From 02daec4e2ff25b77448982ca70c045c6b5652fda Mon Sep 17 00:00:00 2001 From: Eric Lagergren Date: Mon, 11 Apr 2022 03:33:14 -0700 Subject: [PATCH] initial implementation Signed-off-by: Eric Lagergren --- .github/workflows/go.yml | 29 + .gitignore | 2 + README.md | 46 +- asm_amd64.s | 219 ++++ asm_arm64.s | 176 +++ go.mod | 7 + go.sum | 420 +++++++ internal/subtle/subtle.go | 52 + siv.go | 279 +++++ siv_asm.go | 179 +++ siv_noasm.go | 15 + siv_test.go | 480 ++++++++ stub_amd64.go | 9 + stub_arm64.go | 9 + testdata/aes_gcm_siv_test.json | 1912 ++++++++++++++++++++++++++++++++ testdata/rfc8452_128.txt | 479 ++++++++ testdata/rfc8452_256.txt | 527 +++++++++ testdata/rfc8452_256_wrap.txt | 42 + 18 files changed, 4881 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/go.yml create mode 100644 asm_amd64.s create mode 100644 asm_arm64.s create mode 100644 go.mod create mode 100644 go.sum create mode 100644 internal/subtle/subtle.go create mode 100644 siv.go create mode 100644 siv_asm.go create mode 100644 siv_noasm.go create mode 100644 siv_test.go create mode 100644 stub_amd64.go create mode 100644 stub_arm64.go create mode 100644 testdata/aes_gcm_siv_test.json create mode 100644 testdata/rfc8452_128.txt create mode 100644 testdata/rfc8452_256.txt create mode 100644 testdata/rfc8452_256_wrap.txt diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 0000000..737d47f --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,29 @@ +name: CI +on: ['push', 'pull_request'] + +jobs: + ci: + strategy: + fail-fast: false + matrix: + os: ['windows-latest', 'ubuntu-latest', 'macOS-latest'] + go: ['1.17.x', '1.18.x'] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go }} + check-latest: true + - name: Build + run: go build -v ./... + - name: Test + run: go test -v -vet all ./... + - name: TestPureGo + run: go test -v -vet all -tags purego ./... + - uses: dominikh/staticcheck-action@v1.1.0 + with: + version: '2022.1' + install-go: false + cache-key: ${{ matrix.go }} diff --git a/.gitignore b/.gitignore index 66fd13c..84e643b 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,5 @@ # Dependency directories (remove the comment below to include it) # vendor/ + +ssa.txt diff --git a/README.md b/README.md index 7f51469..29610d4 100644 --- a/README.md +++ b/README.md @@ -1 +1,45 @@ -# siv \ No newline at end of file +# AES-GCM-SIV + +[![Go Reference](https://pkg.go.dev/badge/github.com/ericlagergren/siv.svg)](https://pkg.go.dev/github.com/ericlagergren/siv) + +Nonce misuse-resistant AEAD + +- https://datatracker.ietf.org/doc/html/rfc8452 +- https://eprint.iacr.org/2017/168.pdf +- https://eprint.iacr.org/2015/102.pdf + +## Installation + +```bash +go get github.com/ericlagergren/siv@latest +``` + +## Performance + +The performance of HCTR2 is determined by two things: AES-CTR and +POLYVAL. This module provides ARMv8 and x86-64 assembly AES-CTR +implementations and uses a hardware-accelerated POLYVAL +implementation (see [github.com/ericlagergren/polyval](https://pkg.go.dev/github.com/ericlagergren/polyval)). + +The ARMv8 assembly implementation of AES-CTR-256 with +hardware-accelerated POLYVAL runs at about X cycle per byte. + +The x86-64 assembly implementation of AES-CTR-256 with +hardware-accelerated POLYVAL runs at about X cycles per byte. + +The `crypto/aes` implementation of AES-CTR-256 with +hardware-accelerated POLYVAL runs at about X cycles per byte. + +## Security + +### Disclosure + +This project uses full disclosure. If you find a security bug in +an implementation, please e-mail me or create a GitHub issue. + +### Disclaimer + +You should only use cryptography libraries that have been +reviewed by cryptographers or cryptography engineers. While I am +a cryptography engineer, I'm not your cryptography engineer, and +I have not had this project reviewed by any other cryptographers. diff --git a/asm_amd64.s b/asm_amd64.s new file mode 100644 index 0000000..694f508 --- /dev/null +++ b/asm_amd64.s @@ -0,0 +1,219 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build gc && !purego + +#include "textflag.h" + +// func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) +TEXT ·encryptBlockAsm(SB), NOSPLIT, $0 + MOVQ nr+0(FP), CX + MOVQ xk+8(FP), AX + MOVQ dst+16(FP), DX + MOVQ src+24(FP), BX + MOVUPS 0(AX), X1 + MOVUPS 0(BX), X0 + ADDQ $16, AX + PXOR X1, X0 + SUBQ $12, CX + JE Lenc192 + JB Lenc128 + +Lenc256: + MOVUPS 0(AX), X1 + AESENC X1, X0 + MOVUPS 16(AX), X1 + AESENC X1, X0 + ADDQ $32, AX + +Lenc192: + MOVUPS 0(AX), X1 + AESENC X1, X0 + MOVUPS 16(AX), X1 + AESENC X1, X0 + ADDQ $32, AX + +Lenc128: + MOVUPS 0(AX), X1 + AESENC X1, X0 + MOVUPS 16(AX), X1 + AESENC X1, X0 + MOVUPS 32(AX), X1 + AESENC X1, X0 + MOVUPS 48(AX), X1 + AESENC X1, X0 + MOVUPS 64(AX), X1 + AESENC X1, X0 + MOVUPS 80(AX), X1 + AESENC X1, X0 + MOVUPS 96(AX), X1 + AESENC X1, X0 + MOVUPS 112(AX), X1 + AESENC X1, X0 + MOVUPS 128(AX), X1 + AESENC X1, X0 + MOVUPS 144(AX), X1 + AESENCLAST X1, X0 + MOVUPS X0, 0(DX) + RET + +// func expandKeyAsm(nr int, key *byte, enc *uint32) { +// Note that round keys are stored in uint128 format, not uint32 +TEXT ·expandKeyAsm(SB), NOSPLIT, $0 + MOVQ nr+0(FP), CX + MOVQ key+8(FP), AX + MOVQ enc+16(FP), BX + MOVUPS (AX), X0 + + // enc + MOVUPS X0, (BX) + ADDQ $16, BX + PXOR X4, X4 // _expand_key_* expect X4 to be zero + CMPL CX, $12 + JE Lexp_enc192 + JB Lexp_enc128 + +Lexp_enc256: + MOVUPS 16(AX), X2 + MOVUPS X2, (BX) + ADDQ $16, BX + AESKEYGENASSIST $0x01, X2, X1 + CALL _expand_key_256a<>(SB) + AESKEYGENASSIST $0x01, X0, X1 + CALL _expand_key_256b<>(SB) + AESKEYGENASSIST $0x02, X2, X1 + CALL _expand_key_256a<>(SB) + AESKEYGENASSIST $0x02, X0, X1 + CALL _expand_key_256b<>(SB) + AESKEYGENASSIST $0x04, X2, X1 + CALL _expand_key_256a<>(SB) + AESKEYGENASSIST $0x04, X0, X1 + CALL _expand_key_256b<>(SB) + AESKEYGENASSIST $0x08, X2, X1 + CALL _expand_key_256a<>(SB) + AESKEYGENASSIST $0x08, X0, X1 + CALL _expand_key_256b<>(SB) + AESKEYGENASSIST $0x10, X2, X1 + CALL _expand_key_256a<>(SB) + AESKEYGENASSIST $0x10, X0, X1 + CALL _expand_key_256b<>(SB) + AESKEYGENASSIST $0x20, X2, X1 + CALL _expand_key_256a<>(SB) + AESKEYGENASSIST $0x20, X0, X1 + CALL _expand_key_256b<>(SB) + AESKEYGENASSIST $0x40, X2, X1 + CALL _expand_key_256a<>(SB) + JMP Lexp_done + +Lexp_enc192: + MOVQ 16(AX), X2 + AESKEYGENASSIST $0x01, X2, X1 + CALL _expand_key_192a<>(SB) + AESKEYGENASSIST $0x02, X2, X1 + CALL _expand_key_192b<>(SB) + AESKEYGENASSIST $0x04, X2, X1 + CALL _expand_key_192a<>(SB) + AESKEYGENASSIST $0x08, X2, X1 + CALL _expand_key_192b<>(SB) + AESKEYGENASSIST $0x10, X2, X1 + CALL _expand_key_192a<>(SB) + AESKEYGENASSIST $0x20, X2, X1 + CALL _expand_key_192b<>(SB) + AESKEYGENASSIST $0x40, X2, X1 + CALL _expand_key_192a<>(SB) + AESKEYGENASSIST $0x80, X2, X1 + CALL _expand_key_192b<>(SB) + JMP Lexp_done + +Lexp_enc128: + AESKEYGENASSIST $0x01, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x02, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x04, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x08, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x10, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x20, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x40, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x80, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x1b, X0, X1 + CALL _expand_key_128<>(SB) + AESKEYGENASSIST $0x36, X0, X1 + CALL _expand_key_128<>(SB) + +Lexp_done: + RET + +TEXT _expand_key_128<>(SB), NOSPLIT, $0 + PSHUFD $0xff, X1, X1 + SHUFPS $0x10, X0, X4 + PXOR X4, X0 + SHUFPS $0x8c, X0, X4 + PXOR X4, X0 + PXOR X1, X0 + MOVUPS X0, (BX) + ADDQ $16, BX + RET + +TEXT _expand_key_192a<>(SB), NOSPLIT, $0 + PSHUFD $0x55, X1, X1 + SHUFPS $0x10, X0, X4 + PXOR X4, X0 + SHUFPS $0x8c, X0, X4 + PXOR X4, X0 + PXOR X1, X0 + + MOVAPS X2, X5 + MOVAPS X2, X6 + PSLLDQ $0x4, X5 + PSHUFD $0xff, X0, X3 + PXOR X3, X2 + PXOR X5, X2 + + MOVAPS X0, X1 + SHUFPS $0x44, X0, X6 + MOVUPS X6, (BX) + SHUFPS $0x4e, X2, X1 + MOVUPS X1, 16(BX) + ADDQ $32, BX + RET + +TEXT _expand_key_192b<>(SB), NOSPLIT, $0 + PSHUFD $0x55, X1, X1 + SHUFPS $0x10, X0, X4 + PXOR X4, X0 + SHUFPS $0x8c, X0, X4 + PXOR X4, X0 + PXOR X1, X0 + + MOVAPS X2, X5 + PSLLDQ $0x4, X5 + PSHUFD $0xff, X0, X3 + PXOR X3, X2 + PXOR X5, X2 + + MOVUPS X0, (BX) + ADDQ $16, BX + RET + +TEXT _expand_key_256a<>(SB), NOSPLIT, $0 + JMP _expand_key_128<>(SB) + +TEXT _expand_key_256b<>(SB), NOSPLIT, $0 + PSHUFD $0xaa, X1, X1 + SHUFPS $0x10, X2, X4 + PXOR X4, X2 + SHUFPS $0x8c, X2, X4 + PXOR X4, X2 + PXOR X1, X2 + + MOVUPS X2, (BX) + ADDQ $16, BX + RET diff --git a/asm_arm64.s b/asm_arm64.s new file mode 100644 index 0000000..8d45adf --- /dev/null +++ b/asm_arm64.s @@ -0,0 +1,176 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build gc && !purego + +#include "textflag.h" + +DATA rotInvSRows<>+0x00(SB)/8, $0x080f0205040b0e01 +DATA rotInvSRows<>+0x08(SB)/8, $0x00070a0d0c030609 +GLOBL rotInvSRows<>(SB), (NOPTR+RODATA), $16 + +DATA invSRows<>+0x00(SB)/8, $0x0b0e0104070a0d00 +DATA invSRows<>+0x08(SB)/8, $0x0306090c0f020508 +GLOBL invSRows<>(SB), (NOPTR+RODATA), $16 + +// func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) +TEXT ·encryptBlockAsm(SB), NOSPLIT, $0 + MOVD nr+0(FP), R9 + MOVD xk+8(FP), R10 + MOVD dst+16(FP), R11 + MOVD src+24(FP), R12 + + VLD1 (R12), [V0.B16] + + CMP $12, R9 + BLT enc128 + BEQ enc196 + +enc256: + VLD1.P 32(R10), [V1.B16, V2.B16] + AESE V1.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V2.B16, V0.B16 + AESMC V0.B16, V0.B16 + +enc196: + VLD1.P 32(R10), [V3.B16, V4.B16] + AESE V3.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V4.B16, V0.B16 + AESMC V0.B16, V0.B16 + +enc128: + VLD1.P 64(R10), [V5.B16, V6.B16, V7.B16, V8.B16] + VLD1.P 64(R10), [V9.B16, V10.B16, V11.B16, V12.B16] + VLD1.P 48(R10), [V13.B16, V14.B16, V15.B16] + AESE V5.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V6.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V7.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V8.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V9.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V10.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V11.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V12.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V13.B16, V0.B16 + AESMC V0.B16, V0.B16 + AESE V14.B16, V0.B16 + VEOR V0.B16, V15.B16, V0.B16 + VST1 [V0.B16], (R11) + RET + +// func expandKeyAsm(nr int, key *byte, enc *uint32) +// Note that round keys are stored in uint128 format, not uint32 +TEXT ·expandKeyAsm(SB), NOSPLIT, $0 + MOVD nr+0(FP), R8 + MOVD key+8(FP), R9 + MOVD enc+16(FP), R10 + LDP rotInvSRows<>(SB), (R0, R1) + VMOV R0, V3.D[0] + VMOV R1, V3.D[1] + VEOR V0.B16, V0.B16, V0.B16 // All zeroes + MOVW $1, R13 + TBZ $1, R8, ks192 + TBNZ $2, R8, ks256 + LDPW (R9), (R4, R5) + LDPW 8(R9), (R6, R7) + STPW.P (R4, R5), 8(R10) + STPW.P (R6, R7), 8(R10) + MOVW $0x1b, R14 + +ks128Loop: + VMOV R7, V2.S[0] + VTBL V3.B16, [V2.B16], V2.B16 + AESE V0.B16, V2.B16 // Use AES to compute the SBOX + EORW R13, R4 + LSLW $1, R13 // Compute next Rcon + ANDSW $0x100, R13, ZR + CSELW NE, R14, R13, R13 // Fake modulo + SUBS $1, R8 + VMOV V2.S[0], R0 + EORW R0, R4 + EORW R4, R5 + EORW R5, R6 + EORW R6, R7 + STPW.P (R4, R5), 8(R10) + STPW.P (R6, R7), 8(R10) + BNE ks128Loop + B ksDone + +ks192: + LDPW (R9), (R2, R3) + LDPW 8(R9), (R4, R5) + LDPW 16(R9), (R6, R7) + STPW.P (R2, R3), 8(R10) + STPW.P (R4, R5), 8(R10) + SUB $4, R8 + +ks192Loop: + STPW.P (R6, R7), 8(R10) + VMOV R7, V2.S[0] + VTBL V3.B16, [V2.B16], V2.B16 + AESE V0.B16, V2.B16 + EORW R13, R2 + LSLW $1, R13 + SUBS $1, R8 + VMOV V2.S[0], R0 + EORW R0, R2 + EORW R2, R3 + EORW R3, R4 + EORW R4, R5 + EORW R5, R6 + EORW R6, R7 + STPW.P (R2, R3), 8(R10) + STPW.P (R4, R5), 8(R10) + BNE ks192Loop + B ksDone + +ks256: + LDP invSRows<>(SB), (R0, R1) + VMOV R0, V4.D[0] + VMOV R1, V4.D[1] + LDPW (R9), (R0, R1) + LDPW 8(R9), (R2, R3) + LDPW 16(R9), (R4, R5) + LDPW 24(R9), (R6, R7) + STPW.P (R0, R1), 8(R10) + STPW.P (R2, R3), 8(R10) + SUB $7, R8 + +ks256Loop: + STPW.P (R4, R5), 8(R10) + STPW.P (R6, R7), 8(R10) + VMOV R7, V2.S[0] + VTBL V3.B16, [V2.B16], V2.B16 + AESE V0.B16, V2.B16 + EORW R13, R0 + LSLW $1, R13 + SUBS $1, R8 + VMOV V2.S[0], R9 + EORW R9, R0 + EORW R0, R1 + EORW R1, R2 + EORW R2, R3 + VMOV R3, V2.S[0] + VTBL V4.B16, [V2.B16], V2.B16 + AESE V0.B16, V2.B16 + VMOV V2.S[0], R9 + EORW R9, R4 + EORW R4, R5 + EORW R5, R6 + EORW R6, R7 + STPW.P (R0, R1), 8(R10) + STPW.P (R2, R3), 8(R10) + BNE ks256Loop + +ksDone: + RET diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..1c3323a --- /dev/null +++ b/go.mod @@ -0,0 +1,7 @@ +module github.com/ericlagergren/siv + +go 1.17 + +require github.com/ericlagergren/polyval v0.0.0-20220411101811-e25bc10ba391 + +require golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..8b5c260 --- /dev/null +++ b/go.sum @@ -0,0 +1,420 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= +github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= +github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= +github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/ericlagergren/polyval v0.0.0-20220411101811-e25bc10ba391 h1:8j2RH289RJplhA6WfdaPqzg1MjH2K8wX5e0uhAxrw2g= +github.com/ericlagergren/polyval v0.0.0-20220411101811-e25bc10ba391/go.mod h1:K2R7GhgxrlJzHw2qiPWsCZXf/kXEJN9PLnQK73Ll0po= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= +github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= +github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= +github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= +github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= +github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= +github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= +github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= +github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= +github.com/rs/zerolog v1.21.0/go.mod h1:ZPhntP/xmq1nnND05hhpAh2QMhSsA4UN3MGZ6O2J3hM= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= +go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= +go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= +go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= +go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= +go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= +go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= +go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4= +golang.org/x/exp v0.0.0-20220128181451-c853b6ddb95e h1:FmsvSkPHPBTboKvYBUtHbHvkQGxq+XSrqPXKDQf2W3s= +golang.org/x/exp v0.0.0-20220128181451-c853b6ddb95e/go.mod h1:M50CtfS+xv2iy/epuEazynj250ScQ0/DOjcsin9UE8k= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f h1:8w7RhxzTVgUzw/AH/9mUV5q0vMgy40SQRursCcfmkCw= +golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/internal/subtle/subtle.go b/internal/subtle/subtle.go new file mode 100644 index 0000000..f2295ea --- /dev/null +++ b/internal/subtle/subtle.go @@ -0,0 +1,52 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package subtle implements functions that are often useful in cryptographic +// code but require careful thought to use correctly. +package subtle + +import ( + "crypto/subtle" + "unsafe" +) + +// SliceForAppend takes a slice and a requested number of bytes. It returns a +// slice with the contents of the given slice followed by that many bytes and a +// second slice that aliases into it and contains only the extra bytes. If the +// original slice has sufficient capacity then no allocation is performed. +func SliceForAppend(in []byte, n int) (head, tail []byte) { + if total := len(in) + n; cap(in) >= total { + head = in[:total] + } else { + head = make([]byte, total) + copy(head, in) + } + tail = head[len(in):] + return +} + +// AnyOverlap reports whether x and y share memory at any (not necessarily +// corresponding) index. The memory beyond the slice length is ignored. +func AnyOverlap(x, y []byte) bool { + return len(x) > 0 && len(y) > 0 && + uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && + uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) +} + +// InexactOverlap reports whether x and y share memory at any non-corresponding +// index. The memory beyond the slice length is ignored. Note that x and y can +// have different lengths and still not have any inexact overlap. +// +// InexactOverlap can be used to implement the requirements of the crypto/cipher +// AEAD, Block, BlockMode and Stream interfaces. +func InexactOverlap(x, y []byte) bool { + if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { + return false + } + return AnyOverlap(x, y) +} + +func ConstantTimeCompare(x, y []byte) int { + return subtle.ConstantTimeCompare(x, y) +} diff --git a/siv.go b/siv.go new file mode 100644 index 0000000..3c5ce59 --- /dev/null +++ b/siv.go @@ -0,0 +1,279 @@ +// Package siv implements AES-GCM-SIV per RFC 8452. +// +// [rfc8452]: https://datatracker.ietf.org/doc/html/rfc8452 +package siv + +import ( + "crypto/aes" + "crypto/cipher" + "encoding/binary" + "errors" + "runtime" + "strconv" + + "github.com/ericlagergren/polyval" + "github.com/ericlagergren/siv/internal/subtle" + "golang.org/x/sys/cpu" +) + +// SSA: go build -v -gcflags='-m -m -d=ssa/opt/debug=1' &> ssa.txt + +var errOpen = errors.New("siv: message authentication failure") + +var haveAsm = runtime.GOOS == "darwin" || + cpu.ARM64.HasAES || + cpu.X86.HasAES + +const ( + // NonceSize is the size in bytes of an AES-GCM-SIV nonce. + NonceSize = 12 + // TagSize is the size in bytes of an AES-GCM-SIV + // authentication tag. + TagSize = 16 + // MaxPlaintextSize is the size in bytes of the largest + // allowed plaintext. + MaxPlaintextSize = 1 << 36 + // MaxAdditionalDataSize is the size in bytes of the largest + // allowed additional authenticated data. + MaxAdditionalDataSize = 1 << 36 + + maxCiphertextSize = MaxPlaintextSize + TagSize + blockSize = aes.BlockSize +) + +// NewGCM creates an instance of AES-GCM-SIV. +// +// The key must be either 16 bytes for 128-bit AES-GCM-SIV or 32 +// bytes for 256-bit AES-GCM-SIV. All other lengths are an error. +func NewGCM(key []byte) (cipher.AEAD, error) { + switch len(key) { + case 16, 32: + return &aead{key: dup(key)}, nil + default: + return nil, aes.KeySizeError(len(key)) + } +} + +func dup(x []byte) []byte { + r := make([]byte, len(x)) + copy(r, x) + return r +} + +type aead struct { + key []byte +} + +var _ cipher.AEAD = (*aead)(nil) + +func (aead) NonceSize() int { + return