0x12,0x5a,0xbc,0xd9, 0xd6,0x9a,0x09,0xe6, 647 0xa2,0x80,0x1f,0xd6, 0x47,0x20,0x82,0x4e, 648 0xac,0xb5,0x6d,0xde, 0x5b,0xff,0x9c,0xd4, 649 0x2a,0xae,0x27,0x7c, 0x0f,0x5a,0x5d,0x35, 650 0x2d,0xff,0x07,0xf9, 0x79,0x6a,0xf9,0x3e, 651 0xd9,0x22,0x62,0x30, 0x40,0xce,0xe1,0xf4, 652 0x46,0x0a,0x24,0xca, 0x7a,0x3e,0xa1,0x92, 653 0x1a,0x29,0xa0,0xbf, 0x23,0x95,0x99,0x31, 654 0xe3,0x51,0x25,0x3d, 0xaf,0x1e,0xfc,0xb3, 655 0x65,0xa2,0x10,0x37, 0xe6,0xa7,0x20,0xa0, 656 0xe3,0x6a,0xd4,0x81, 0x2c,0x8d,0xa0,0x87, 657 0xec,0xae,0x9f,0x44, 0x10,0xda,0x2e,0x17, 658 0xba,0xb2,0xa5,0x5c, 0x89,0xc6,0xfa,0x70, 659 0x7e,0xc2,0xe3,0xb6, 0xa0,0x98,0x9c,0xb8, 660 0x14,0x33,0x27,0x3a, 0x6e,0x4d,0x94,0x72, 661 0x4b,0xc8,0xac,0x24, 0x2f,0x85,0xd9,0xa4, 662 0xda,0x22,0x95,0xc5, 0xb3,0xfc,0xbe,0xd2, 663 0x96,0x57,0x91,0xf9, 0xfd,0x18,0x9c,0x56, 664 0x70,0x15,0x5f,0xe7, 0x40,0x45,0x28,0xb3, 665 0x2b,0x56,0x44,0xca, 0x6a,0x2b,0x0e,0x25, 666 0x66,0x3e,0x32,0x04, 0xe2,0xb7,0x91,0xc8, 667 0xd2,0x02,0x79,0x0f, 0x7e,0xa9,0xb3,0x86, 668 0xb2,0x76,0x74,0x18, 0x57,0x16,0x63,0x06, 669 0x6e,0x16,0xfa,0xef, 0x52,0x3c,0x5e,0x0d, 670 0x33,0x55,0xd2,0x8d, 0x57,0x4d,0xfe,0x54, 671 0x65,0x7a,0x54,0x52, 0xf0,0x7b,0x2c,0xf8, 672 0xd5,0x43,0xba,0x92, 0xa5,0x2e,0xbe,0x1a, 673 0xce,0x25,0x4f,0x34, 0x31,0xe7,0xa3,0xff, 674 0x90,0xf6,0xbc,0x0c, 0xbc,0x98,0xdf,0x4a, 675 0xc3,0xeb,0xb6,0x27, 0x68,0xa9,0xb5,0x33, 676 0xbc,0x13,0xe8,0x13, 0x7c,0x6b,0xec,0x31, 677 0xd9,0x79,0x2a,0xa7, 0xe4,0x02,0x4f,0x02, 678 0xd4,0x5c,0x57,0x4f, 0xa4,0xbc,0xa3,0xe1, 679 0x7e,0x36,0x8a,0xde, 0x11,0x55,0xec,0xb3, 680 0x8b,0x65,0x06,0x02, 0x9a,0x68,0x06,0x64, 681 0x63,0xc7,0x9a,0x67, 0xdc,0x70,0xbf,0xb5, 682 0xf8,0x49,0x2a,0xe1, 0x59,0x4c,0xe4,0x1e, 683 0xb5,0x56,0xa5,0xad, 0x24,0x82,0x8c,0xd0, 684 0x66,0xe4,0x72,0x79, 0x02,0x5d,0x0d,0xf9, 685 0x19,0x44,0xe3,0x86, 0x1a,0xda,0xda,0xf0, 686 0x2d,0x47,0xc0,0x07, 0x47,0x0b,0xf8,0x06, 687 0xf6,0x45,0x8a,0x7f, 0xb9,0xf9,0x33,0x2e, 688 0xc2,0xf1,0xf1,0x81, 0x41,0x99,0xcd,0xf6, 689 0xb1,0x71,0x1b,0xfa, 0x21,0x53,0x7c,0xa1, 690 0xeb,0x2a,0x38,0x5b, 0x9b,0xfe,0x96,0xa5, 691 0xe3,0x78,0x77,0x47, 0x98,0x0f,0x7d,0xef, 692 0xf6,0x05,0x37,0x88, 0x79,0x0c,0x21,0x8d, 693 0x87,0x1f,0xae,0xce, 0x83,0xaf,0xa3,0xd6, 694 0x6e,0xc5,0x3c,0x47, 0xc6,0xd6,0x4a,0xdc, 695 0x7c,0xcc,0xdc,0x11, 0x7c,0x7d,0x0f,0x03, 696 0xc1,0x80,0x75,0x2a, 0x64,0x76,0xf0,0x08, 697 0x0c,0x11,0x4b,0xe4, 0x05,0x41,0x78,0x0f, 698 0x86,0xa0,0xd6,0x61, 0xb0,0xfb,0x15,0x3d, 699 0x3c,0xc3,0xd5,0x1b, 0x72,0x0e,0x79,0x53, 700 0x07,0xd2,0x2c,0x6e, 0x83,0xbd,0x72,0x88, 701 0x41,0x07,0x4b,0xd2, 0xe9,0xcc,0x2a,0x9d, 702 0x5b,0x82,0x0d,0x02, 0x29,0x6e,0xf3,0xbc, 703 0x34,0x31,0x62,0x8d, 0x83,0xc1,0x7e,0x94, 704 0x21,0xd5,0xfd,0xa6, 0x6a,0x2b,0xe8,0x86, 705 0x05,0x48,0x97,0x41, 0xad,0xca,0xef,0x79, 706 0x5e,0xd8,0x51,0xc4, 0xae,0xf7,0xfa,0xac, 707 0x3d,0x74,0x2e,0xf4, 0x41,0x3b,0x19,0xc2, 708 0x04,0xf3,0x40,0xfe, 0x77,0x7c,0x6a,0x4c, 709 0x8e,0x24,0x84,0xe0, 0x70,0xe4,0xb2,0x19, 710 0x6c,0x0c,0x85,0x9e, 0xe1,0xad,0xa4,0x73, 711 0x90,0xdd,0xbf,0x7d, 0x1b,0x6f,0x8b,0x4d, 712 0x3b,0xec,0xd7,0xb0, 0xd9,0x90,0xf1,0xf5, 713 0xb9,0x32,0xe3,0x79, 0x15,0x08,0x3e,0x71, 714 0xed,0x91,0xc4,0x5c, 0x18,0xe8,0x16,0x52, 715 0xae,0x9d,0xf3,0x09, 0xac,0x57,0x11,0xf8, 716 0x16,0x55,0xd0,0x28, 0x60,0xc1,0x7e,0x6d, 717 0x87,0xc1,0x7a,0xe8, 0x5d,0xc5,0x12,0x68, 718 0x6d,0x63,0x39,0x27, 0x49,0xb8,0x0c,0x78, 719 0x92,0xea,0x6f,0x52, 0xeb,0x43,0xc2,0x0b, 720 0xd8,0x28,0x77,0xe5, 0x43,0x5f,0xb8,0xa6, 721 0x32,0xb7,0xaa,0x01, 0x1e,0xa6,0xde,0xe4, 722 0x9b,0x0f,0xb6,0x49, 0xcc,0x6f,0x2c,0x04, 723 0x41,0xcb,0xd8,0x80, 0xd1,0x15,0x5e,0x57, 724 0x1e,0x4a,0x77,0xbf, 0xc4,0xcb,0x09,0x7c, 725 0x6e,0x81,0xb8,0x64, 0x51,0x6a,0xf2,0x71, 726 0x06,0xf6,0x00,0xac, 0x79,0x2c,0x83,0x7a, 727 0x6c,0xa4,0x85,0x89, 0x69,0x06,0x26,0x72, 728 0xe1,0x00,0x66,0xc0, 0xc5,0x8e,0xc8,0x51, 729 0x6e,0x25,0xdd,0xc9, 0x54,0x98,0x45,0x64, 730 0xaa,0x51,0x18,0x1b, 0xe4,0xbe,0x1b,0xee, 731 0x13,0xd6,0x34,0x50, 0x4c,0xcf,0x3c,0x31, 732 0x9b,0xd2,0x6f,0x07, 0x79,0xf4,0x63,0x3f, 733 0x09,0x01,0x64,0xf1, 0xc1,0xf1,0xae,0xa9, 734 0x0c,0x60,0xc9,0x62, 0x84,0xf6,0xe8,0x15, 735 0x55,0xdf,0xdd,0x71, 0x95,0xa9,0x0f,0x65, 736 0x97,0x40,0x79,0x86, 0x95,0xd9,0x57,0x23, 737 0x2f,0x61,0x51,0xb5, 0x16,0x18,0x62,0xd2, 738 0x1a,0xd9,0x8b,0x88, 0x84,0xa9,0x9b,0x47, 739 0xd7,0x22,0x68,0xe9, 0x9c,0x69,0x68,0x74, 740 0x13,0x95,0xd3,0x99, 0x33,0xdb,0x30,0x96, 741 0xbf,0x01,0xc6,0x68, 0xbd,0x19,0x32,0xc1, 742 0xf8,0xa9,0x7f,0x2b, 0xc5,0x69,0x2f,0xa2, 743 0xce,0x5a,0x46,0x43, 0x8d,0x36,0x9c,0xfa, 744 0x5c,0x7f,0x03,0xe0, 0x80,0xaa,0xc7,0x9e, 745 0x3b,0xa3,0x27,0x6b, 0x2e,0xc6,0x59,0x0a, 746 0xf6,0x36,0x37,0xa6, 0xc0,0xd1,0xa1,0xa1, 747 0x7e,0xc1,0xf8,0x5b, 0x0f,0x9b,0xdd,0x6d, 748 0x9f,0x54,0x16,0x6b, 0x6e,0x53,0xfd,0xe8, 749 0x72,0xd0,0x3e,0x46, 0xce,0xaf,0x94,0x36, 750 0x85,0xa8,0xae,0x4c, 0x8d,0xb5,0xc2,0x1b, 751 0x5d,0x29,0x46,0x40, 0x87,0x50,0x59,0xdd, 752 0x04,0xbe,0xba,0x8f, 0x0b,0x9b,0xd2,0x50, 753 0x67,0x19,0x83,0x80, 0x87,0x5c,0x58,0x86, 754 0x20,0x39,0xbf,0xdf, 0xd2,0xc8,0xbb,0xe8, 755 0xc8,0xd8,0xe8,0x8d, 0xcc,0x97,0xe0,0xc9, 756 0x6c,0x2f,0x47,0xb6, 0x75,0x8f,0x0d,0x37, 757 0x5a,0x83,0xb0,0xce, 0x59,0xc2,0x0b,0x84, 758 0xa2,0x54,0xe5,0x38, 0x59,0x29,0x0f,0xa8, 759 0x26,0x2d,0x11,0xa9, 0x89,0x0e,0x0b,0x75, 760 0xe0,0xbc,0xf0,0xf8, 0x92,0x1f,0x29,0x71, 761 0x91,0xc4,0x63,0xcc, 0xf8,0x52,0xb5,0xd4, 762 0xb8,0x94,0x6a,0x30, 0x90,0xf7,0x44,0xbe, 763 }, 764 .mlen = 1008, 765 .m = { 766 0x05,0xe3,0x6f,0x44, 0xa4,0x40,0x35,0xf6, 767 0xeb,0x86,0xa9,0x6d, 0xed,0x16,0xdb,0xb6, 768 0x5b,0x59,0xda,0x30, 0x54,0x6c,0x59,0x35, 769 0x42,0x59,0x56,0x45, 0x9a,0x85,0x20,0x73, 770 0xcf,0x21,0xf5,0x98, 0x58,0x07,0x0e,0x7f, 771 0x44,0x1f,0xf1,0x53, 0x92,0xc7,0x81,0x53, 772 0x5e,0x97,0x8a,0x23, 0x1d,0xe8,0xad,0xca, 773 0x19,0x55,0x96,0x9d, 0x9b,0xfd,0x0a,0x0a, 774 0xad,0xa8,0x0f,0x76, 0xe2,0x6a,0x8f,0x33, 775 0x36,0xbf,0xcb,0x7a, 0xfd,0x61,0xc6,0xfb, 776 0x75,0xea,0xd4,0x09, 0x5e,0x70,0xfb,0x32, 777 0x54,0xe3,0x47,0x48, 0xd4,0x8c,0xa9,0x7c, 778 0x72,0xdb,0xdb,0xf7, 0x09,0x6d,0x58,0xa6, 779 0x42,0xb5,0x74,0x8c, 0x98,0x66,0x83,0x7a, 780 0x6d,0xeb,0x91,0xfb, 0x22,0x1c,0x78,0x3d, 781 0x22,0xa6,0xf8,0xb0, 0xd1,0x9f,0xc8,0x69, 782 0x8a,0xba,0xd3,0x78, 0x21,0xb0,0x7b,0x9f, 783 0xb8,0xed,0xe0,0x65, 0xff,0xa0,0x8b,0x4c, 784 0x17,0x9e,0xf7,0x3e, 0xa2,0x5f,0x82,0x77, 785 0xce,0x2a,0xda,0x41, 0x76,0x07,0x68,0xa4, 786 0xa1,0xbb,0xe0,0x1d, 0x7b,0xab,0x9c,0x03, 787 0x90,0x2c,0xd2,0x93, 0x46,0x43,0x3a,0x44, 788 0x29,0xe8,0xb5,0x7a, 0x23,0xbb,0xe9,0xaf, 789 0x2b,0x17,0x88,0x8f, 0x7a,0x81,0x7a,0x25, 790 0x3b,0xc7,0x1e,0x6e, 0xde,0x3e,0x54,0xbc, 791 0xc6,0xff,0x07,0xdc, 0xe6,0x29,0x02,0x4c, 792 0x95,0x57,0x0e,0x44, 0xc4,0x9c,0xc7,0x45, 793 0x01,0xd7,0x17,0xfd, 0x0f,0x1a,0x83,0x74, 794 0xa0,0xd5,0xb3,0x1a, 0xc0,0x97,0xdc,0xc3, 795 0x0f,0x3d,0x5d,0x8c, 0x02,0x58,0xc6,0x4d, 796 0x43,0x10,0xae,0xc9, 0x94,0xe2,0x9b,0xcd, 797 0xf9,0xcc,0xfe,0xbd, 0x9c,0x69,0xd0,0xec, 798 0xf8,0x67,0xde,0x98, 0xe5,0x50,0x5e,0x93, 799 0x6a,0x5b,0x31,0x2a, 0x62,0xee,0x03,0xbe, 800 0x76,0x9c,0x1d,0x13, 0x16,0x13,0xcf,0x63, 801 0x30,0x18,0x7d,0x1e, 0x55,0x94,0xf5,0x29, 802 0xb4,0x91,0xb4,0x76, 0x1c,0x31,0x9e,0xe5, 803 0x1b,0x0a,0xee,0x89, 