NonceSize +} + +func (aead) Overhead() int { + return TagSize +} + +func (a *aead) Seal(dst, nonce, plaintext, additionalData []byte) []byte { + if uint64(len(plaintext)) > MaxPlaintextSize { + panic("siv: plaintext too large: " + strconv.Itoa(len(plaintext))) + } + if len(nonce) != NonceSize { + panic("siv: invalid nonce length: " + strconv.Itoa(len(nonce))) + } + if uint64(len(additionalData)) > MaxAdditionalDataSize { + panic("siv: additional data too large: " + strconv.Itoa(len(additionalData))) + } + + ret, out := subtle.SliceForAppend(dst, len(plaintext)+TagSize) + if subtle.InexactOverlap(out, plaintext) { + panic("siv: invalid buffer overlap") + } + a.seal(out, nonce, plaintext, additionalData) + return ret +} + +func (a *aead) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { + if len(nonce) != NonceSize { + panic("siv: invalid nonce length: " + strconv.Itoa(len(nonce))) + } + if len(ciphertext) < TagSize || + uint64(len(ciphertext)) > maxCiphertextSize || + uint64(len(additionalData)) > MaxAdditionalDataSize { + return nil, errOpen + } + + tag := ciphertext[len(ciphertext)-TagSize:] + ciphertext = ciphertext[:len(ciphertext)-TagSize] + + ret, out := subtle.SliceForAppend(dst, len(ciphertext)) + if subtle.InexactOverlap(out, ciphertext) { + panic("siv: invalid buffer overlap") + } + ok := a.open(out, nonce, ciphertext, tag, additionalData) + if !ok { + wipe(out) + return nil, errOpen + } + return ret, nil +} + +func (a *aead) sealGeneric(out, nonce, plaintext, additionalData []byte) { + var authKey [24]byte + var encKey [40]byte + deriveKeysGeneric(&authKey, &encKey, a.key, nonce) + + b, _ := aes.NewCipher(encKey[:len(a.key)]) + tag := out[len(out)-TagSize:] + authGeneric(tag, b, authKey[:16], nonce, plaintext, additionalData) + aesctrGeneric(b, tag, out[:len(out)-TagSize], plaintext) +} + +func (a *aead) openGeneric(out, nonce, ciphertext, tag, additionalData []byte) bool { + var authKey [24]byte + var encKey [40]byte + deriveKeysGeneric(&authKey, &encKey, a.key, nonce) + + b, _ := aes.NewCipher(encKey[:len(a.key)]) + aesctrGeneric(b, tag, out, ciphertext) + + wantTag := make([]byte, TagSize) + authGeneric(wantTag, b, authKey[:16], nonce, out, additionalData) + + return subtle.ConstantTimeCompare(tag, wantTag) == 1 +} + +// authGeneric writes the authentication tag to tag. +func authGeneric(tag []byte, b cipher.Block, authKey, nonce, plaintext, additionalData []byte) { + length := make([]byte, 16) + binary.LittleEndian.PutUint64(length[0:8], uint64(len(additionalData))*8) + binary.LittleEndian.PutUint64(length[8:16], uint64(len(plaintext))*8) + + p, err := polyval.New(authKey) + if err != nil { + panic(err) + } + padS(p, additionalData) + padS(p, plaintext) + p.Update(length) + p.Sum(tag[:0]) + for i := range nonce { + tag[i] ^= nonce[i] + } + tag[15] &= 0x7f + b.Encrypt(tag, tag) +} + +func padS(p *polyval.Polyval, src []byte) { + if len(src) >= 16 { + n := len(src) &^ (16 - 1) + p.Update(src[:n]) + src = src[n:] + } + if len(src) > 0 { + dst := make([]byte, 16) + copy(dst, src) + p.Update(dst) + } +} + +// deriveKeysGeneric derives the authentication and encryption +// keys from keyGenKey and nonce and writes them to authKey and +// encKey. +func deriveKeysGeneric(authKey *[24]byte, encKey *[40]byte, keyGenKey, nonce []byte) { + src := make([]byte, 16) + copy(src[4:], nonce) + + b, _ := aes.NewCipher(keyGenKey) + + // message_authentication_key = + // AES(key = key_generating_key, + // block = little_endian_uint32(0) ++ nonce + // )[:8] ++ + // AES(key = key_generating_key, + // block = little_endian_uint32(1) ++ nonce + // )[:8] + binary.LittleEndian.PutUint32(src, 0) + b.Encrypt(authKey[0:16], src) + + binary.LittleEndian.PutUint32(src, 1) + b.Encrypt(authKey[8:24], src) + + // messasge_encryption_key = + // AES(key = key_generating_key, + // block = little_endian_uint32(2) ++ nonce + // )[:8] ++ + // AES(key = key_generating_key, + // block = little_endian_uint32(3) ++ nonce + // )[:8] + binary.LittleEndian.PutUint32(src, 2) + b.Encrypt(encKey[0:16], src) + + binary.LittleEndian.PutUint32(src, 3) + b.Encrypt(encKey[8:24], src) + + // if bytelen(key_generating_key) == 32 { + // message_encryption_key = + // AES(key = key_generating_key, + // block = little_endian_uint32(4) ++ nonce + // )[:8] ++ + // AES(key = key_generating_key, + // block = little_endian_uint32(5) ++ nonce + // )[:8] + // } + if len(keyGenKey) == 32 { + binary.LittleEndian.PutUint32(src, 4) + b.Encrypt(encKey[16:32], src) + + binary.LittleEndian.PutUint32(src, 5) + b.Encrypt(encKey[24:40], src) + } +} + +func aesctrGeneric(b cipher.Block, tag, dst, src []byte) { + var block [blockSize]byte + copy(block[:], tag) + block[15] |= 0x80 + + ctr := binary.LittleEndian.Uint32(block[0:4]) + var ks [blockSize]byte + for len(src) >= blockSize && len(dst) >= blockSize { + b.Encrypt(ks[:], block[:]) + ctr++ + binary.LittleEndian.PutUint32(block[0:4], ctr) + xorBlock((*[blockSize]byte)(dst), (*[blockSize]byte)(src), &ks) + dst = dst[blockSize:] + src = src[blockSize:] + } + + if len(src) > 0 { + b.Encrypt(ks[:], block[:]) + xor(dst, src, ks[:], len(src)) + } +} + +// xorBlocks sets z = x^y. +func xorBlock(z, x, y *[blockSize]byte) { + x0 := binary.LittleEndian.Uint64(x[0:]) + x1 := binary.LittleEndian.Uint64(x[8:]) + y0 := binary.LittleEndian.Uint64(y[0:]) + y1 := binary.LittleEndian.Uint64(y[8:]) + binary.LittleEndian.PutUint64(z[0:], x0^y0) + binary.LittleEndian.PutUint64(z[8:], x1^y1) +} + +// xor sets z = x^y for up to n bytes. +func xor(z, x, y []byte, n int) { + // This loop condition prevents needless bounds checks. + for i := 0; i < n && i < len(z) && i < len(x) && i < len(y); i++ { + z[i] = x[i] ^ y[i] + } +} + +//go:noinline +func wipe(p []byte) { + for i := range p { + p[i] = 0 + } + runtime.KeepAlive(p) +} diff --git a/siv_asm.go b/siv_asm.go new file mode 100644 index 0000000..01a1f4e --- /dev/null +++ b/siv_asm.go @@ -0,0 +1,179 @@ +//go:build (amd64 || arm64) && gc && !purego + +package siv + +import ( + "encoding/binary" + + "github.com/ericlagergren/polyval" + "github.com/ericlagergren/siv/internal/subtle" +) + +const ( + // maxEncSize is the