0xb4,0xd9,0x45,0x19, 804 0xd7,0x47,0x2c,0x01, 0x20,0xe6,0x1d,0x7c, 805 0xb3,0x5e,0x1b,0x2a, 0x8c,0x3d,0x4d,0x1a, 806 0x6b,0x35,0x84,0x41, 0x6a,0xe4,0x32,0x8f, 807 0x9a,0x0d,0xbf,0x90, 0xff,0xcf,0x4c,0xfb, 808 0x9b,0x07,0x81,0x94, 0xcf,0x8e,0x1a,0x8a, 809 0xfc,0xbd,0x91,0xfe, 0xc3,0xe1,0x18,0xc7, 810 0x1f,0x0d,0x8e,0x1c, 0x2e,0xfc,0x02,0xe8, 811 0x39,0xbf,0x05,0x90, 0x58,0x94,0xee,0xe7, 812 0x15,0x31,0x5d,0x9f, 0x68,0x36,0x64,0x32, 813 0x25,0x49,0xdd,0x3e, 0xc8,0xb6,0x83,0x5e, 814 0x09,0x90,0xcd,0x48, 0xaf,0x9e,0xfe,0xd6, 815 0x79,0x8e,0x69,0x4b, 0x94,0xd5,0xf4,0x84, 816 0x7b,0xce,0xea,0x2f, 0x9b,0x79,0x7a,0x7c, 817 0x22,0x28,0x4d,0xa1, 0x38,0x1a,0x66,0x24, 818 0x79,0xa3,0xfa,0xfa, 0x8d,0x98,0x7c,0x54, 819 0x71,0x54,0xef,0x37, 0xa6,0xf1,0x97,0x54, 820 0xad,0xe7,0x67,0xa0, 0xf3,0x33,0xcf,0x4f, 821 0x4e,0xa3,0x47,0xee, 0x31,0xd3,0x98,0xf9, 822 0x7f,0x9f,0x44,0x18, 0x2f,0x13,0x1b,0x44, 823 0x57,0xcd,0x15,0x5b, 0xde,0x8f,0x1a,0x3c, 824 0xb5,0x1e,0xa7,0x2d, 0x4d,0xbe,0x85,0x08, 825 0x78,0xeb,0xe2,0x35, 0x3a,0xbe,0x55,0x6b, 826 0xc3,0xe1,0x0f,0x77, 0x43,0x41,0x11,0x5a, 827 0x61,0xc9,0x3b,0xbc, 0xad,0x88,0x9e,0xba, 828 0xc6,0xd2,0xdc,0x87, 0xd9,0x54,0xcc,0x86, 829 0x46,0xe6,0xa5,0x29, 0x2c,0x08,0x49,0x53, 830 0x2c,0xe3,0x0e,0x60, 0xc5,0x48,0xca,0x62, 831 0x3f,0xf6,0x93,0xc1, 0xba,0x8d,0x36,0x49, 832 0xe7,0x0f,0x9c,0x49, 0x7d,0xee,0x2a,0x22, 833 0xc3,0xe5,0x11,0x21, 0xfa,0xc7,0xeb,0x79, 834 0xcc,0x4d,0x75,0x4e, 0x66,0x33,0xf5,0x09, 835 0xa3,0xb9,0x60,0xa5, 0xd6,0xbd,0x38,0x75, 836 0x0c,0x2f,0x5f,0x1f, 0xea,0xa5,0x9d,0x45, 837 0x3c,0xe4,0x41,0xb8, 0xf6,0x4e,0x15,0x87, 838 0x0b,0x7f,0x42,0x4e, 0x51,0x3d,0xc4,0x9a, 839 0xb2,0xca,0x37,0x16, 0x0f,0xed,0x9e,0x0b, 840 0x93,0x86,0x12,0x93, 0x36,0x5e,0x39,0xc4, 841 0xf0,0xf4,0x48,0xdb, 0xeb,0x18,0x5e,0x50, 842 0x71,0x30,0x83,0xe5, 0x0f,0xb1,0x73,0xa7, 843 0xc6,0xf0,0xca,0x29, 0x0e,0xc4,0x07,0x5b, 844 0x8b,0x09,0x68,0x68, 0x10,0x32,0x92,0x62, 845 0x6a,0x6c,0x56,0x8b, 0x01,0x46,0x9a,0x20, 846 0x89,0xe0,0x93,0x85, 0x8c,0x53,0x87,0xf6, 847 0x02,0xd3,0x8d,0x72, 0x31,0x35,0xa1,0x34, 848 0x63,0x70,0x61,0x80, 0x06,0xf1,0x54,0xb3, 849 0x5d,0xdf,0xad,0x9c, 0x7e,0x3a,0xc2,0x8f, 850 0x76,0x8b,0x4c,0x74, 0x2c,0x8c,0x6f,0x0a, 851 0x60,0x13,0xa8,0xce, 0x4c,0x49,0x70,0x90, 852 0x59,0x57,0xf5,0x7b, 0x03,0x94,0x37,0x87, 853 0xfa,0xfe,0xeb,0xe7, 0x2d,0x01,0x45,0x69, 854 0xb4,0x10,0x80,0x6d, 0x13,0x26,0xe3,0x9b, 855 0x49,0x2a,0x0b,0xb1, 0x36,0xf9,0x62,0x63, 856 0x33,0x2a,0xee,0x51, 0x5e,0x35,0xa4,0x2e, 857 0x34,0xa1,0x77,0xac, 0x27,0x99,0x03,0xc6, 858 0xe2,0x83,0x11,0x72, 0x77,0x30,0x8b,0xb7, 859 0xde,0x1a,0xa1,0x4b, 0xa9,0x9c,0x07,0x02, 860 0xf2,0xdc,0x06,0x45, 0xf2,0xab,0x31,0x46, 861 0x50,0x25,0x34,0x54, 0xa8,0x06,0x88,0x6c, 862 0xfc,0x88,0xb5,0xae, 0x30,0xbd,0xe1,0xe7, 863 0xfe,0x51,0x46,0x05, 0x9a,0x29,0xd9,0x93, 864 0x99,0x60,0x69,0x4a, 0x5c,0xb2,0x29,0x6b, 865 0xa1,0xbb,0x9d,0xe4, 0x9b,0x7d,0x4a,0xe5, 866 0x37,0xcb,0x16,0x6f, 0x44,0x93,0xe4,0x71, 867 0x34,0x7b,0x54,0xec, 0x5b,0x2b,0xe0,0xf7, 868 0x32,0xed,0x77,0xa6, 0xb3,0x7c,0x8d,0x1a, 869 0xc0,0x57,0xbe,0x2b, 0x6d,0x7f,0xd7,0x35, 870 0xe6,0x93,0xed,0x90, 0x26,0xfe,0x41,0xf3, 871 0x58,0x55,0x03,0xb7, 0xb2,0x94,0xe2,0x0c, 872 0x34,0xc3,0x06,0xc6, 0x9e,0x4b,0x17,0xc7, 873 0xb9,0x58,0x23,0x58, 0xd3,0x73,0x18,0x5e, 874 0xcf,0x28,0xac,0x90, 0xa0,0xba,0x35,0x90, 875 0x96,0xb3,0xc7,0x6c, 0xe1,0x07,0xdf,0x5d, 876 0xaa,0x2c,0xa6,0x6b, 0x82,0x2d,0x71,0x66, 877 0xb7,0x76,0x37,0xdb, 0x39,0x7f,0x22,0x8f, 878 0x38,0x70,0xd4,0xeb, 0xf8,0xf0,0x73,0xed, 879 0xb6,0x67,0x75,0xaf, 0xd7,0x5d,0x01,0x01, 880 0xc4,0xd6,0x7c,0xbc, 0xc3,0xe6,0xad,0x9a, 881 0x9c,0x6a,0x43,0x9b, 0xfb,0x34,0x55,0x47, 882 0xcd,0xeb,0x4e,0x2c, 0x29,0x6f,0xb0,0xeb, 883 0xb5,0x08,0xdb,0x6b, 0x40,0x26,0x51,0x54, 884 0x5a,0x97,0x64,0x74, 0x95,0xe6,0xae,0x8a, 885 0x4c,0xe9,0x44,0x47, 0x85,0xd6,0xcf,0xe0, 886 0x11,0x65,0x45,0xb3, 0xe1,0xfc,0x6a,0x01, 887 0x38,0x40,0x8a,0x71, 0xc5,0xd6,0x64,0xa8, 888 0x36,0x95,0x44,0x9c, 0x10,0x41,0xa3,0x71, 889 0xb4,0x70,0x02,0xdf, 0xf9,0xad,0x2b,0xec, 890 0x75,0xf7,0x09,0x6c, 0x5d,0x2a,0xd0,0x0b, 891 0x2e,0xb3,0xf0,0xd3, 0xce,0xdb,0x26,0x80, 892 }, 893 .h = { 894 0x2d,0xb3,0x7e,0x73, 0xde,0x6a,0x9e,0xa9, 895 0x54,0x9a,0x0f,0xb3, 0x0b,0xcc,0xc9,0xde, 896 0x7a,0x4e,0x4a,0x71, 0x07,0x33,0xee,0x06, 897 0x5c,0x9a,0xa1,0x30, 0x5e,0x39,0x4e,0x10, 898 }, 899 }, 900 [2] = { /* 1024-byte message */ 901 .k = { 902 0x4c,0xe4,0x3c,0x6e, 0xa0,0xe3,0x0e,0x64, 903 0x35,0x44,0x3e,0x0b, 0x4d,0x29,0xbe,0x04, 904 0xa7,0xaa,0x88,0xe0, 0xe0,0x07,0x7d,0xa8, 905 0x2b,0x87,0x7d,0x08, 0xa6,0x59,0xd0,0xa5, 906 0x03,0xae,0x9b,0xee, 0xd4,0x11,0x39,0x7d, 907 0x9e,0x1d,0x89,0xe3, 0xc6,0x92,0x36,0x07, 908 0xa4,0x43,0xad,0x2f, 0xd5,0x71,0x84,0x2d, 909 0xc0,0x37,0xed,0x62, 0x4e,0x2b,0x8c,0xd5, 910 0x1d,0xf7,0x00,0xbb, 0x3d,0x5e,0xcc,0xc5, 911 0x6d,0xdd,0x17,0xf2, 0x89,0x25,0x30,0x16, 912 0x04,0xd7,0x1f,0x84, 0x7d,0x61,0xa0,0x7a, 913 0x49,0x88,0x44,0x46, 0xc6,0x05,0xd1,0xc9, 914 0xa0,0x2a,0x86,0xdd, 0xd3,0x80,0x40,0xa4, 915 0x28,0xb3,0xa4,0x3b, 0x71,0x0a,0x7f,0x2d, 916 0x3b,0xcd,0xe6,0xac, 0x59,0xda,0x43,0x56, 917 0x6e,0x9a,0x3f,0x1e, 0x82,0xcf,0xb3,0xa0, 918 0xa1,0x46,0xcf,0x2e, 0x32,0x05,0xcd,0x68, 919 0xbb,0x51,0x71,0x8a, 0x16,0x75,0xbe,0x49, 920 0x7e,0xb3,0x63,0x30, 0x95,0x34,0xe6,0x85, 921 0x7e,0x9a,0xdd,0xe6, 0x43,0xd6,0x59,0xf8, 922 0x6a,0xb8,0x8f,0x5f, 0x5d,0xd9,0x55,0x41, 923 0x12,0xf9,0x98,0xc6, 0x93,0x7c,0x3f,0x46, 924 0xab,0x7c,0x8b,0x28, 0xde,0x9a,0xb1,0xf0, 925 0x6c,0x43,0x2a,0xb3, 0x70,0xc5,0x9d,0xc0, 926 0x26,0xcf,0xad,0x9c, 0x87,0x9b,0x3f,0x7c, 927 0x24,0xac,0xe7,0xd4, 0xe8,0x14,0xe3,0x3e, 928 0xf6,0x8a,0x97,0x87, 0x63,0x2c,0x88,0xdc, 929 0xc5,0x23,0x68,0x6e, 0x94,0xe1,0x09,0xc4, 930 0x44,0xda,0x8f,0xa7, 0x9f,0xc4,0x52,0xa4, 931 0x18,0x1d,0x3c,0x08, 0xca,0x0a,0x3e,0xb4, 932 0xbf,0xbe,0xc6,0x47, 0xe2,0x89,0x2b,0x07, 933 0x71,0xd9,0xc8,0x6a, 0x06,0xd5,0xd0,0x47, 934 0x4e,0x07,0x4f,0x6b, 0xdb,0xdf,0x3d,0xf0, 935 0x7c,0x5f,0x49,0x70, 0x17,0x4f,0x9f,0x33, 936 0x7e,0x4b,0x72,0x3b, 0x8c,0x68,0x22,0xf9, 937 0xd2,0xad,0xe4,0xe4, 0xb2,0x61,0x9d,0xb8, 938 0xc2,0x5c,0xf0,0x3b, 0x08,0xb2,0x75,0x30, 939 0x3a,0xd0,0x7d,0xf9, 0xb2,0x00,0x40,0x56, 940 0x79,0xe2,0x0d,0x31, 0x72,0xe2,0xc2,0xd1, 941 0x2e,0x27,0xe7,0xc8, 0x96,0x1a,0xc6,0x7e, 942 0xb8,0xc1,0x93,0xfb, 0x1d,0xbc,0xed,0x97, 943 0x2f,0x2f,0xea,0xa1, 0x40,0x49,0xf6,0x1d, 944 0xab,0x54,0x46,0x2e, 0x73,0xf2,0x74,0xf1, 945 0x6d,0x5c,0xe6,0xa0, 0xd4,0x73,0x1c,0xbc, 946 0x07,0x81,0xf5,0x94, 0xe6,0x18,0xdc,0x42, 947 0x68,0xb9,0xeb,0xfb, 0xa3,0x76,0x8c,0x83, 948 0x98,0xe9,0x96,0xa6, 0xa6,0x5e,0x0e,0xd1, 949 0xfc,0xb7,0x8e,0x8b, 0x9e,0xa4,0x00,0x76, 950 0x0e,0x35,0x92,0x5e, 0x05,0xa1,0x92,0xc4, 951 0x0c,0xd1,0xec,0x8c, 0x04,0x8e,0x65,0x56, 952 0x43,0xae,0x16,0x18, 0x2e,0x3e,0xfe,0x47, 953 0x92,0xe1,0x76,0x1b, 0xb6,0xcc,0x0b,0x82, 954 0xe1,0x8c,0x7b,0x43, 0xe4,0x90,0xed,0x28, 955 0x0b,0xe6,0x05,0xea, 0x4a,0xc0,0xf1,0x12, 956 0x54,0x09,0x93,0xda, 0xfc,0xf4,0x86,0xff, 957 0x4c,0xaa,0x7d,0xbe, 0xd0,0x4a,0xa6,0x9d, 958 0x6b,0x27,0x8f,0xb1, 0xb5,0x3a,0x9b,0xce, 959 0xe2,0x5c,0x29,0x35, 0xd6,0xe7,0xf3,0xa4, 960 0x5e,0x70,0xf6,0xc6, 0xde,0x63,0x86,0xf7, 961 0xc9,0xab,0x42,0xb9, 0xe7,0x5d,0x1c,0x68, 962 0x73,0xa3,0xed,0xb0, 0xa0,0xb6,0x18,0x15, 963 0xe6,0x57,0x4c,0x21, 0xf7,0xf3,0xc6,0x32, 964 0x4d,0x07,0x4a,0x14, 0xde,0xb2,0xc7,0xca, 965 0xf0,0x78,0xc4,0x85, 0xe3,0xdc,0xfb,0x35, 966 0x7c,0x6b,0xc0,0xb8, 0xcd,0x7a,0x22,0xfc, 967 0xe4,0xe8,0xe2,0x98, 0x6c,0x8e,0xdf,0x37, 968 0x8e,0x0f,0x25,0x23, 0xdd,0xea,0x40,0x6f, 969 0xb3,0x07,0x7e,0x7a, 0x6b,0xa1,0xa1,0xcf, 970 0x24,0xd9,0xad,0x72, 0x7a,0x45,0x49,0xca, 971 0xfe,0xc7,0x2e,0x6d, 0xaa,0xc1,0x08,0x2c, 972 0xe6,0xde,0xde,0x73, 0x01,0x9c,0xdc,0x65, 973 0x3a,0xdf,0xc6,0x15, 0x37,0x62,0x0b,0x2c, 974 0x9a,0x36,0xed,0x37, 0xd9,0xfc,0xa9,0xb3, 975 0x32,0xc3,0xde,0x26, 0xe7,0xf0,0x3f,0x02, 976 0xed,0x35,0x74,0xea, 0xdd,0x32,0xe9,0x96, 977 0x75,0x66,0xb8,0xf0, 0x75,0x98,0x8f,0x3a, 978 0xd0,0xc2,0xa1,0x98, 0x5f,0xf9,0x32,0x31, 979 0x00,0x18,0x7d,0xc5, 0x9d,0x15,0x5b,0xdc, 980 0x13,0x37,0x69,0xfc, 0x95,0x7a,0x62,0x0e, 981 0x8a,0x86,0xed,0x18, 0x78,0x3c,0x49,0xf4, 982 0x18,0x73,0xcd,0x2e, 0x7b,0xa3,0x40,0xd7, 983 0x01,0xf6,0xc7,0x2a, 0xc5,0xce,0x13,0x09, 984 0xb1,0xe5,0x25,0x17, 0xdf,0x9d,0x7e,0x0b, 985 0x50,0x46,0x62,0x78, 0xb5,0x25,0xb2,0xd9, 986 0x65,0xfa,0x5b,0xf7, 0xfe,0xc6,0xe0,0x7b, 987 0x7b,0x4e,0x14,0x2e, 0x0d,0x3a,0xd0,0xe0, 988 0xa0,0xd2,0xeb,0x4d, 0x87,0x11,0x42,0x28, 989 0x02,0x7e,0xa8,0x56, 0x5b,0x53,0xbd,0x76, 990 0x47,0x8f,0x5f,0x8b, 0xc7,0xd9,0x72,0xf7, 991 0x11,0xbb,0x94,0xdb, 0x0d,0x07,0xb7,0x0a, 992 0xcc,0x41,0x00,0xcd, 0xd0,0x50,0x25,0x31, 993 0xc9,0x47,0x6b,0xdd, 0x3f,0x70,0x24,0x3e, 994 0xde,0x02,0x62,0x6c, 0xb4,0x44,0x92,0x8e, 995 0x98,0x9c,0x0e,0x30, 0x2f,0x80,0xb9,0x5e, 996 0x75,0x90,0xa6,0x02, 0xf0,0xed,0xb0,0x8b, 997 0x44,0xa3,0x59,0x2d, 0xc3,0x08,0xe5,0xd9, 998 0x89,0x6a,0x71,0x44, 0x04,0xc4,0xb2,0x61, 999 0x5b,0xf5,0x46,0x44, 0xdc,0x36,0x2e,0xfd, 1000 0x41,0xf5,0xa1,0x3a, 0xb3,0x93,0x74,0x7d, 1001 0x54,0x5e,0x64,0xdc, 0xbc,0xd7,0x07,0x48, 1002 0x3e,0x73,0x81,0x22, 0x9c,0x5a,0xf6,0xde, 1003 0x94,0x42,0xe1,0x6c, 0x92,0xe7,0x6d,0xa0, 1004 0x5e,0xc3,0xd6,0xe9, 0x84,0xd9,0xba,0x57, 1005 0xef,0x85,0x6a,0x9b, 0xe6,0x9a,0x2b,0xf8, 1006 0x8d,0xfe,0x9d,0xad, 0x70,0x26,0x05,0x14, 1007 0x45,0x07,0xcb,0x72, 0xd4,0x8b,0x14,0x44, 1008 0x74,0x40,0x9c,0x29, 0x8b,0xba,0x40,0x09, 1009 0x52,0xfc,0xc5,0x40, 0xb1,0x25,0x69,0xaa, 1010 0x8f,0x12,0xc4,0xc6, 0x2b,0x3f,0x73,0x9d, 1011 0xff,0x52,0xd4,0xac, 0x77,0x43,0xdc,0xd2, 1012 0x06,0x9a,0x1b,0xfc, 0x0c,0x8f,0x6b,0x59, 1013 0xa5,0xd4,0xde,0x06, 0x16,0x34,0xef,0x75, 1014 0x22,0x54,0x9c,0x53, 0x38,0x0b,0x57,0xc7, 1015 0xaa,0x78,0x2d,0x3a, 0x9b,0xdd,0xed,0xb5, 1016 0x0b,0xb0,0x08,0x5f, 0x57,0xdb,0xfc,0xbe, 1017 0x44,0xfd,0x71,0x5f, 0x71,0x14,0xd5,0x14, 1018 0x70,0xb6,0xee,0xd0, 0xf3,0x37,0x6f,0x57, 1019 0x55,0x3c,0x7c,0x23, 0x6f,0xbe,0x83,0x5c, 1020 0xb5,0x64,0xfd,0x6d, 0x7c,0xe4,0x05,0x2b, 1021 0xdb,0xc4,0xf5,0xa0, 0xd3,0xa6,0x15,0x48, 1022 0xc2,0x50,0xf8,0xf7, 0xc2,0xab,0xb5,0x6a, 1023 0x0d,0x1a,0xb5,0x30, 0x33,0xf8,0x12,0x2d, 1024 0xfb,0xa6,0x2e,0xe5, 0xbe,0x40,0xba,0x48, 1025 0xef,0x05,0xc8,0x37, 0x3a,0x36,0xad,0x99, 1026 0x77,0x87,0x84,0xac, 0xd8,0xcb,0x7a,0x88, 1027 0x3e,0x2d,0x8b,0xbe, 0x9a,0x35,0x88,0x26, 1028 0xe9,0x20,0xd4,0x66, 0x80,0x8b,0xf8,0x54, 1029 0xba,0xcd,0xa8,0x47, 0x35,0x1b,0xc4,0x09, 1030 0x6d,0xff,0x0e,0x60, 0x7c,0xf3,0x68,0xbf, 1031 0xe3,0xe9,0x73,0x07, 0x84,0xf0,0x08,0x45, 1032 0x97,0x65,0x94,0xd1, 0x35,0x4e,0x67,0x0c, 1033 0xe3,0xb7,0x61,0x7b, 0x09,0x22,0xed,0x18, 1034 0xee,0x0b,0x54,0xc0, 0xab,0x8b,0xaa,0x71, 1035 0x4c,0x40,0xbf,0xf7, 0xe0,0x7e,0x08,0xaa, 1036 }, 1037 .mlen = 1024, 1038 .m = { 1039 0x1d,0xea,0xe5,0x2b, 0x4c,0x22,0x4d,0xf3, 1040 0x15,0x53,0xcb,0x41, 0xf5,0xcf,0x0b,0x7b, 1041 0xc9,0x80,0xc0,0x95, 0xd2,0x7b,0x08,0x4b, 1042 0x3d,0xcd,0xd8,0x3b, 0x2f,0x18,0xd4,0x70, 1043 0x38,0xb2,0xa7,0x2f, 0x7f,0xba,0xd8,0xed, 1044 0xbc,0x8f,0xac,0xe4, 0xe2,0x11,0x2d,0x6d, 1045 0xe6,0xa4,0x36,0x90, 0xc2,0x7f,0xdf,0xe3, 1046 0xdc,0x50,0xdb,0x6c, 0x56,0xcf,0x7d,0xd6, 1047 0xd0,0xcb,0xd6,0x9b, 0x01,0xbb,0xef,0x1c, 1048 0x0a,0x6c,0x92,0x23, 0xeb,0x77,0xf9,0xd1, 1049 0x25,0xdc,0x94,0x30, 0x30,0xa4,0x96,0x3e, 1050 0xdf,0x52,0x4c,0xe7, 0xdf,0x27,0x9f,0x73, 1051 0x78,0x0c,0x8c,0x7f, 0x9d,0xae,0x79,0x5d, 1052 0x91,0x5e,0x4b,0x02, 0xa9,0x31,0x9c,0xff, 1053 0x46,0x73,0xec,0x0d, 0x5a,0xb8,0xeb,0x48, 1054 0x19,0x9c,0x44,0xe0, 0xc8,0x81,0x96,0x4c, 1055 0x47,0x0c,0xe7,0x1d, 0x2a,0x9c,0xd5,0xe0, 1056 0xe7,0xd6,0xa0,0x88, 0xf0,0xf6,0xda,0xa7, 1057 0x6a,0xdd,0xfd,0x4f, 0x00,0x6e,0x25,0x7d, 1058 0xb9,0x81,0x19,0x2f, 0x4e,0xcc,0x8d,0x6e, 1059 0xa6,0x92,0xcf,0xd8, 0x6e,0x78,0x0a,0xf6, 1060 0x8a,0x43,0xeb,0x60, 0x0c,0x8b,0x93,0x50, 1061 0x88,0xd1,0x67,0x05, 0x0c,0xdc,0x43,0x85, 1062 0x50,0x91,0x63,0xa4, 0x32,0x14,0x66,0x84, 1063 0xdb,0x04,0x9f,0x77, 0x95,0x60,0x19,0xc6, 1064 0x98,0x60,0x62,0xe4, 0xc6,0xee,0x70,0x76, 1065 0xb0,0x59,0x80,0x59, 0x46,0xae,0x99,0x26, 1066 0x62,0x4a,0xf0,0x45, 0x8f,0xf0,0x70,0x5b, 1067 0x52,0xfc,0xee,0x4d, 0x30,0x47,0xc8,0xae, 1068 0xe2,0xbc,0x2c,0x73, 0x78,0x67,0xf1,0x00, 1069 0xb4,0xda,0x01,0xad, 0x3b,0xc4,0x5c,0x6c, 1070 0x65,0xca,0x84,0x22, 0x95,0x32,0x95,0x20, 1071 0x4d,0xdc,0x96,0x2e, 0x61,0xe4,0xc8,0xec, 1072 0x2d,0xbf,0xc1,0x5d, 0x70,0xf9,0x75,0xf2, 1073 0xad,0x0a,0xc9,0xd7, 0x0a,0x81,0x3c,0xa1, 1074 0x13,0xec,0x63,0xd4, 0xd0,0x67,0xf4,0xcc, 1075 0x6e,0xb8,0x52,0x08, 0x46,0xc9,0x2a,0x92, 1076 0x59,0xd9,0x14,0x17, 0xde,0x2f,0xc7,0x36, 1077 0xd5,0xd5,0xfc,0x8a, 0x63,0xd5,0x5f,0xe3, 1078 0xdd,0x55,0x00,0x8e, 0x5e,0xc9,0xed,0x04, 1079 0x1d,0xeb,0xae,0xc5, 0xd0,0xf9,0x73,0x28, 1080 0xf3,0x81,0xd5,0xb4, 0x60,0xb2,0x42,0x81, 1081 0x68,0xf3,0xb9,0x73, 0x07,0x2e,0x34,0x8e, 1082 0x47,0x12,0xae,0x7c, 0xa8,0xc2,0xce,0xad, 1083 0x0f,0x6e,0x44,0xa5, 0x35,0x5e,0x61,0x6b, 1084 0xfc,0x67,0x9c,0x82, 0xa1,0xd2,0xff,0xfe, 1085 0x60,0x7c,0x40,0x02, 0x24,0x9e,0x8b,0x90, 1086 0xa0,0x89,0xd9,0x83, 0x04,0xd8,0xef,0x9c, 1087 0x96,0x28,0x77,0x3e, 0xe3,0xb0,0xf8,0x3d, 1088 0xfb,0x91,0x8f,0x6f, 0x83,0x58,0x1e,0x4b, 1089 0x64,0xc7,0xf6,0xe0, 0x85,0x03,0xe3,0xf9, 1090 0x6b,0xc9,0x9e,0x9d, 0x57,0x25,0xe4,0x69, 1091 0x08,0x59,0x28,0x4a, 0x52,0x9c,0x49,0x19, 1092 0x24,0x49,0xba,0xb1, 0x82,0xd4,0xcf,0xd0, 1093 0x1e,0x1d,0xc2,0x02, 0x42,0x4e,0xdf,0xf7, 1094 0x2b,0x3d,0x99,0xf6, 0x99,0xa4,0x3a,0xe1, 1095 0x9d,0x68,0xc8,0x08, 0xec,0xec,0x1c,0xa8, 1096 0x41,0x4a,0x27,0x84, 0xe9,0x0d,0x95,0x54, 1097 0x1a,0xca,0x5f,0x5d, 0x5a,0x96,0xb9,0x5b, 1098 0x6e,0xbc,0x39,0x7f, 0x7a,0x20,0xc5,0xb2, 1099 0x60,0x0c,0xa3,0x78, 0xc3,0x2b,0x87,0xcc, 1100 0xea,0xb0,0x4d,0x27, 0xfb,0x6c,0x58,0x51, 1101 0xce,0x90,0xca,0xd6, 0x86,0x91,0x4d,0x2c, 1102 0x8c,0x82,0xf0,0xc9, 0x9a,0x0a,0x73,0xb3, 1103 0xcb,0xa9,0xd4,0x26, 0x4d,0x74,0xbe,0x0e, 1104 0x4a,0x6e,0x10,0xeb, 0x4e,0xba,0x4e,0xba, 1105 0x0d,0x26,0x69,0x87, 0x5e,0x08,0x2b,0x43, 1106 0xbe,0x97,0x4e,0x2a, 0x63,0xbc,0x52,0xb7, 1107 0xda,0x23,0x23,0x11, 0xfa,0xcf,0x89,0xac, 1108 0x90,0x5f,0x60,0x7a, 0x50,0xb7,0xbe,0x79, 1109 0x0b,0x2c,0xf0,0x27, 0xf0,0xfb,0xaf,0x64, 1110 0xc8,0x57,0x7c,0xeb, 0x1c,0xf7,0x36,0xec, 1111 0x09,0x97,0x66,0x31, 0x54,0xe4,0x00,0xcf, 1112 0x68,0x24,0x77,0x1a, 0xbc,0x27,0x3a,0xad, 1113 0x8a,0x01,0x7e,0x45, 0xe7,0xe4,0xa4,0xeb, 1114 0x38,0x62,0x9d,0x90, 0xea,0x00,0x9c,0x03, 1115 0x5e,0xb2,0x7d,0xd8, 0x2f,0xe9,0xc9,0x3c, 1116 0x1a,0x5c,0x21,0x1a, 0x59,0x45,0x62,0x47, 1117 0x93,0x1b,0xdc,0xd8, 