maximum number of uint32s used in the + // AES round key expansion. + maxEncSize = 32 + 28 +) + +func (a *aead) seal(out, nonce, plaintext, additionalData []byte) { + if !haveAsm { + a.sealGeneric(out, nonce, plaintext, additionalData) + return + } + + var encKey [40]byte + var authKey [24]byte + deriveKeys(&authKey, &encKey, a.key, nonce) + + nr := 6 + len(a.key)/4 + var enc [maxEncSize]uint32 + expandKeyAsm(nr, &encKey[0], &enc[0]) + + tag := (*[TagSize]byte)(out[len(out)-TagSize:]) + sum(tag, authKey[:16], nonce, plaintext, additionalData) + encryptBlockAsm(nr, &enc[0], &tag[0], &tag[0]) + + block := *tag + block[15] |= 0x80 + aesctr(nr, &enc[0], &block, out, plaintext) +} + +func (a *aead) open(out, nonce, ciphertext, tag, additionalData []byte) bool { + if !haveAsm { + return a.openGeneric(out, nonce, ciphertext, tag, additionalData) + } + + var encKey [40]byte + var authKey [24]byte + deriveKeys(&authKey, &encKey, a.key, nonce) + + nr := 6 + len(a.key)/4 + var enc [maxEncSize]uint32 + expandKeyAsm(nr, &encKey[0], &enc[0]) + + var block [TagSize]byte + copy(block[:], tag) + block[15] |= 0x80 + aesctr(nr, &enc[0], &block, out, ciphertext) + + var wantTag [TagSize]byte + sum(&wantTag, authKey[:16], nonce, out, additionalData) + encryptBlockAsm(nr, &enc[0], &wantTag[0], &wantTag[0]) + + return subtle.ConstantTimeCompare(tag, wantTag[:]) == 1 +} + +func deriveKeys(authKey *[24]byte, encKey *[40]byte, keyGenKey, nonce []byte) { + src := make([]byte, 16) + copy(src[4:], nonce) + + nr := 6 + len(keyGenKey)/4 + var enc [maxEncSize]uint32 + expandKeyAsm(nr, &keyGenKey[0], &enc[0]) + + // message_authentication_key = + // AES(key = key_generating_key, + // block = little_endian_uint32(0) ++ nonce + // )[:8] ++ + // AES(key = key_generating_key, + // block = little_endian_uint32(1) ++ nonce + // )[:8] + binary.LittleEndian.PutUint32(src, 0) + encryptBlockAsm(nr, &enc[0], &authKey[0], &src[0]) + + binary.LittleEndian.PutUint32(src, 1) + encryptBlockAsm(nr, &enc[0], &authKey[8], &src[0]) + + // messasge_encryption_key = + // AES(key = key_generating_key, + // block = little_endian_uint32(2) ++ nonce + // )[:8] ++ + // AES(key = key_generating_key, + // block = little_endian_uint32(3) ++ nonce + // )[:8] + binary.LittleEndian.PutUint32(src, 2) + encryptBlockAsm(nr, &enc[0], &encKey[0], &src[0]) + + binary.LittleEndian.PutUint32(src, 3) + encryptBlockAsm(nr, &enc[0], &encKey[8], &src[0]) + + // if bytelen(key_generating_key) == 32 { + // message_encryption_key = + // AES(key = key_generating_key, + // block = little_endian_uint32(4) ++ nonce + // )[:8] ++ + // AES(key = key_generating_key, + // block = little_endian_uint32(5) ++ nonce + // )[:8] + // } + if len(keyGenKey) == 32 { + binary.LittleEndian.PutUint32(src, 4) + encryptBlockAsm(nr, &enc[0], &encKey[16], &src[0]) + + binary.LittleEndian.PutUint32(src, 5) + encryptBlockAsm(nr, &enc[0], &encKey[24], &src[0]) + } +} + +func sum(tag *[TagSize]byte, authKey, nonce, plaintext, additionalData []byte) { + length := make([]byte, 16) + binary.LittleEndian.PutUint64(length[0:8], uint64(len(additionalData))*8) + binary.LittleEndian.PutUint64(length[8:16], uint64(len(plaintext))*8) + + var p polyval.Polyval + if err := p.Init(authKey); err != nil { + panic(err) + } + + // Additional data + if len(additionalData) >= 16 { + n := len(additionalData) &^ (16 - 1) + p.Update(additionalData[:n]) + additionalData = additionalData[n:] + } + if len(additionalData) > 0 { + dst := make([]byte, 16) + copy(dst, additionalData) + p.Update(dst) + } + + // Plaintext + if len(plaintext) >= 16 { + n := len(plaintext) &^ (16 - 1) + p.Update(plaintext[:n]) + plaintext = plaintext[n:] + } + if len(plaintext) > 0 { + dst := make([]byte, 16) + copy(dst, plaintext) + p.Update(dst) + } + + // Length + p.Update(length) + + p.Sum(tag[:0]) + for i := range nonce { + tag[i] ^= nonce[i] + } + tag[15] &= 0x7f +} + +func aesctr(nr int, enc *uint32, block *[TagSize]byte, dst, src []byte) { + ctr := binary.LittleEndian.Uint32(block[0:4]) + + var ks [blockSize]byte + for len(src) >= blockSize && len(dst) >= blockSize { + encryptBlockAsm(nr, enc, &ks[0], &block[0]) + ctr++ + binary.LittleEndian.PutUint32(block[0:4], ctr) + xorBlock((*[blockSize]byte)(dst), (*[blockSize]byte)(src), &ks) + dst = dst[blockSize:] + src = src[blockSize:] + } + + if len(src) > 0 { + encryptBlockAsm(nr, enc, &ks[0], &block[0]) + xor(dst, src, ks[:], len(src)) + } +} diff --git a/siv_noasm.go b/siv_noasm.go new file mode 100644 index 0000000..50045ee --- /dev/null +++ b/siv_noasm.go @@ -0,0 +1,15 @@ +//go:build !(amd64 || arm64) || !gc || purego + +package siv + +func (a *aead) seal(out, nonce, plaintext, additionalData []byte) { + a.sealGeneric(out, nonce, plaintext, additionalData) +} + +func (a *aead) open(out, nonce, ciphertext, tag, additionalData []byte) bool { + return a.openGeneric(out, nonce, ciphertext, tag, additionalData) +} + +func deriveKeys(authKey *[24]byte, encKey *[40]byte, keyGenKey, nonce []byte) { + deriveKeysGeneric(authKey, encKey, keyGenKey, nonce) +} diff --git a/siv_test.go b/siv_test.go new file mode 100644 index 0000000..06f942c --- /dev/null +++ b/siv_test.go @@ -0,0 +1,480 @@ +package siv + +import ( + "bufio" + "bytes" + "crypto/aes" + "crypto/cipher" + "encoding" + "encoding/hex" + "encoding/json" + "errors" + "fmt" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/ericlagergren/siv/internal/subtle" +) + +func disableAsm(t *testing.T) { + old := haveAsm + haveAsm = false + t.Cleanup(func() { + haveAsm = old + }) +} + +// loadVectors reads test vectors from testdata/nameinto v. +func loadVectors(t *testing.T, v interface{}, name string) { + buf, err := os.ReadFile(filepath.Join("testdata", name)) + if err != nil { + t.Fatalf("unable to read test vectors: %v", err) + } + if err := json.Unmarshal(buf, v); err != nil { + t.Fatalf("unable to parse test vectors: %v", err) + } +} + +// hexStr decodes hexadecimal string into a byte slice. +type hexStr []byte + +var _ encoding.TextUnmarshaler = (*hexStr)(nil) + +func (h *hexStr) UnmarshalText(text []byte) error { + ret, out := subtle.SliceForAppend(*h, hex.DecodedLen(len(text))) + _, err := hex.Decode(out, text) + if err != nil { + return err + } + *h = ret + return nil +} + +// Vector is a Project Wycheproof "AeadTestVector". +type Vector struct { + // ID is the test case identifier. + // + // The triple (file name, version, identifier) uniquely + // identify a test. + ID int `json:"tcId,omitempty"` + // Comment is a brief description of the test case. + Comment string `json:"comment,omitempty"` + // Flags are a list of flags that apply to the test case. + Flags []string `json:"flags,omitempty"` + // Key is the AEAD key. + Key hexStr `json:"key,omitempty"` + // Nonce is the nonce. + Nonce hexStr `json:"iv,omitempty"` + // Plaintext is the plaintext. + Plaintext hexStr `json:"msg,omitempty"` + // AdditionalData is the additional authenticated data. + AdditionalData hexStr `json:"aad,omitempty"` + // Ciphertext is the ciphertext sans nonce and tag. + Ciphertext hexStr `json:"ct,omitempty"` + // Tag is the authentication tag. + Tag hexStr `json:"tag,omitempty"` + // Result is either "valid" or "invalid". + Result string `json:"result,omitempty"` +} + +// Group is a Project Wycheproof "AeadTestGroup". +type Group struct { + // IVSize is the size in bits of the IV. + IVSize int `json:"ivSize,omitempty"` + // KeySize is the size in bits of the key. + KeySize int `json:"keySize,omitempty"` + // TagSize is the size in bits of the expected tag. + TagSize int `json:"tagSize,omitempty"` + // Type is always "AeadTest". + Type string `json:"type,omitempty"` + // Vector sis the set of test vectors. + Vectors []Vector `json:"tests,omitempty"` +} + +// Test is a Project Wycheproof "Test". +type Test struct { + // Algorithm is the primitive tested in the file. + Algorithm string `json:"algorithm,omitempty"` + // Version is the test vector version in + // major.minor[release candidate] format. + Version string `json:"generatorVersion,omitempty"` + // Header is additional documentation. + Header []string `json:"header,omitempty"` + // Notes is a description of the labels used in the test + // vectors. + Notes map[string]string `json:"notes,omitempty"` + // NumberOfTests is the number of test vectors. + NumberOfTests int `json:"numberOfTests,omitempty"` + // Schema is the file name of the JSON schema that + // defines the test vectors. + Schema string `json:"schema,omitempty"` + // Groups is the list of test groups, each with a set of + // test vectors. + Groups []Group `json:"testGroups,omitempty"` +} + +// TestWychepprof tests Project Wycheproof's AES-GCM-SIV test +// vectors from "aes_gcm_siv_test.json" version 0.8r12. +// +// The test vectors include the test vectors from [rfc8452]. +func TestWycheproof(t *testing.T) { + var v Test + loadVectors(t, &v, "aes_gcm_siv_test.json") + + if haveAsm { + t.Run("assembly", func(t *testing.T) { + disableAsm(t) + testWycheproof(t, v) + }) + } + t.Run("generic", func(t *testing.T) { + disableAsm(t) + testWycheproof(t, v) + }) +} + +func testWycheproof(t *testing.T, v Test) { + for _, g := range v.Groups { + name := fmt.Sprintf("key=%d", g.KeySize) + t.Run(name, func(t *testing.T) { + for _, tc := range g.Vectors { + aead, err := NewGCM(tc.Key) + if err != nil { + t.Fatalf("#%d: %v", tc.ID, err) + } + + // Seal returns ciphertext || tag, but + // tc.Ciphertext does not contain the tag. + var ctAndTag []byte + ctAndTag = append(ctAndTag, tc.Ciphertext...) + ctAndTag = append(ctAndTag, tc.Tag...) + + plaintext, err := aead.Open(nil, tc.Nonce, ctAndTag, tc.AdditionalData) + switch valid := tc.Result == "valid"; { + // Test vector expected success but we returned + // an error. + case valid && err != nil: + t.Fatalf("#%d: %v", tc.ID, err) + // Test vector expected a failure and we returned + // something other than a "authentication + // failure" error. + case !valid && !errors.Is(err, errOpen): + t.Fatalf("#%d: unexpected error: %v", tc.ID, err) + // If this is a negative test then there isn't + // any point to checking the plaintext. + case !valid: + continue + } + if !bytes.Equal(plaintext, tc.Plaintext) { + t.Fatalf("#%d: expected %x, got %x", tc.ID, tc.Plaintext, plaintext) + } + + ciphertext := aead.Seal(nil, tc.Nonce, tc.Plaintext, tc.AdditionalData) + if !bytes.Equal(ciphertext, ctAndTag) { + t.Fatalf("#%d: expected %x, got %x", tc.ID, ctAndTag, ciphertext) + } + + tag := ciphertext[len(ciphertext)-aead.Overhead():] + if !bytes.Equal(tag, tc.Tag) { + t.Fatalf("#%d: expected %x, got %x", tc.ID, tc.Tag, tag) + } + } + }) + } +} + +// testVector is an [rfc8452] test vector. +type testVector struct { + plaintext []byte + aad []byte + key []byte + nonce []byte + authKey []byte + encKey []byte + pvInput []byte + pvResult []byte + pvResultXORNonce []byte + pvResultXORNonceMasked []byte + tag []byte + ctr []byte + result []byte +} + +// parseVectors parses test vectors from [rfc8452]. +func parseVectors(t *testing.T, name string) []testVector { + buf, err := os.ReadFile(filepath.Join("testdata", name)) + if err != nil { + t.Fatalf("unable to load test vectors: %v", err) + } + + // f is a pointer to the current field. + var f *[]byte + // b is the current field being buffered. + var b strings.Builder + var vecs []testVector + + s := bufio.NewScanner(bytes.NewReader(buf)) + for s.Scan() { + line := strings.TrimSpace(s.Text()) + if line == "" { + continue + } + + i := strings.IndexByte(line, '=') + if i < 0 { + b.WriteString(line) + continue + } + + if f != nil { + *f = unhex(t, b.String()) + b.Reset() + f = nil + } + + key := strings.TrimSpace(line[:i]) + if j := strings.Index(key, " ("); j >= 0 { + key = key[:j] + } + b.WriteString(strings.TrimSpace(line[i+1:])) + + switch key { + case "Plaintext": + vecs = append(vecs, testVector{}) + f = &vecs[len(vecs)-1].plaintext + case "AAD": + f = &vecs[len(vecs)-1].aad + case "Key": + f = &vecs[len(vecs)-1].key + case "Nonce": + f = &vecs[len(vecs)-1].nonce + case "Record authentication key": + f = &vecs[len(vecs)-1].authKey + case "Record encryption key": + f = &vecs[len(vecs)-1].encKey + case "POLYVAL input": + f = &vecs[len(vecs)-1].pvInput + case "POLYVAL result": + f = &vecs[len(vecs)-1].pvResult + case "POLYVAL result XOR nonce": + f = &vecs[len(vecs)-1].pvResultXORNonce + case "... and masked": + f = &vecs[len(vecs)-1].pvResultXORNonceMasked + case "Tag": + f = &vecs[len(vecs)-1].tag + case "Initial counter": + f = &vecs[len(vecs)-1].ctr + case "Result": + f = &vecs[len(vecs)-1].result + default: + t.Fatalf("unknown field: %q (%q)", key, s.Text()) + } + } + if err := s.Err(); err != nil { + t.Fatalf("unable to parse vectors: %v", err) + } + + if f != nil { + *f = unhex(t, b.String()) + b.Reset() + f = nil + } + return vecs +} + +func unhex(t *testing.T, s string) []byte { + p, err := hex.DecodeString(s) + if err != nil { + t.Fatalf("unable to decode hex: %q", s) + } + return p +} + +// TestRFC tests the test vectors from [rfc8452]. +func TestRFC(t *testing.T) { + if haveAsm { + t.Run("assembly", func(t *testing.T) { + disableAsm(t) + testRFCs(t) + }) + } + t.Run("generic", func(t *testing.T) { + disableAsm(t) + testRFCs(t) + }) +} + +func testRFCs(t *testing.T) { + for _, name := range []string{ + "rfc8452_128.txt", + "rfc8452_256.txt", + "rfc8452_256_wrap.txt", + } { + t.Run(name, func(t *testing.T) { + for i, tc := range parseVectors(t, name) { + testRFC(t, i, tc) + } + }) + } +} + +func testRFC(t *testing.T, i int, tc testVector) { + // Internal state. + { + var authKey [24]byte + var encKey [40]byte + deriveKeys(&authKey, &encKey, tc.key, tc.nonce) + if !bytes.Equal(authKey[:16], tc.authKey) { + t.Fatalf("#%d: expected %x, got %x", i, tc.authKey, authKey[:16]) + } + if !bytes.Equal(encKey[:len(tc.encKey)], tc.encKey) { + t.Fatalf("#%d: expected %x, got %x", i, tc.encKey, encKey[:len(tc.encKey)]) + } + } + + // Public API. + { + aead, err := NewGCM(tc.key) + if err != nil { + t.Fatalf("#%d: %v", i, err) + } + + ciphertext := aead.Seal(nil, tc.nonce, tc.plaintext, tc.aad) + if !bytes.Equal(ciphertext, tc.result) { + t.Fatalf("#%d: expected %x, got %x", i, tc.result, ciphertext) + } + + tag := ciphertext[len(ciphertext)-aead.Overhead():] + if !bytes.Equal(tag, tc.tag) { + t.Fatalf("#%d: expected %x, got %x", i, tc.tag, tag) + } + + plaintext, err := aead.Open(nil, tc.nonce, ciphertext, tc.aad) + if err != nil { + t.Fatalf("#%d: %v", i, err) + } + if !bytes.Equal(plaintext, tc.plaintext) { + t.Fatalf("#%d: expected %x, got %x", i, tc.plaintext, plaintext) + } + } +} + +// AES-GCM-SIV + +func BenchmarkSeal1K_AES_GCM_SIV_128(b *testing.B) { + benchmarkSeal(b, NewGCM, 16, make([]byte, 1024)) +} + +func BenchmarkOpen1K_AES_GCM_SIV_128(b *testing.B) { + benchmarkOpen(b, NewGCM, 16, make([]byte, 1024)) +} + +func BenchmarkSeal8K_AES_GCM_SIV_128(b *testing.B) { + benchmarkSeal(b, NewGCM, 16, make([]byte, 8*1024)) +} + +func BenchmarkOpen8K_AES_GCM_SIV_128(b *testing.B) { + benchmarkOpen(b, NewGCM, 16, make([]byte, 8*1024)) +} + +func BenchmarkSeal1K_AES_GCM_SIV_256(b *testing.B) { + benchmarkSeal(b, NewGCM, 32, make([]byte, 1024)) +} + +func BenchmarkOpen1K_AES_GCM_SIV_256(b *testing.B) { + benchmarkOpen(b, NewGCM, 32, make([]byte, 1024)) +} + +func BenchmarkSeal8K_AES_GCM_SIV_256(b *testing.B) { + benchmarkSeal(b, NewGCM, 32, make([]byte, 8*1024)) +} + +func BenchmarkOpen8K_AES_GCM_SIV_256(b *testing.B) { + benchmarkOpen(b, NewGCM, 32, make([]byte, 8*1024)) +} + +// AES-GCM + +func newAESGCM(key []byte) (cipher.AEAD, error) { + b, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + return cipher.NewGCM(b) +} + +func BenchmarkSeal1K_AES_GCM_128(b *testing.B) { + benchmarkSeal(b, newAESGCM, 16, make([]byte, 1024)) +} + +func BenchmarkOpen1K_AES_GCM_128(b *testing.B) { + benchmarkOpen(b, newAESGCM, 16, make([]byte, 1024)) +} + +func BenchmarkSeal8K_AES_GCM_128(b *testing.B) { + benchmarkSeal(b, newAESGCM, 16, make([]byte, 8*1024)) +} + +func BenchmarkOpen8K_AES_GCM_128(b *testing.B) { + benchmarkOpen(b, newAESGCM, 16, make([]byte, 8*1024)) +} + +func BenchmarkSeal1K_AES_GCM_256(b *testing.B) { + benchmarkSeal(b, newAESGCM, 32, make([]byte, 1024)) +} + +func BenchmarkOpen1K_AES_GCM_256(b *testing.B) { + benchmarkOpen(b, newAESGCM, 32, make([]byte, 1024)) +} + +func BenchmarkSeal8K_AES_GCM_256(b *testing.B) { + benchmarkSeal(b, newAESGCM, 32, make([]byte, 8*1024)) +} + +func BenchmarkOpen8K_AES_GCM_256(b *testing.B) { + benchmarkOpen(b, newAESGCM, 32, make([]byte, 8*1024)) +} + +type newFunc func([]byte) (cipher.AEAD, error) + +func benchmarkSeal(b *testing.B, fn newFunc, keySize int, buf []byte) { + b.SetBytes(int64(len(buf))) + + key := make([]byte, keySize) + nonce := make([]byte, NonceSize) + ad := make([]byte, 13) + aead, err := fn(key) + if err != nil { + b.Fatal(err) + } + var out []byte + + b.ResetTimer() + for i := 0; i < b.N; i++ { + out = aead.Seal(out[:0], nonce, buf, ad) + } +} + +func benchmarkOpen(b *testing.B, fn newFunc, keySize int, buf []byte) { + b.SetBytes(int64(len(buf))) + + key := make([]byte, keySize) + nonce := make([]byte, NonceSize) + ad := make([]byte, 13) + aead, err := fn(key) + if err != nil { + b.Fatal(err) + } + var out []byte + out = aead.Seal(out[:0], nonce, buf, ad) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + _, err := aead.Open(buf[:0], nonce, out, ad) + if err != nil { + b.Errorf("Open: %v", err) + } + } +} diff --git a/stub_amd64.go b/stub_amd64.go new file mode 100644 index 0000000..b118870 --- /dev/null +++ b/stub_amd64.go @@ -0,0 +1,9 @@ +//go:build gc && !purego + +package siv + +//go:noescape +func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) + +//go:noescape +func expandKeyAsm(nr int, key *byte, enc *uint32) diff --git a/stub_arm64.go b/stub_arm64.go new file mode 100644 index 0000000..b118870 --- /dev/null +++ b/stub_arm64.go @@ -0,0 +1,9 @@ +//go:build gc && !purego + +package siv + +//go:noescape +func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) + +//go:noescape +func expandKeyAsm(nr int, key *byte, enc *uint32) diff --git a/testdata/aes_gcm_siv_test.json b/testdata/aes_gcm_siv_test.json new file mode 100644 index 0000000..03417d8 --- /dev/null +++ b/testdata/aes_gcm_siv_test.json @@ -0,0 +1,1912 @@ +{ + "algorithm" : "AES-GCM-SIV", + "generatorVersion" : "0.8r12", + "numberOfTests" : 155, + "header" : [ + "Test vectors of type AeadTest test authenticated encryption with", + "additional