0x3e,0x07,0x8b,0x75, 1118 0xd0,0x6d,0xcc,0x8d, 0xec,0x79,0xa8,0x9a, 1119 0x51,0xa5,0x50,0x18, 0xae,0x44,0x93,0x75, 1120 0xc1,0xc8,0x1e,0x10, 0x59,0x1e,0x0b,0xb3, 1121 0x06,0x30,0xa8,0x66, 0x8d,0x8e,0xd6,0x4d, 1122 0x0d,0x8a,0xb4,0x28, 0xdc,0xfb,0x5d,0x59, 1123 0xe0,0x92,0x77,0x38, 0xfa,0xad,0x46,0x46, 1124 0x25,0x15,0x4c,0xca, 0x09,0x2b,0x31,0xe9, 1125 0x36,0xe8,0xc2,0x67, 0x34,0x4d,0x5e,0xa0, 1126 0x8f,0x9a,0xe8,0x7f, 0xf2,0x2a,0x92,0x78, 1127 0xde,0x09,0x75,0xe7, 0xe5,0x50,0x0a,0x2e, 1128 0x88,0x63,0xc0,0x8f, 0xa8,0x73,0x0f,0xe5, 1129 0x1e,0x9d,0xdb,0xce, 0x53,0xe0,0x42,0x94, 1130 0x7b,0x5c,0xa1,0x5e, 0x1e,0x8f,0x0a,0x6e, 1131 0x8b,0x1a,0xad,0x93, 0x70,0x86,0xf1,0x69, 1132 0x70,0x93,0x24,0xe3, 0x83,0x2f,0xa8,0x04, 1133 0xba,0x27,0x0a,0x2e, 0x03,0xeb,0x69,0xd9, 1134 0x56,0x0e,0xc4,0x10, 0x55,0x31,0x2c,0x3f, 1135 0xd1,0xb2,0x94,0x0f, 0x28,0x15,0x3c,0x02, 1136 0x15,0x5e,0xec,0x26, 0x9c,0xc3,0xfc,0xa7, 1137 0x5c,0xb0,0xfa,0xc0, 0x02,0xf9,0x01,0x3f, 1138 0x01,0x73,0x24,0x22, 0x50,0x28,0x2a,0xca, 1139 0xb1,0xf2,0x03,0x00, 0x2f,0xc6,0x6f,0x28, 1140 0x4f,0x4b,0x4f,0x1a, 0x9a,0xb8,0x16,0x93, 1141 0x31,0x60,0x7c,0x3d, 0x35,0xc8,0xd6,0x90, 1142 0xde,0x8c,0x89,0x39, 0xbd,0x21,0x11,0x05, 1143 0xe8,0xc4,0x04,0x3b, 0x65,0xa5,0x15,0xcf, 1144 0xcf,0x15,0x14,0xf6, 0xe7,0x2e,0x3c,0x47, 1145 0x59,0x0b,0xaa,0xc0, 0xd4,0xab,0x04,0x14, 1146 0x9c,0xd7,0xe2,0x43, 0xc7,0x87,0x09,0x03, 1147 0x27,0xd2,0x0a,0xff, 0x8d,0xd5,0x80,0x34, 1148 0x93,0xa2,0x2c,0xb1, 0x4e,0x16,0x2d,0x82, 1149 0x51,0x5c,0x3c,0xe5, 0x75,0x51,0x7b,0xb4, 1150 0xd8,0x1e,0x59,0x98, 0x0f,0x75,0xed,0x02, 1151 0x1c,0x13,0xf6,0x02, 0xda,0xf9,0x47,0xf7, 1152 0x45,0x25,0x0f,0x58, 0x22,0x5d,0xef,0xf0, 1153 0x1b,0xdb,0xae,0xaf, 0xbe,0xc6,0xe1,0xcd, 1154 0x70,0x46,0x6e,0x03, 0x9a,0x20,0x77,0x00, 1155 0x3c,0x32,0xb5,0x8f, 0x04,0xb6,0x6f,0xa2, 1156 0x31,0xc9,0x7c,0xf9, 0x84,0x67,0x87,0xfb, 1157 0x7b,0x13,0xb0,0x4d, 0x35,0xfd,0x37,0x5b, 1158 0xf4,0x25,0xf0,0x02, 0x74,0xa0,0x69,0xd4, 1159 0x53,0x61,0x4b,0x54, 0x68,0x94,0x0e,0x08, 1160 0x25,0x82,0x90,0xfc, 0x25,0xb6,0x63,0xe2, 1161 0x07,0x9f,0x42,0xf1, 0xbb,0x33,0xea,0xab, 1162 0x92,0x54,0x2b,0x9f, 0x88,0xc0,0x31,0x2b, 1163 0xfd,0x36,0x50,0x80, 0xfc,0x1a,0xff,0xab, 1164 0xe8,0xc4,0x7f,0xb6, 0x98,0xb9,0x2e,0x17, 1165 0xca,0x28,0x3d,0xdf, 0x0f,0x07,0x43,0x20, 1166 0xf0,0x07,0xea,0xe5, 0xcd,0x4e,0x81,0x34, 1167 }, 1168 .h = { 1169 0x9d,0x22,0x88,0xfd, 0x41,0x43,0x88,0x45, 1170 0x34,0xfe,0x85,0xc4, 0xb9,0xff,0xe1,0x55, 1171 0x40,0x1d,0x25,0x37, 0xd1,0xf8,0xfc,0x2b, 1172 0x3a,0xf5,0x3b,0x69, 0xbf,0xa6,0x9d,0xed, 1173 }, 1174 }, 1175 }; 1176 static uint32_t k[268]; 1177 uint8_t h[32]; 1178 unsigned i, j; 1179 int result = 0; 1180 1181 for (i = 0; i < __arraycount(C); i++) { 1182 for (j = 0; j < 268; j++) 1183 k[j] = le32dec(C[i].k + 4*j); 1184 nh(h, C[i].m, C[i].mlen, k); 1185 if (memcmp(h, C[i].h, 32)) { 1186 char prefix[10]; 1187 snprintf(prefix, sizeof prefix, "nh %u", i); 1188 hexdump(printf, prefix, h, 32); 1189 result = -1; 1190 } 1191 } 1192 1193 return result; 1194 } 1195 1196 /* https://github.com/google/adiantum/blob/a5ad5134ab11b10a3ee982c52385953fac88fedc/test_vectors/ours/NHPoly1305/NHPoly1305.json */ 1197 static int 1198 nhpoly1305_selftest(void) 1199 { 1200 static const struct { 1201 uint8_t k[1088]; 1202 unsigned mlen; 1203 uint8_t m[1024]; 1204 uint8_t h[16]; 1205 } C[] = { 1206 [0] = { /* 0-byte message */ 1207 .k = { 1208 /* Poly1305 key */ 1209 0xd2,0x5d,0x4c,0xdd, 0x8d,0x2b,0x7f,0x7a, 1210 0xd9,0xbe,0x71,0xec, 0xd1,0x83,0x52,0xe3, 1211 1212 /* NH key */ 1213 0xe1,0xad,0xd7,0x5c, 0x0a,0x75,0x9d,0xec, 1214 0x1d,0x13,0x7e,0x5d, 0x71,0x07,0xc9,0xe4, 1215 0x57,0x2d,0x44,0x68, 0xcf,0xd8,0xd6,0xc5, 1216 0x39,0x69,0x7d,0x32, 0x75,0x51,0x4f,0x7e, 1217 0xb2,0x4c,0xc6,0x90, 0x51,0x6e,0xd9,0xd6, 1218 0xa5,0x8b,0x2d,0xf1, 0x94,0xf9,0xf7,0x5e, 1219 0x2c,0x84,0x7b,0x41, 0x0f,0x88,0x50,0x89, 1220 0x30,0xd9,0xa1,0x38, 0x46,0x6c,0xc0,0x4f, 1221 0xe8,0xdf,0xdc,0x66, 0xab,0x24,0x43,0x41, 1222 0x91,0x55,0x29,0x65, 0x86,0x28,0x5e,0x45, 1223 0xd5,0x2d,0xb7,0x80, 0x08,0x9a,0xc3,0xd4, 1224 0x9a,0x77,0x0a,0xd4, 0xef,0x3e,0xe6,0x3f, 1225 0x6f,0x2f,0x9b,0x3a, 0x7d,0x12,0x1e,0x80, 1226 0x6c,0x44,0xa2,0x25, 0xe1,0xf6,0x60,0xe9, 1227 0x0d,0xaf,0xc5,0x3c, 0xa5,0x79,0xae,0x64, 1228 0xbc,0xa0,0x39,0xa3, 0x4d,0x10,0xe5,0x4d, 1229 0xd5,0xe7,0x89,0x7a, 0x13,0xee,0x06,0x78, 1230 0xdc,0xa4,0xdc,0x14, 0x27,0xe6,0x49,0x38, 1231 0xd0,0xe0,0x45,0x25, 0x36,0xc5,0xf4,0x79, 1232 0x2e,0x9a,0x98,0x04, 0xe4,0x2b,0x46,0x52, 1233 0x7c,0x33,0xca,0xe2, 0x56,0x51,0x50,0xe2, 1234 0xa5,0x9a,0xae,0x18, 0x6a,0x13,0xf8,0xd2, 1235 0x21,0x31,0x66,0x02, 0xe2,0xda,0x8d,0x7e, 1236 0x41,0x19,0xb2,0x61, 0xee,0x48,0x8f,0xf1, 1237 0x65,0x24,0x2e,0x1e, 0x68,0xce,0x05,0xd9, 1238 0x2a,0xcf,0xa5,0x3a, 0x57,0xdd,0x35,0x91, 1239 0x93,0x01,0xca,0x95, 0xfc,0x2b,0x36,0x04, 1240 0xe6,0x96,0x97,0x28, 0xf6,0x31,0xfe,0xa3, 1241 0x9d,0xf6,0x6a,0x1e, 0x80,0x8d,0xdc,0xec, 1242 0xaf,0x66,0x11,0x13, 0x02,0x88,0xd5,0x27, 1243 0x33,0xb4,0x1a,0xcd, 0xa3,0xf6,0xde,0x31, 1244 0x8e,0xc0,0x0e,0x6c, 0xd8,0x5a,0x97,0x5e, 1245 0xdd,0xfd,0x60,0x69, 0x38,0x46,0x3f,0x90, 1246 0x5e,0x97,0xd3,0x32, 0x76,0xc7,0x82,0x49, 1247 0xfe,0xba,0x06,0x5f, 0x2f,0xa2,0xfd,0xff, 1248 0x80,0x05,0x40,0xe4, 0x33,0x03,0xfb,0x10, 1249 0xc0,0xde,0x65,0x8c, 0xc9,0x8d,0x3a,0x9d, 1250 0xb5,0x7b,0x36,0x4b, 0xb5,0x0c,0xcf,0x00, 1251 0x9c,0x87,0xe4,0x49, 0xad,0x90,0xda,0x4a, 1252 0xdd,0xbd,0xff,0xe2, 0x32,0x57,0xd6,0x78, 1253 0x36,0x39,0x6c,0xd3, 0x5b,0x9b,0x88,0x59, 1254 0x2d,0xf0,0x46,0xe4, 0x13,0x0e,0x2b,0x35, 1255 0x0d,0x0f,0x73,0x8a, 0x4f,0x26,0x84,0x75, 1256 0x88,0x3c,0xc5,0x58, 0x66,0x18,0x1a,0xb4, 1257 0x64,0x51,0x34,0x27, 0x1b,0xa4,0x11,0xc9, 1258 0x6d,0x91,0x8a,0xfa, 0x32,0x60,0x9d,0xd7, 1259 0x87,0xe5,0xaa,0x43, 0x72,0xf8,0xda,0xd1, 1260 0x48,0x44,0x13,0x61, 0xdc,0x8c,0x76,0x17, 1261 0x0c,0x85,0x4e,0xf3, 0xdd,0xa2,0x42,0xd2, 1262 0x74,0xc1,0x30,0x1b, 0xeb,0x35,0x31,0x29, 1263 0x5b,0xd7,0x4c,0x94, 0x46,0x35,0xa1,0x23, 1264 0x50,0xf2,0xa2,0x8e, 0x7e,0x4f,0x23,0x4f, 1265 0x51,0xff,0xe2,0xc9, 0xa3,0x7d,0x56,0x8b, 1266 0x41,0xf2,0xd0,0xc5, 0x57,0x7e,0x59,0xac, 1267 0xbb,0x65,0xf3,0xfe, 0xf7,0x17,0xef,0x63, 1268 0x7c,0x6f,0x23,0xdd, 0x22,0x8e,0xed,0x84, 1269 0x0e,0x3b,0x09,0xb3, 0xf3,0xf4,0x8f,0xcd, 1270 0x37,0xa8,0xe1,0xa7, 0x30,0xdb,0xb1,0xa2, 1271 0x9c,0xa2,0xdf,0x34, 0x17,0x3e,0x68,0x44, 1272 0xd0,0xde,0x03,0x50, 0xd1,0x48,0x6b,0x20, 1273 0xe2,0x63,0x45,0xa5, 0xea,0x87,0xc2,0x42, 1274 0x95,0x03,0x49,0x05, 0xed,0xe0,0x90,0x29, 1275 0x1a,0xb8,0xcf,0x9b, 0x43,0xcf,0x29,0x7a, 1276 0x63,0x17,0x41,0x9f, 0xe0,0xc9,0x10,0xfd, 1277 0x2c,0x56,0x8c,0x08, 0x55,0xb4,0xa9,0x27, 1278 0x0f,0x23,0xb1,0x05, 0x6a,0x12,0x46,0xc7, 1279 0xe1,0xfe,0x28,0x93, 0x93,0xd7,0x2f,0xdc, 1280 0x98,0x30,0xdb,0x75, 0x8a,0xbe,0x97,0x7a, 1281 0x02,0xfb,0x8c,0xba, 0xbe,0x25,0x09,0xbe, 1282 0xce,0xcb,0xa2,0xef, 0x79,0x4d,0x0e,0x9d, 1283 0x1b,0x9d,0xb6,0x39, 0x34,0x38,0xfa,0x07, 1284 0xec,0xe8,0xfc,0x32, 0x85,0x1d,0xf7,0x85, 1285 0x63,0xc3,0x3c,0xc0, 0x02,0x75,0xd7,0x3f, 1286 0xb2,0x68,0x60,0x66, 0x65,0x81,0xc6,0xb1, 1287 0x42,0x65,0x4b,0x4b, 0x28,0xd7,0xc7,0xaa, 1288 0x9b,0xd2,0xdc,0x1b, 0x01,0xe0,0x26,0x39, 1289 0x01,0xc1,0x52,0x14, 0xd1,0x3f,0xb7,0xe6, 1290 0x61,0x41,0xc7,0x93, 0xd2,0xa2,0x67,0xc6, 1291 0xf7,0x11,0xb5,0xf5, 0xea,0xdd,0x19,0xfb, 1292 0x4d,0x21,0x12,0xd6, 0x7d,0xf1,0x10,0xb0, 1293 0x89,0x07,0xc7,0x5a, 0x52,0x73,0x70,0x2f, 1294 0x32,0xef,0x65,0x2b, 0x12,0xb2,0xf0,0xf5, 1295 0x20,0xe0,0x90,0x59, 0x7e,0x64,0xf1,0x4c, 1296 0x41,0xb3,0xa5,0x91, 0x08,0xe6,0x5e,0x5f, 1297 0x05,0x56,0x76,0xb4, 0xb0,0xcd,0x70,0x53, 1298 0x10,0x48,0x9c,0xff, 0xc2,0x69,0x55,0x24, 1299 0x87,0xef,0x84,0xea, 0xfb,0xa7,0xbf,0xa0, 1300 0x91,0x04,0xad,0x4f, 0x8b,0x57,0x54,0x4b, 1301 0xb6,0xe9,0xd1,0xac, 0x37,0x2f,0x1d,0x2e, 1302 0xab,0xa5,0xa4,0xe8, 0xff,0xfb,0xd9,0x39, 1303 0x2f,0xb7,0xac,0xd1, 0xfe,0x0b,0x9a,0x80, 1304 0x0f,0xb6,0xf4,0x36, 0x39,0x90,0x51,0xe3, 1305 0x0a,0x2f,0xb6,0x45, 0x76,0x89,0xcd,0x61, 1306 0xfe,0x48,0x5f,0x75, 0x1d,0x13,0x00,0x62, 1307 0x80,0x24,0x47,0xe7, 0xbc,0x37,0xd7,0xe3, 1308 0x15,0xe8,0x68,0x22, 0xaf,0x80,0x6f,0x4b, 1309 0xa8,0x9f,0x01,0x10, 0x48,0x14,0xc3,0x02, 1310 0x52,0xd2,0xc7,0x75, 0x9b,0x52,0x6d,0x30, 1311 0xac,0x13,0x85,0xc8, 0xf7,0xa3,0x58,0x4b, 1312 0x49,0xf7,0x1c,0x45, 0x55,0x8c,0x39,0x9a, 1313 0x99,0x6d,0x97,0x27, 0x27,0xe6,0xab,0xdd, 1314 0x2c,0x42,0x1b,0x35, 0xdd,0x9d,0x73,0xbb, 1315 0x6c,0xf3,0x64,0xf1, 0xfb,0xb9,0xf7,0xe6, 1316 0x4a,0x3c,0xc0,0x92, 0xc0,0x2e,0xb7,0x1a, 1317 0xbe,0xab,0xb3,0x5a, 0xe5,0xea,0xb1,0x48, 1318 0x58,0x13,0x53,0x90, 0xfd,0xc3,0x8e,0x54, 1319 0xf9,0x18,0x16,0x73, 0xe8,0xcb,0x6d,0x39, 1320 0x0e,0xd7,0xe0,0xfe, 0xb6,0x9f,0x43,0x97, 1321 0xe8,0xd0,0x85,0x56, 0x83,0x3e,0x98,0x68, 1322 0x7f,0xbd,0x95,0xa8, 0x9a,0x61,0x21,0x8f, 1323 0x06,0x98,0x34,0xa6, 0xc8,0xd6,0x1d,0xf3, 1324 0x3d,0x43,0xa4,0x9a, 0x8c,0xe5,0xd3,0x5a, 1325 0x32,0xa2,0x04,0x22, 0xa4,0x19,0x1a,0x46, 1326 0x42,0x7e,0x4d,0xe5, 0xe0,0xe6,0x0e,0xca, 1327 0xd5,0x58,0x9d,0x2c, 0xaf,0xda,0x33,0x5c, 1328 0xb0,0x79,0x9e,0xc9, 0xfc,0xca,0xf0,0x2f, 1329 0xa8,0xb2,0x77,0xeb, 0x7a,0xa2,0xdd,0x37, 1330 0x35,0x83,0x07,0xd6, 0x02,0x1a,0xb6,0x6c, 1331 0x24,0xe2,0x59,0x08, 0x0e,0xfd,0x3e,0x46, 1332 0xec,0x40,0x93,0xf4, 0x00,0x26,0x4f,0x2a, 1333 0xff,0x47,0x2f,0xeb, 0x02,0x92,0x26,0x5b, 1334 0x53,0x17,0xc2,0x8d, 0x2a,0xc7,0xa3,0x1b, 1335 0xcd,0xbc,0xa7,0xe8, 0xd1,0x76,0xe3,0x80, 1336 0x21,0xca,0x5d,0x3b, 0xe4,0x9c,0x8f,0xa9, 1337 0x5b,0x7f,0x29,0x7f, 0x7c,0xd8,0xed,0x6d, 1338 0x8c,0xb2,0x86,0x85, 0xe7,0x77,0xf2,0x85, 1339 0xab,0x38,0xa9,0x9d, 0xc1,0x4e,0xc5,0x64, 1340 0x33,0x73,0x8b,0x59, 0x03,0xad,0x05,0xdf, 1341 0x25,0x98,0x31,0xde, 0xef,0x13,0xf1,0x9b, 1342 0x3c,0x91,0x9d,0x7b, 0xb1,0xfa,0xe6,0xbf, 1343 0x5b,0xed,0xa5,0x55, 0xe6,0xea,0x6c,0x74, 1344 0xf4,0xb9,0xe4,0x45, 0x64,0x72,0x81,0xc2, 1345 0x4c,0x28,0xd4,0xcd, 0xac,0xe2,0xde,0xf9, 1346 0xeb,0x5c,0xeb,0x61, 0x60,0x5a,0xe5,0x28, 1347 }, 1348 .mlen = 0, 1349 .h = {0}, 1350 }, 1351 [1] = { /* 16-byte message */ 1352 .k = { 1353 /* Poly1305 key */ 1354 0x29,0x21,0x43,0xcb, 0xcb,0x13,0x07,0xde, 1355 0xbf,0x48,0xdf,0x8a, 0x7f,0xa2,0x84,0xde, 1356 1357 /* NH key */ 1358 0x72,0x23,0x9d,0xf5, 0xf0,0x07,0xf2,0x4c, 1359 0x20,0x3a,0x93,0xb9, 0xcd,0x5d,0xfe,0xcb, 1360 0x99,0x2c,0x2b,0x58, 0xc6,0x50,0x5f,0x94, 1361 0x56,0xc3,0x7c,0x0d, 0x02,0x3f,0xb8,0x5e, 1362 0x7b,0xc0,0x6c,0x51, 0x34,0x76,0xc0,0x0e, 1363 0xc6,0x22,0xc8,0x9e, 0x92,0xa0,0x21,0xc9, 1364 0x85,0x5c,0x7c,0xf8, 0xe2,0x64,0x47,0xc9, 1365 0xe4,0xa2,0x57,0x93, 0xf8,0xa2,0x69,0xcd, 1366 0x62,0x98,0x99,0xf4, 0xd7,0x7b,0x14,0xb1, 1367 0xd8,0x05,0xff,0x04, 0x15,0xc9,0xe1,0x6e, 1368 0x9b,0xe6,0x50,0x6b, 0x0b,0x3f,0x22,0x1f, 1369 0x08,0xde,0x0c,0x5b, 0x08,0x7e,0xc6,0x2f, 1370 0x6c,0xed,0xd6,0xb2, 0x15,0xa4,0xb3,0xf9, 1371 0xa7,0x46,0x38,0x2a, 0xea,0x69,0xa5,0xde, 1372 0x02,0xc3,0x96,0x89, 0x4d,0x55,0x3b,0xed, 1373 0x3d,0x3a,0x85,0x77, 0xbf,0x97,0x45,0x5c, 1374 0x9e,0x02,0x69,0xe2, 0x1b,0x68,0xbe,0x96, 1375 0xfb,0x64,0x6f,0x0f, 0xf6,0x06,0x40,0x67, 1376 0xfa,0x04,0xe3,0x55, 0xfa,0xbe,0xa4,0x60, 1377 0xef,0x21,0x66,0x97, 0xe6,0x9d,0x5c,0x1f, 1378 0x62,0x37,0xaa,0x31, 0xde,0xe4,0x9c,0x28, 1379 0x95,0xe0,0x22,0x86, 0xf4,0x4d,0xf3,0x07, 1380 0xfd,0x5f,0x3a,0x54, 0x2c,0x51,0x80,0x71, 1381 0xba,0x78,0x69,0x5b, 0x65,0xab,0x1f,0x81, 1382 0xed,0x3b,0xff,0x34, 0xa3,0xfb,0xbc,0x73, 1383 0x66,0x7d,0x13,0x7f, 0xdf,0x6e,0xe2,0xe2, 1384 0xeb,0x4f,0x6c,0xda, 0x7d,0x33,0x57,0xd0, 1385 0xd3,0x7c,0x95,0x4f, 0x33,0x58,0x21,0xc7, 1386 0xc0,0xe5,0x6f,0x42, 0x26,0xc6,0x1f,0x5e, 1387 0x85,0x1b,0x98,0x9a, 0xa2,0x1e,0x55,0x77, 1388 0x23,0xdf,0x81,0x5e, 0x79,0x55,0x05,0xfc, 1389 0xfb,0xda,0xee,0xba, 0x5a,0xba,0xf7,0x77, 1390 0x7f,0x0e,0xd3,0xe1, 0x37,0xfe,0x8d,0x2b, 1391 0xd5,0x3f,0xfb,0xd0, 0xc0,0x3c,0x0b,0x3f, 1392 0xcf,0x3c,0x14,0xcf, 0xfb,0x46,0x72,0x4c, 1393 0x1f,0x39,0xe2,0xda, 0x03,0x71,0x6d,0x23, 1394 0xef,0x93,0xcd,0x39, 0xd9,0x37,0x80,0x4d, 1395 0x65,0x61,0xd1,0x2c, 0x03,0xa9,0x47,0x72, 1396 0x4d,0x1e,0x0e,0x16, 0x33,0x0f,0x21,0x17, 1397 0xec,0x92,0xea,0x6f, 0x37,0x22,0xa4,0xd8, 1398 0x03,0x33,0x9e,0xd8, 0x03,0x69,0x9a,0xe8, 1399 0xb2,0x57,0xaf,0x78, 0x99,0x05,0x12,0xab, 1400 0x48,0x90,0x80,0xf0, 0x12,0x9b,0x20,0x64, 1401 0x7a,0x1d,0x47,0x5f, 0xba,0x3c,0xf9,0xc3, 1402 0x0a,0x0d,0x8d,0xa1, 0xf9,0x1b,0x82,0x13, 1403 0x3e,0x0d,0xec,0x0a, 0x83,0xc0,0x65,0xe1, 1404 0xe9,0x95,0xff,0x97, 0xd6,0xf2,0xe4,0xd5, 1405 0x86,0xc0,0x1f,0x29, 0x27,0x63,0xd7,0xde, 1406 0xb7,0x0a,0x07,0x99, 0x04,0x2d,0xa3,0x89, 1407 0xa2,0x43,0xcf,0xf3, 0xe1,0x43,0xac,0x4a, 1408 0x06,0x97,0xd0,0x05, 0x4f,0x87,0xfa,0xf9, 1409 0x9b,0xbf,0x52,0x70, 0xbd,0xbc,0x6c,0xf3, 1410 0x03,0x13,0x60,0x41, 0x28,0x09,0xec,0xcc, 1411 0xb1,0x1a,0xec,0xd6, 0xfb,0x6f,0x2a,0x89, 1412 0x5d,0x0b,0x53,0x9c, 0x59,0xc1,0x84,0x21, 1413 0x33,0x51,0x47,0x19, 0x31,0x9c,0xd4,0x0a, 1414 0x4d,0x04,0xec,0x50, 0x90,0x61,0xbd,0xbc, 1415 0x7e,0xc8,0xd9,0x6c, 0x98,0x1d,0x45,0x41, 1416 0x17,0x5e,0x97,0x1c, 0xc5,0xa8,0xe8,0xea, 1417 0x46,0x58,0x53,0xf7, 0x17,0xd5,0xad,0x11, 1418 0xc8,0x54,0xf5,0x7a, 0x33,0x90,0xf5,0x19, 1419 0xba,0x36,0xb4,0xfc, 0x52,0xa5,0x72,0x3d, 1420 0x14,0xbb,0x55,0xa7, 0xe9,0xe3,0x12,0xf7, 1421 0x1c,0x30,0xa2,0x82, 0x03,0xbf,0x53,0x91, 1422 0x2e,0x60,0x41,0x9f, 0x5b,0x69,0x39,0xf6, 1423 0x4d,0xc8,0xf8,0x46, 0x7a,0x7f,0xa4,0x98, 1424 0x36,0xff,0x06,0xcb, 0xca,0xe7,0x33,0xf2, 1425 0xc0,0x4a,0xf4,0x3c, 0x14,0x44,0x5f,0x6b, 1426 0x75,0xef,0x02,0x36, 0x75,0x08,0x14,0xfd, 1427 0x10,0x8e,0xa5,0x58, 0xd0,0x30,0x46,0x49, 1428 0xaf,0x3a,0xf8,0x40, 0x3d,0x35,0xdb,0x84, 1429 0x11,0x2e,0x97,0x6a, 0xb7,0x87,0x7f,0xad, 1430 0xf1,0xfa,0xa5,0x63, 0x60,0xd8,0x5e,0xbf, 1431 0x41,0x78,0x49,0xcf, 0x77,0xbb,0x56,0xbb, 1432 0x7d,0x01,0x67,0x05, 0x22,0xc8,0x8f,0x41, 1433 0xba,0x81,0xd2,0xca, 0x2c,0x38,0xac,0x76, 1434 0x06,0xc1,0x1a,0xc2, 0xce,0xac,0x90,0x67, 1435 0x57,0x3e,0x20,0x12, 0x5b,0xd9,0x97,0x58, 1436 0x65,0x05,0xb7,0x04, 0x61,0x7e,0xd8,0x3a, 1437 0xbf,0x55,0x3b,0x13, 0xe9,0x34,0x5a,0x37, 1438 0x36,0xcb,0x94,0x45, 0xc5,0x32,0xb3,0xa0, 1439 0x0c,0x3e,0x49,0xc5, 0xd3,0xed,0xa7,0xf0, 1440 0x1c,0x69,0xcc,0xea, 0xcc,0x83,0xc9,0x16, 1441 0x95,0x72,0x4b,0xf4, 0x89,0xd5,0xb9,0x10, 1442 0xf6,0x2d,0x60,0x15, 0xea,0x3c,0x06,0x66, 1443 0x9f,0x82,0xad,0x17, 0xce,0xd2,0xa4,0x48, 1444 0x7c,0x65,0xd9,0xf8, 0x02,0x4d,0x9b,0x4c, 1445 0x89,0x06,0x3a,0x34, 0x85,0x48,0x89,0x86, 1446 0xf9,0x24,0xa9,0x54, 0x72,0xdb,0x44,0x95, 1447 0xc7,0x44,0x1c,0x19, 0x11,0x4c,0x04,0xdc, 1448 0x13,0xb9,0x67,0xc8, 0xc3,0x3a,0x6a,0x50, 1449 0xfa,0xd1,0xfb,0xe1, 0x88,0xb6,0xf1,0xa3, 1450 0xc5,0x3b,0xdc,0x38, 0x45,0x16,0x26,0x02, 1451 0x3b,0xb8,0x8f,0x8b, 0x58,0x7d,0x23,0x04, 1452 0x50,0x6b,0x81,0x9f, 0xae,0x66,0xac,0x6f, 1453 0xcf,0x2a,0x9d,0xf1, 0xfd,0x1d,0x57,0x07, 1454 0xbe,0x58,0xeb,0x77, 0x0c,0xe3,0xc2,0x19, 1455 0x14,0x74,0x1b,0x51, 0x1c,0x4f,0x41,0xf3, 1456 0x32,0x89,0xb3,0xe7, 0xde,0x62,0xf6,0x5f, 1457 0xc7,0x6a,0x4a,0x2a, 0x5b,0x0f,0x5f,0x87, 1458 0x9c,0x08,0xb9,0x02, 0x88,0xc8,0x29,0xb7, 1459 0x94,0x52,0xfa,0x52, 0xfe,0xaa,0x50,0x10, 1460 0xba,0x48,0x75,0x5e, 0x11,0x1b,0xe6,0x39, 1461 0xd7,0x82,0x2c,0x87, 0xf1,0x1e,0xa4,0x38, 1462 0x72,0x3e,0x51,0xe7, 0xd8,0x3e,0x5b,0x7b, 1463 0x31,0x16,0x89,0xba, 0xd6,0xad,0x18,0x5e, 1464 0xba,0xf8,0x12,0xb3, 0xf4,0x6c,0x47,0x30, 1465 0xc0,0x38,0x58,0xb3, 0x10,0x8d,0x58,0x5d, 1466 0xb4,0xfb,0x19,0x7e, 0x41,0xc3,0x66,0xb8, 1467 0xd6,0x72,0x84,0xe1, 0x1a,0xc2,0x71,0x4c, 1468 0x0d,0x4a,0x21,0x7a, 0xab,0xa2,0xc0,0x36, 1469 0x15,0xc5,0xe9,0x46, 0xd7,0x29,0x17,0x76, 1470 0x5e,0x47,0x36,0x7f, 0x72,0x05,0xa7,0xcc, 1471 0x36,0x63,0xf9,0x47, 0x7d,0xe6,0x07,0x3c, 1472 0x8b,0x79,0x1d,0x96, 0x61,0x8d,0x90,0x65, 1473 0x7c,0xf5,0xeb,0x4e, 0x6e,0x09,0x59,0x6d, 1474 0x62,0x50,0x1b,0x0f, 0xe0,0xdc,0x78,0xf2, 1475 0x5b,0x83,0x1a,0xa1, 0x11,0x75,0xfd,0x18, 1476 0xd7,0xe2,0x8d,0x65, 0x14,0x21,0xce,0xbe, 1477 0xb5,0x87,0xe3,0x0a, 0xda,0x24,0x0a,0x64, 1478 0xa9,0x9f,0x03,0x8d, 0x46,0x5d,0x24,0x1a, 1479 0x8a,0x0c,0x42,0x01, 0xca,0xb1,0x5f,0x7c, 1480 0xa5,0xac,0x32,0x4a, 0xb8,0x07,0x91,0x18, 1481 0x6f,0xb0,0x71,0x3c, 0xc9,0xb1,0xa8,0xf8, 1482 0x5f,0x69,0xa5,0xa1, 0xca,0x9e,0x7a,0xaa, 1483 0xac,0xe9,0xc7,0x47, 0x41,0x75,0x25,0xc3, 1484 0x73,0xe2,0x0b,0xdd, 0x6d,0x52,0x71,0xbe, 1485 0xc5,0xdc,0xb4,0xe7, 0x01,0x26,0x53,0x77, 1486 0x86,0x90,0x85,0x68, 0x6b,0x7b,0x03,0x53, 1487 0xda,0x52,0x52,0x51, 0x68,0xc8,0xf3,0xec, 1488 0x6c,0xd5,0x03,0x7a, 0xa3,0x0e,0xb4,0x02, 1489 0x5f,0x1a,0xab,0xee, 0xca,0x67,0x29,0x7b, 1490 0xbd,0x96,0x59,0xb3, 0x8b,0x32,0x7a,0x92, 1491 0x9f,0xd8,0x25,0x2b, 0xdf,0xc0,0x4c,0xda, 1492 }, 1493 .mlen = 16, 1494 .m = { 1495 0xbc,0xda,0x81,0xa8, 0x78,0x79,0x1c,0xbf, 1496 0x77,0x53,0xba,0x4c, 0x30,0x5b,0xb8,0x33, 1497 }, 1498 .h = { 1499 0x04,0xbf,0x7f,0x6a, 0xce,0x72,0xea,0x6a, 1500 0x79,0xdb,0xb0,0xc9, 0x60,0xf6,0x12,0xcc, 1501 }, 1502 }, 1503 [2] = { /* 1024-byte message */ 1504 .k = { 1505 0x65,0x4d,0xe3,0xf8, 0xd2,0x4c,0xac,0x28, 1506 0x68,0xf5,0xb3,0x81, 0x71,0x4b,0xa1,0xfa, 1507 0x04,0x0e,0xd3,0x81, 0x36,0xbe,0x0c,0x81, 1508 0x5e,0xaf,0xbc,0x3a, 0xa4,0xc0,0x8e,0x8b, 1509 0x55,0x63,0xd3,0x52, 0x97,0x88,0xd6,0x19, 1510 0xbc,0x96,0xdf,0x49, 0xff,0x04,0x63,0xf5, 1511 0x0c,0x11,0x13,0xaa, 0x9e,0x1f,0x5a,0xf7, 1512 0xdd,0xbd,0x37,0x80, 0xc3,0xd0,0xbe,0xa7, 1513 0x05,0xc8,0x3c,0x98, 0x1e,0x05,0x3c,0x84, 1514 0x39,0x61,0xc4,0xed, 0xed,0x71,0x1b,0xc4, 1515 0x74,0x45,0x2c,0xa1, 0x56,0x70,0x97,0xfd, 1516 0x44,0x18,0x07,0x7d, 0xca,0x60,0x1f,0x73, 1517 0x3b,0x6d,0x21,0xcb, 0x61,0x87,0x70,0x25, 1518 0x46,0x21,0xf1,0x1f, 0x21,0x91,0x31,0x2d, 1519 0x5d,0xcc,0xb7,0xd1, 0x84,0x3e,0x3d,0xdb, 1520 0x03,0x53,0x2a,0x82, 0xa6,0x9a,0x95,0xbc, 1521 0x1a,0x1e,0x0a,0x5e, 0x07,0x43,0xab,0x43, 1522 0xaf,0x92,0x82,0x06, 0x91,0x04,0x09,0xf4, 1523 0x17,0x0a,0x9a,0x2c, 0x54,0xdb,0xb8,0xf4, 1524 0xd0,0xf0,0x10,0x66, 0x24,0x8d,0xcd,0xda, 1525 0xfe,0x0e,0x45,0x9d, 0x6f,0xc4,0x4e,0xf4, 1526 0x96,0xaf,0x13,0xdc, 0xa9,0xd4,0x8c,0xc4, 1527 0xc8,0x57,0x39,0x3c, 0xc2,0xd3,0x0a,0x76, 1528 0x4a,0x1f,0x75,0x83, 0x44,0xc7,0xd1,0x39, 1529 0xd8,0xb5,0x41,0xba, 0x73,0x87,0xfa,0x96, 1530 0xc7,0x18,0x53,0xfb, 0x9b,0xda,0xa0,0x97, 1531 0x1d,0xee,0x60,0x85, 0x9e,0x14,0xc3,0xce, 1532 0xc4,0x05,0x29,0x3b, 0x95,0x30,0xa3,0xd1, 1533 0x9f,0x82,0x6a,0x04, 0xf5,0xa7,0x75,0x57, 1534 0x82,0x04,0xfe,0x71, 0x51,0x71,0xb1,0x49, 1535 0x50,0xf8,0xe0,0x96, 0xf1,0xfa,0xa8,0x88, 1536 0x3f,0xa0,0x86,0x20, 0xd4,0x60,0x79,0x59, 1537 0x17,0x2d,0xd1,0x09, 0xf4,0xec,0x05,0x57, 1538 0xcf,0x62,0x7e,0x0e, 0x7e,0x60,0x78,0xe6, 1539 0x08,0x60,0x29,0xd8, 0xd5,0x08,0x1a,0x24, 1540 0xc4,0x6c,0x24,0xe7, 0x92,0x08,0x3d,0x8a, 1541 0x98,0x7a,0xcf,0x99, 0x0a,0x65,0x0e,0xdc, 1542 0x8c,0x8a,0xbe,0x92, 0x82,0x91,0xcc,0x62, 1543 0x30,0xb6,0xf4,0x3f, 0xc6,0x8a,0x7f,0x12, 1544 0x4a,0x8a,0x49,0xfa, 0x3f,0x5c,0xd4,0x5a, 1545 0xa6,0x82,0xa3,0xe6, 0xaa,0x34,0x76,0xb2, 1546 0xab,0x0a,0x30,0xef, 0x6c,0x77,0x58,0x3f, 1547 0x05,0x6b,0xcc,0x5c, 0xae,0xdc,0xd7,0xb9, 1548 0x51,0x7e,0x8d,0x32, 0x5b,0x24,0x25,0xbe, 1549 0x2b,0x24,0x01,0xcf, 0x80,0xda,0x16,0xd8, 1550 0x90,0x72,0x2c,0xad, 0x34,0x8d,0x0c,0x74, 1551 0x02,0xcb,0xfd,0xcf, 0x6e,0xef,0x97,0xb5, 1552 0x4c,0xf2,0x68,0xca, 0xde,0x43,0x9e,0x8a, 1553 0xc5,0x5f,0x31,0x7f, 0x14,0x71,0x38,0xec, 1554 0xbd,0x98,0xe5,0x71, 0xc4,0xb5,0xdb,0xef, 1555 0x59,0xd2,0xca,0xc0, 0xc1,0x86,0x75,0x01, 1556 0xd4,0x15,0x0d,0x6f, 0xa4,0xf7,0x7b,0x37, 1557 0x47,0xda,0x18,0x93, 0x63,0xda,0xbe,0x9e, 1558 0x07,0xfb,0xb2,0x83, 0xd5,0xc4,0x34,0x55, 1559 0xee,0x73,0xa1,0x42, 0x96,0xf9,0x66,0x41, 1560 0xa4,0xcc,0xd2,0x93, 0x6e,0xe1,0x0a,0xbb, 1561 0xd2,0xdd,0x18,0x23, 0xe6,0x6b,0x98,0x0b, 1562 0x8a,0x83,0x59,0x2c, 0xc3,0xa6,0x59,0x5b, 1563 0x01,0x22,0x59,0xf7, 0xdc,0xb0,0x87,0x7e, 1564 0xdb,0x7d,0xf4,0x71, 0x41,0xab,0xbd,0xee, 1565 0x79,0xbe,0x3c,0x01, 0x76,0x0b,0x2d,0x0a, 1566 0x42,0xc9,0x77,0x8c, 0xbb,0x54,0x95,0x60, 1567 0x43,0x2e,0xe0,0x17, 0x52,0xbd,0x90,0xc9, 1568 0xc2,0x2c,0xdd,0x90, 0x24,0x22,0x76,0x40, 1569 0x5c,0xb9,0x41,0xc9, 0xa1,0xd5,0xbd,0xe3, 1570 0x44,0xe0,0xa4,0xab, 0xcc,0xb8,0xe2,0x32, 1571 0x02,0x15,0x04,0x1f, 0x8c,0xec,0x5d,0x14, 1572 0xac,0x18,0xaa,0xef, 0x6e,0x33,0x19,0x6e, 1573 0xde,0xfe,0x19,0xdb, 0xeb,0x61,0xca,0x18, 1574 0xad,0xd8,0x3d,0xbf, 0x09,0x11,0xc7,0xa5, 1575 0x86,0x0b,0x0f,0xe5, 0x3e,0xde,0xe8,0xd9, 1576 0x0a,0x69,0x9e,0x4c, 0x20,0xff,0xf9,0xc5, 1577 0xfa,0xf8,0xf3,0x7f, 0xa5,0x01,0x4b,0x5e, 1578 0x0f,0xf0,0x3b,0x68, 0xf0,0x46,0x8c,0x2a, 1579 0x7a,0xc1,0x8f,0xa0, 0xfe,0x6a,0x5b,0x44, 1580 0x70,0x5c,0xcc,0x92, 0x2c,0x6f,0x0f,0xbd, 1581 0x25,0x3e,0xb7,0x8e, 0x73,0x58,0xda,0xc9, 1582 0xa5,0xaa,0x9e,0xf3, 0x9b,0xfd,0x37,0x3e, 1583 0xe2,0x88,0xa4,0x7b, 0xc8,0x5c,0xa8,0x93, 1584 0x0e,0xe7,0x9a,0x9c, 0x2e,0x95,0x18,0x9f, 1585 0xc8,0x45,0x0c,0x88, 0x9e,0x53,0x4f,0x3a, 1586 0x76,0xc1,0x35,0xfa, 0x17,0xd8,0xac,0xa0, 1587 0x0c,0x2d,0x47,0x2e, 0x4f,0x69,0x9b,0xf7, 1588 0xd0,0xb6,0x96,0x0c, 0x19,0xb3,0x08,0x01, 1589 0x65,0x7a,0x1f,0xc7, 0x31,0x86,0xdb,0xc8, 1590 0xc1,0x99,0x8f,0xf8, 0x08,0x4a,0x9d,0x23, 1591 0x22,0xa8,0xcf,0x27, 0x01,0x01,0x88,0x93, 1592 0x9c,0x86,0x45,0xbd, 0xe0,0x51,0xca,0x52, 1593 0x84,0xba,0xfe,0x03, 0xf7,0xda,0xc5,0xce, 1594 0x3e,0x77,0x75,0x86, 0xaf,0x84,0xc8,0x05, 1595 0x44,0x01,0x0f,0x02, 0xf3,0x58,0xb0,0x06, 1596 0x5a,0xd7,0x12,0x30, 0x8d,0xdf,0x1f,0x1f, 1597 0x0a,0xe6,0xd2,0xea, 0xf6,0x3a,0x7a,0x99, 1598 0x63,0xe8,0xd2,0xc1, 0x4a,0x45,0x8b,0x40, 1599 0x4d,0x0a,0xa9,0x76, 0x92,0xb3,0xda,0x87, 1600 0x36,0x33,0xf0,0x78, 0xc3,0x2f,0x5f,0x02, 1601 0x1a,0x6a,0x2c,0x32, 0xcd,0x76,0xbf,0xbd, 1602 0x5a,0x26,0x20,0x28, 0x8c,0x8c,0xbc,0x52, 1603 0x3d,0x0a,0xc9,0xcb, 0xab,0xa4,0x21,0xb0, 1604 0x54,0x40,0x81,0x44, 0xc7,0xd6,0x1c,0x11, 1605 0x44,0xc6,0x02,0x92, 0x14,0x5a,0xbf,0x1a, 1606 0x09,0x8a,0x18,0xad, 0xcd,0x64,0x3d,0x53, 1607 0x4a,0xb6,0xa5,0x1b, 0x57,0x0e,0xef,0xe0, 1608 0x8c,0x44,0x5f,0x7d, 0xbd,0x6c,0xfd,0x60, 1609 0xae,0x02,0x24,0xb6, 0x99,0xdd,0x8c,0xaf, 1610 0x59,0x39,0x75,0x3c, 0xd1,0x54,0x7b,0x86, 1611 0xcc,0x99,0xd9,0x28, 0x0c,0xb0,0x94,0x62, 1612 0xf9,0x51,0xd1,0x19, 0x96,0x2d,0x66,0xf5, 1613 0x55,0xcf,0x9e,0x59, 0xe2,0x6b,0x2c,0x08, 1614 0xc0,0x54,0x48,0x24, 0x45,0xc3,0x8c,0x73, 1615 0xea,0x27,0x6e,0x66, 0x7d,0x1d,0x0e,0x6e, 1616 0x13,0xe8,0x56,0x65, 0x3a,0xb0,0x81,0x5c, 1617 0xf0,0xe8,0xd8,0x00, 0x6b,0xcd,0x8f,0xad, 1618 0xdd,0x53,0xf3,0xa4, 0x6c,0x43,0xd6,0x31, 1619 0xaf,0xd2,0x76,0x1e, 0x91,0x12,0xdb,0x3c, 1620 0x8c,0xc2,0x81,0xf0, 0x49,0xdb,0xe2,0x6b, 1621 0x76,0x62,0x0a,0x04, 0xe4,0xaa,0x8a,0x7c, 1622 0x08,0x0b,0x5d,0xd0, 0xee,0x1d,0xfb,0xc4, 1623 0x02,0x75,0x42,0xd6, 0xba,0xa7,0x22,0xa8, 1624 0x47,0x29,0xb7,0x85, 0x6d,0x93,0x3a,0xdb, 1625 0x00,0x53,0x0b,0xa2, 0xeb,0xf8,0xfe,0x01, 1626 0x6f,0x8a,0x31,0xd6, 0x17,0x05,0x6f,0x67, 1627 0x88,0x95,0x32,0xfe, 0x4f,0xa6,0x4b,0xf8, 1628 0x03,0xe4,0xcd,0x9a, 0x18,0xe8,0x4e,0x2d, 1629 0xf7,0x97,0x9a,0x0c, 0x7d,0x9f,0x7e,0x44, 1630 0x69,0x51,0xe0,0x32, 0x6b,0x62,0x86,0x8f, 1631 0xa6,0x8e,0x0b,0x21, 0x96,0xe5,0xaf,0x77, 1632 0xc0,0x83,0xdf,0xa5, 0x0e,0xd0,0xa1,0x04, 1633 0xaf,0xc1,0x10,0xcb, 0x5a,0x40,0xe4,0xe3, 1634 0x38,0x7e,0x07,0xe8, 0x4d,0xfa,0xed,0xc5, 1635 0xf0,0x37,0xdf,0xbb, 0x8a,0xcf,0x3d,0xdc, 1636 0x61,0xd2,0xc6,0x2b, 0xff,0x07,0xc9,0x2f, 1637 0x0c,0x2d,0x5c,0x07, 0xa8,0x35,0x6a,0xfc, 1638 0xae,0x09,0x03,0x45, 0x74,0x51,0x4d,0xc4, 1639 0xb8,0x23,0x87,0x4a, 0x99,0x27,0x20,0x87, 1640 0x62,0x44,0x0a,0x4a, 0xce,0x78,0x47,0x22, 1641 }, 1642 .mlen = 1024, 1643 .m = { 1644 0x8e,0xb0,0x4c,0xde, 0x9c,0x4a,0x04,0x5a, 1645 0xf6,0xa9,0x7f,0x45, 0x25,0xa5,0x7b,0x3a, 1646 0xbc,0x4d,0x73,0x39, 0x81,0xb5,0xbd,0x3d, 1647 0x21,0x6f,0xd7,0x37, 0x50,0x3c,0x7b,0x28, 1648 0xd1,0x03,0x3a,0x17, 0xed,0x7b,0x7c,0x2a, 1649 0x16,0xbc,0xdf,0x19, 0x89,0x52,0x71,0x31, 1650 0xb6,0xc0,0xfd,0xb5, 0xd3,0xba,0x96,0x99, 1651 0xb6,0x34,0x0b,0xd0, 0x99,0x93,0xfc,0x1a, 1652 0x01,0x3c,0x85,0xc6, 0x9b,0x78,0x5c,0x8b, 1653 0xfe,0xae,0xd2,0xbf, 0xb2,0x6f,0xf9,0xed, 1654 0xc8,0x25,0x17,0xfe, 0x10,0x3b,0x7d,0xda, 1655 0xf4,0x8d,0x35,0x4b, 0x7c,0x7b,0x82,0xe7, 1656 0xc2,0xb3,0xee,0x60, 0x4a,0x03,0x86,0xc9, 1657 0x4e,0xb5,0xc4,0xbe, 0xd2,0xbd,0x66,0xf1, 1658 0x13,0xf1,0x09,0xab, 0x5d,0xca,0x63,0x1f, 1659 0xfc,0xfb,0x57,0x2a, 0xfc,0xca,0x66,0xd8, 1660 0x77,0x84,0x38,0x23, 0x1d,0xac,0xd3,0xb3, 1661 0x7a,0xad,0x4c,0x70, 0xfa,0x9c,0xc9,0x61, 1662 0xa6,0x1b,0xba,0x33, 0x4b,0x4e,0x33,0xec, 1663 0xa0,0xa1,0x64,0x39, 0x40,0x05,0x1c,0xc2, 1664 0x3f,0x49,0x9d,0xae, 0xf2,0xc5,0xf2,0xc5, 1665 0xfe,0xe8,0xf4,0xc2, 0xf9,0x96,0x2d,0x28, 1666 0x92,0x30,0x44,0xbc, 0xd2,0x7f,0xe1,0x6e, 1667 0x62,0x02,0x8f,0x3d, 0x1c,0x80,0xda,0x0e, 1668 0x6a,0x90,0x7e,0x75, 0xff,0xec,0x3e,0xc4, 1669 0xcd,0x16,0x34,0x3b, 0x05,0x6d,0x4d,0x20, 1670 0x1c,0x7b,0xf5,0x57, 0x4f,0xfa,0x3d,0xac, 1671 0xd0,0x13,0x55,0xe8, 0xb3,0xe1,0x1b,0x78, 1672 0x30,0xe6,0x9f,0x84, 0xd4,0x69,0xd1,0x08, 1673 0x12,0x77,0xa7,0x4a, 0xbd,0xc0,0xf2,0xd2, 1674 0x78,0xdd,0xa3,0x81, 0x12,0xcb,0x6c,0x14, 1675 0x90,0x61,0xe2,0x84, 0xc6,0x2b,0x16,0xcc, 1676 0x40,0x99,0x50,0x88, 0x01,0x09,0x64,0x4f, 1677 0x0a,0x80,0xbe,0x61, 0xae,0x46,0xc9,0x0a, 1678 0x5d,0xe0,0xfb,0x72, 0x7a,0x1a,0xdd,0x61, 1679 0x63,0x20,0x05,0xa0, 0x4a,0xf0,0x60,0x69, 1680 0x7f,0x92,0xbc,0xbf, 0x4e,0x39,0x4d,0xdd, 1681 0x74,0xd1,0xb7,0xc0, 0x5a,0x34,0xb7,0xae, 1682 0x76,0x65,0x2e,0xbc, 0x36,0xb9,0x04,0x95, 1683 0x42,0xe9,0x6f,0xca, 0x78,0xb3,0x72,0x07, 1684 0xa3,0xba,0x02,0x94, 0x67,0x4c,0xb1,0xd7, 1685 0xe9,0x30,0x0d,0xf0, 0x3b,0xb8,0x10,0x6d, 1686 0xea,0x2b,0x21,0xbf, 0x74,0x59,0x82,0x97, 1687 0x85,0xaa,0xf1,0xd7, 0x54,0x39,0xeb,0x05, 1688 0xbd,0xf3,0x40,0xa0, 0x97,0xe6,0x74,0xfe, 1689 0xb4,0x82,0x5b,0xb1, 0x36,0xcb,0xe8,0x0d, 1690 0xce,0x14,0xd9,0xdf, 0xf1,0x94,0x22,0xcd, 1691 0xd6,0x00,0xba,0x04, 0x4c,0x05,0x0c,0xc0, 1692 0xd1,0x5a,0xeb,0x52, 0xd5,0xa8,0x8e,0xc8, 1693 0x97,0xa1,0xaa,0xc1, 0xea,0xc1,0xbe,0x7c, 1694 0x36,0xb3,0x36,0xa0, 0xc6,0x76,0x66,0xc5, 1695 0xe2,0xaf,0xd6,0x5c, 0xe2,0xdb,0x2c,0xb3, 1696 0x6c,0xb9,0x99,0x7f, 0xff,0x9f,0x03,0x24, 1697 0xe1,0x51,0x44,0x66, 0xd8,0x0c,0x5d,0x7f, 1698 0x5c,0x85,0x22,0x2a, 0xcf,0x6d,0x79,0x28, 1699 0xab,0x98,0x01,0x72, 0xfe,0x80,0x87,0x5f, 1700 0x46,0xba,0xef,0x81, 0x24,0xee,0xbf,0xb0, 1701 0x24,0x74,0xa3,0x65, 0x97,0x12,0xc4,0xaf, 1702 0x8b,0xa0,0x39,0xda, 0x8a,0x7e,0x74,0x6e, 1703 0x1b,0x42,0xb4,0x44, 0x37,0xfc,0x59,0xfd, 1704 0x86,0xed,0xfb,0x8c, 0x66,0x33,0xda,0x63, 1705 0x75,0xeb,0xe1,0xa4, 0x85,0x4f,0x50,0x8f, 1706 0x83,0x66,0x0d,0xd3, 0x37,0xfa,0xe6,0x9c, 1707 0x4f,0x30,0x87,0x35, 0x18,0xe3,0x0b,0xb7, 1708 0x6e,0x64,0x54,0xcd, 0x70,0xb3,0xde,0x54, 1709 0xb7,0x1d,0xe6,0x4c, 0x4d,0x55,0x12,0x12, 1710 0xaf,0x5f,0x7f,0x5e, 0xee,0x9d,0xe8,0x8e, 1711 0x32,0x9d,0x4e,0x75, 0xeb,0xc6,0xdd,0xaa, 1712 0x48,0x82,0xa4,0x3f, 0x3c,0xd7,0xd3,0xa8, 1713 0x63,0x9e,0x64,0xfe, 0xe3,0x97,0x00,0x62, 1714 0xe5,0x40,0x5d,0xc3, 0xad,0x72,0xe1,0x28, 1715 0x18,0x50,0xb7,0x75, 0xef,0xcd,0x23,0xbf, 1716 0x3f,0xc0,0x51,0x36, 0xf8,0x41,0xc3,0x08, 1717 0xcb,0xf1,0x8d,0x38, 0x34,0xbd,0x48,0x45, 1718 0x75,0xed,0xbc,0x65, 0x7b,0xb5,0x0c,0x9b, 1719 0xd7,0x67,0x7d,0x27, 0xb4,0xc4,0x80,0xd7, 1720 0xa9,0xb9,0xc7,0x4a, 0x97,0xaa,0xda,0xc8, 1721 0x3c,0x74,0xcf,0x36, 0x8f,0xe4,0x41,0xe3, 1722 0xd4,0xd3,0x26,0xa7, 0xf3,0x23,0x9d,0x8f, 1723 0x6c,0x20,0x05,0x32, 0x3e,0xe0,0xc3,0xc8, 1724 0x56,0x3f,0xa7,0x09, 0xb7,0xfb,0xc7,0xf7, 1725 0xbe,0x2a,0xdd,0x0f, 0x06,0x7b,0x0d,0xdd, 1726 0xb0,0xb4,0x86,0x17, 0xfd,0xb9,0x04,0xe5, 1727 0xc0,0x64,0x5d,0xad, 0x2a,0x36,0x38,0xdb, 1728 0x24,0xaf,0x5b,0xff, 0xca,0xf9,0x41,0xe8, 1729 0xf9,0x2f,0x1e,0x5e, 0xf9,0xf5,0xd5,0xf2, 1730 0xb2,0x88,0xca,0xc9, 0xa1,0x31,0xe2,0xe8, 1731 0x10,0x95,0x65,0xbf, 0xf1,0x11,0x61,0x7a, 1732 0x30,0x1a,0x54,0x90, 0xea,0xd2,0x30,0xf6, 1733 0xa5,0xad,0x60,0xf9, 0x4d,0x84,0x21,0x1b, 1734 0xe4,0x42,0x22,0xc8, 0x12,0x4b,0xb0,0x58, 1735 0x3e,0x9c,0x2d,0x32, 0x95,0x0a,0x8e,0xb0, 1736 0x0a,0x7e,0x77,0x2f, 0xe8,0x97,0x31,0x6a, 1737 0xf5,0x59,0xb4,0x26, 0xe6,0x37,0x12,0xc9, 1738 0xcb,0xa0,0x58,0x33, 0x6f,0xd5,0x55,0x55, 1739 0x3c,0xa1,0x33,0xb1, 0x0b,0x7e,0x2e,0xb4, 1740 0x43,0x2a,0x84,0x39, 0xf0,0x9c,0xf4,0x69, 1741 0x4f,0x1e,0x79,0xa6, 0x15,0x1b,0x87,0xbb, 1742 0xdb,0x9b,0xe0,0xf1, 0x0b,0xba,0xe3,0x6e, 1743 0xcc,0x2f,0x49,0x19, 0x22,0x29,0xfc,0x71, 1744 0xbb,0x77,0x38,0x18, 0x61,0xaf,0x85,0x76, 1745 0xeb,0xd1,0x09,0xcc, 0x86,0x04,0x20,0x9a, 1746 0x66,0x53,0x2f,0x44, 0x8b,0xc6,0xa3,0xd2, 1747 0x5f,0xc7,0x79,0x82, 0x66,0xa8,0x6e,0x75, 1748 0x7d,0x94,0xd1,0x86, 0x75,0x0f,0xa5,0x4f, 1749 0x3c,0x7a,0x33,0xce, 0xd1,0x6e,0x9d,0x7b, 1750 0x1f,0x91,0x37,0xb8, 0x37,0x80,0xfb,0xe0, 1751 0x52,0x26,0xd0,0x9a, 0xd4,0x48,0x02,0x41, 1752 0x05,0xe3,0x5a,0x94, 0xf1,0x65,0x61,0x19, 1753 0xb8,0x88,0x4e,0x2b, 0xea,0xba,0x8b,0x58, 1754 0x8b,0x42,0x01,0x00, 0xa8,0xfe,0x00,0x5c, 1755 0xfe,0x1c,0xee,0x31, 0x15,0x69,0xfa,0xb3, 1756 0x9b,0x5f,0x22,0x8e, 0x0d,0x2c,0xe3,0xa5, 1757 0x21,0xb9,0x99,0x8a, 0x8e,0x94,0x5a,0xef, 1758 0x13,0x3e,0x99,0x96, 0x79,0x6e,0xd5,0x42, 1759 0x36,0x03,0xa9,0xe2, 0xca,0x65,0x4e,0x8a, 1760 0x8a,0x30,0xd2,0x7d, 0x74,0xe7,0xf0,0xaa, 1761 0x23,0x26,0xdd,0xcb, 0x82,0x39,0xfc,0x9d, 1762 0x51,0x76,0x21,0x80, 0xa2,0xbe,0x93,0x03, 1763 0x47,0xb0,0xc1,0xb6, 0xdc,0x63,0xfd,0x9f, 1764 0xca,0x9d,0xa5,0xca, 0x27,0x85,0xe2,0xd8, 1765 0x15,0x5b,0x7e,0x14, 0x7a,0xc4,0x89,0xcc, 1766 0x74,0x14,0x4b,0x46, 0xd2,0xce,0xac,0x39, 1767 0x6b,0x6a,0x5a,0xa4, 0x0e,0xe3,0x7b,0x15, 1768 0x94,0x4b,0x0f,0x74, 0xcb,0x0c,0x7f,0xa9, 1769 0xbe,0x09,0x39,0xa3, 0xdd,0x56,0x5c,0xc7, 1770 0x99,0x56,0x65,0x39, 0xf4,0x0b,0x7d,0x87, 1771 0xec,0xaa,0xe3,0x4d, 0x22,0x65,0x39,0x4e, 1772 }, 1773 .h = { 1774 0x64,0x3a,0xbc,0xc3, 0x3f,0x74,0x40,0x51, 1775 0x6e,0x56,0x01,0x1a, 0x51,0xec,0x36,0xde, 1776 }, 1777 }, 1778 }; 1779 const uint8_t *pk; 1780 const uint8_t *nhk; 1781 static uint32_t nhk32[268]; 1782 uint8_t h[16]; 1783 unsigned i, j; 1784 int result = 0; 1785 1786 for (i = 0; i < __arraycount(C); i++) { 1787 pk = C[i].k; 1788 nhk = C[i].k + 16; 1789 for (j = 0; j < 268; j++) 1790 nhk32[j] = le32dec(nhk + 4*j); 1791 nhpoly1305(h, C[i].m, C[i].mlen, pk, nhk32); 1792 if (memcmp(h, C[i].h, 16)) { 1793 char prefix[16]; 1794 snprintf(prefix, sizeof prefix, "nhpoly1305 %u", i); 1795 hexdump(printf, prefix, h, 32); 1796 result = -1; 1797 } 1798 } 1799 1800 return result; 1801 } 1802 1803 void 1804 adiantum_init(struct adiantum *A, const uint8_t key[static 32]) 1805 { 1806 uint8_t nonce[24] = {1}; 1807 unsigned i; 1808 1809 memcpy(A->ks, key, 32); 1810 1811 /* Relies on ordering of struct members. */ 1812 memset(A->kk, 0, 32 + 16 + 16 + 1072); 1813 xchacha_stream_xor(A->kk, A->kk, 32 + 16 + 16 + 1072, 0, nonce, A->ks, 1814 12); 1815 1816 /* Put the NH key words into host byte order. */ 1817 for (i = 0; i < __arraycount(A->kn); i++) 1818 A->kn[i] = le32toh(A->kn[i]); 1819 1820 /* Expand the AES key. */ 1821 aes_setenckey256(&A->kk_enc, A->kk); 1822 aes_setdeckey256(&A->kk_dec, A->kk); 1823 } 1824 1825 static void 1826 adiantum_hash(uint8_t h[static 16], const void *l, size_t llen, 1827 const void *t, size_t tlen, 1828 const uint8_t kt[static 16], 1829 const uint8_t kl[static 16], 1830 const uint32_t kn[static 268]) 1831 { 1832 struct poly1305 P; 1833 uint8_t llenbuf[16]; 1834 uint8_t ht[16]; 1835 uint8_t hl[16]; 1836 1837 KASSERT(llen % 16 == 0); 1838 1839 memset(llenbuf, 0, sizeof llenbuf); 1840 le64enc(llenbuf, 8*llen); 1841 1842 /* Compute H_T := Poly1305_{K_T}(le128(|l|) || tweak). */ 1843 poly1305_init(&P, kt); 1844 poly1305_update_blocks(&P, llenbuf, 16); 1845 poly1305_update_blocks(&P, t, tlen); 1846 poly1305_final(ht, &P); 1847 1848 /* Compute H_L := Poly1305_{K_L}(NH(pad_128(l))). */ 1849 nhpoly1305(hl, l, llen, kl, kn); 1850 1851 /* Compute H := H_T + H_L (mod 2^128). */ 1852 add128(h, ht, hl); 1853 } 1854 1855 void 1856 adiantum_enc(void *c, const void *p, size_t len, const void *t, size_t tlen, 1857 const struct adiantum *A) 1858 { 1859 size_t Rlen = 16; 1860 size_t Llen = len - Rlen; 1861 uint8_t *c8 = c; 1862 uint8_t *cL = c8; 1863 uint8_t *cR = c8 + Llen; 1864 const uint8_t *p8 = p; 1865 const uint8_t *pL = p8; 1866 const uint8_t *pR = p8 + Llen; 1867 uint8_t h[16]; 1868 uint8_t buf[16] __aligned(16); 1869 uint8_t nonce[24]; 1870 1871 KASSERT(len % 16 == 0); 1872 1873 adiantum_hash(h, pL, Llen, t, tlen, A->kt, A->kl, A->kn); 1874 add128(buf, pR, h); /* buf := P_M */ 1875 aes_enc(&A->kk_enc, buf, buf, AES_256_NROUNDS); /* buf := C_M */ 1876 1877 memcpy(nonce, buf, 16); 1878 le64enc(nonce + 16, 1); 1879 xchacha_stream_xor(cL, pL, Llen, 0, nonce, A->ks, 12); 1880 1881 adiantum_hash(h, cL, Llen, t, tlen, A->kt, A->kl, A->kn); 1882 sub128(cR, buf, h); 1883 1884 explicit_memset(h, 0, sizeof h); 1885 explicit_memset(buf, 0, sizeof buf); 1886 } 1887 1888 void 1889 adiantum_dec(void *p, const void *c, size_t len, const void *t, size_t tlen, 1890 const struct adiantum *A) 1891 { 1892 size_t Rlen = 16; 1893 size_t Llen = len - Rlen; 1894 const uint8_t *c8 = c; 1895 const uint8_t *cL = c8; 1896 const uint8_t *cR = c8 + Llen; 1897 uint8_t *p8 = p; 1898 uint8_t *pL = p8; 1899 uint8_t *pR = p8 + Llen; 1900 uint8_t h[16]; 1901 uint8_t buf[16] __aligned(16); 1902 uint8_t nonce[24]; 1903 1904 KASSERT(len % 16 == 0); 1905 1906 adiantum_hash(h, cL, Llen, t, tlen, A->kt, A->kl, A->kn); 1907 add128(buf, cR, h); /* buf := C_M */ 1908 1909 memcpy(nonce, buf, 16); 1910 le64enc(nonce + 16, 1); 1911 xchacha_stream_xor(pL, cL, Llen, 0, nonce, A->ks, 12); 1912 1913 aes_dec(&A->kk_dec, buf, buf, AES_256_NROUNDS); /* buf := P_M */ 1914 adiantum_hash(h, pL, Llen, t, tlen, A->kt, A->kl, A->kn); 1915 sub128(pR, buf, h); 1916 1917 explicit_memset(h, 0, sizeof h); 1918 explicit_memset(buf, 0, sizeof buf); 1919 } 1920 1921 #ifdef _KERNEL 1922 1923 MODULE(MODULE_CLASS_MISC, adiantum, "aes,chacha"); 1924 1925 static int 1926 adiantum_modcmd(modcmd_t cmd, void *opaque) 1927 { 1928 1929 switch (cmd) { 1930 case MODULE_CMD_INIT: { 1931 int result = 0; 1932 result |= addsub128_selftest(); 1933 result |= poly1305_selftest(); 1934 result |= nh_selftest(); 1935 result |= nhpoly1305_selftest(); 1936 result |= adiantum_selftest(); 1937 if (result) 1938 panic("adiantum self-test failed"); 1939 aprint_verbose("adiantum: self-test passed\n"); 1940 return 0; 1941 } 1942 case MODULE_CMD_FINI: 1943 return 0; 1944 default: 1945 return ENOTTY; 1946 } 1947 } 1948 1949 #else /* !defined(_KERNEL) */ 1950 1951 #include <err.h> 1952 #include <stdio.h> 1953 #include <unistd.h> 1954 1955 static int 1956 read_block(int fd, void *buf, size_t len) 1957 { 1958 char *p = buf; 1959 size_t n = len; 1960 ssize_t nread; 1961 1962 for (;;) { 1963 if ((nread = read(fd, p, n)) == -1) 1964 err(1, "read"); 1965 if (nread == 0) { 1966 if (n < len) 1967 errx(1, "partial block"); 1968 return -1; /* eof */ 1969 } 1970 if ((size_t)nread >= n) 1971 break; 1972 p += (size_t)nread; 1973 n -= (size_t)nread; 1974 } 1975 1976 return 0; 1977 } 1978 1979 static void 1980 write_block(int fd, const void *buf, size_t len) 1981 { 1982 const char *p = buf; 1983 size_t n = len; 1984 ssize_t nwrit; 1985 1986 for (;;) { 1987 if ((nwrit = write(fd, p, n)) == -1) 1988 err(1, "write"); 1989 if ((size_t)nwrit >= n) 1990 break; 1991 p += (size_t)nwrit; 1992 n -= (size_t)nwrit; 1993 } 1994 } 1995 1996 #define SECSIZE 512 1997 1998 static void 1999 process(void) 2000 { 2001 static const uint8_t k[32] = {0}; 2002 static uint8_t buf[65536]; 2003 static struct adiantum C; 2004 uint8_t blkno[16] = {0}; 2005 unsigned i; 2006 2007 adiantum_init(&C, k); 2008 while (read_block(STDIN_FILENO, buf, sizeof buf) == 0) { 2009 for (i = 0; i < sizeof buf; i += SECSIZE) { 2010 adiantum_enc(buf + i, buf + i, SECSIZE, blkno, 16, &C); 2011 le64enc(blkno, 1 + le32dec(blkno)); 2012 } 2013 write_block(STDOUT_FILENO, buf, sizeof buf); 2014 if (le64dec(blkno) == 1024*1024*1024/SECSIZE) 2015 return; 2016 } 2017 } 2018 2019 int 2020 main(void) 2021 { 2022 int result = 0; 2023 2024 result |= addsub128_selftest(); 2025 result |= poly1305_selftest(); 2026 result |= nh_selftest(); 2027 result |= nhpoly1305_selftest(); 2028 result |= adiantum_selftest(); 2029 if (result) 2030 return result; 2031 2032 process(); 2033 return 0; 2034 } 2035 2036 #endif /* _KERNEL */ 2037