data. The test vectors are intended for testing both", + "encryption and decryption." + ], + "notes" : { + "ConstructedIv" : "The counter for AES-GCM-SIV is reduced modulo 2**32. This test vector was constructed to test for correct wrapping of the counter." + }, + "schema" : "aead_test_schema.json", + "testGroups" : [ + { + "ivSize" : 96, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 1, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "dc20e2d83f25705bb49e439eca56de25", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "0100000000000000", + "ct" : "b5d839330ac7b786", + "tag" : "578782fff6013b815b287c22493a364c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 3, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "010000000000000000000000", + "ct" : "7323ea61d05932260047d942", + "tag" : "a4978db357391a0bc4fdec8b0d106639", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "01000000000000000000000000000000", + "ct" : "743f7c8077ab25f8624e2e948579cf77", + "tag" : "303aaf90f6fe21199c6068577437a0c4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 5, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "0100000000000000000000000000000002000000000000000000000000000000", + "ct" : "84e07e62ba83a6585417245d7ec413a9fe427d6315c09b57ce45f2e3936a9445", + "tag" : "1a8e45dcd4578c667cd86847bf6155ff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 6, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "010000000000000000000000000000000200000000000000000000000000000003000000000000000000000000000000", + "ct" : "3fd24ce1f5a67b75bf2351f181a475c7b800a5b4d3dcf70106b1eea82fa1d64df42bf7226122fa92e17a40eeaac1201b", + "tag" : "5e6e311dbf395d35b0fe39c2714388f8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "01000000000000000000000000000000020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000", + "ct" : "2433668f1058190f6d43e360f4f35cd8e475127cfca7028ea8ab5c20f7ab2af02516a2bdcbc08d521be37ff28c152bba36697f25b4cd169c6590d1dd39566d3f", + "tag" : "8a263dd317aa88d56bdf3936dba75bb8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "0200000000000000", + "ct" : "1e6daba35669f427", + "tag" : "3b0a1a2560969cdf790d99759abd1508", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "020000000000000000000000", + "ct" : "296c7889fd99f41917f44620", + "tag" : "08299c5102745aaa3a0c469fad9e075a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 10, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "02000000000000000000000000000000", + "ct" : "e2b0c5da79a901c1745f700525cb335b", + "tag" : "8f8936ec039e4e4bb97ebd8c4457441f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 11, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "0200000000000000000000000000000003000000000000000000000000000000", + "ct" : "620048ef3c1e73e57e02bb8562c416a319e73e4caac8e96a1ecb2933145a1d71", + "tag" : "e6af6a7f87287da059a71684ed3498e1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 12, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000", + "ct" : "50c8303ea93925d64090d07bd109dfd9515a5a33431019c17d93465999a8b0053201d723120a8562b838cdff25bf9d1e", + "tag" : "6a8cc3865f76897c2e4b245cf31c51f2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 13, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "02000000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000005000000000000000000000000000000", + "ct" : "2f5c64059db55ee0fb847ed513003746aca4e61c711b5de2e7a77ffd02da42feec601910d3467bb8b36ebbaebce5fba30d36c95f48a3e7980f0e7ac299332a80", + "tag" : "cdc46ae475563de037001ef84ae21744", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 14, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "010000000000000000000000", + "msg" : "02000000", + "ct" : "a8fe3e87", + "tag" : "07eb1f84fb28f8cb73de8e99e2f48a14", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 15, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "010000000000000000000000000000000200", + "msg" : "0300000000000000000000000000000004000000", + "ct" : "6bb0fecf5ded9b77f902c7d5da236a4391dd0297", + "tag" : "24afc9805e976f451e6d87f6fe106514", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 16, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "01000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "0100000000000000000000000000000002000000", + "msg" : "030000000000000000000000000000000400", + "ct" : "44d0aaf6fb2f1f34add5e8064e83e12a2ada", + "tag" : "bff9b2ef00fb47920cc72a0c0f13b9fd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "e66021d5eb8e4f4066d4adb9c33560e4", + "iv" : "f46e44bb3da0015c94f70887", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "a4194b79071b01a87d65f706e3949578", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "36864200e0eaf5284d884a0e77d31646", + "iv" : "bae8e37fc83441b16034566b", + "aad" : "46bb91c3c5", + "msg" : "7a806c", + "ct" : "af60eb", + "tag" : "711bd85bc1e4d3e0a462e074eea428a8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "aedb64a6c590bc84d1a5e269e4b47801", + "iv" : "afc0577e34699b9e671fdd4f", + "aad" : "fc880c94a95198874296", + "msg" : "bdc66f146545", + "ct" : "bb93a3e34d3c", + "tag" : "d6a9c45545cfc11f03ad743dba20f966", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "d5cc1fd161320b6920ce07787f86743b", + "iv" : "275d1ab32f6d1f0434d8848c", + "aad" : "046787f3ea22c127aaf195d1894728", + "msg" : "1177441f195495860f", + "ct" : "4f37281f7ad12949d0", + "tag" : "1d02fd0cd174c84fc5dae2f60f52fd2b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "b3fed1473c528b8426a582995929a149", + "iv" : "9e9ad8780c8d63d0ab4149c0", + "aad" : "c9882e5386fd9f92ec489c8fde2be2cf97e74e93", + "msg" : "9f572c614b4745914474e7c7", + "ct" : "f54673c5ddf710c745641c8b", + "tag" : "c1dc2f871fb7561da1286e655e24b7b0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "2d4ed87da44102952ef94b02b805249b", + "iv" : "ac80e6f61455bfac8308a2d4", + "aad" : "2950a70d5a1db2316fd568378da107b52b0da55210cc1c1b0a", + "msg" : "0d8c8451178082355c9e940fea2f58", + "ct" : "c9ff545e07b88a015f05b274540aa1", + "tag" : "83b3449b9f39552de99dc214a1190b0b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "bde3b2f204d1e9f8b06bc47f9745b3d1", + "iv" : "ae06556fb6aa7890bebc18fe", + "aad" : "1860f762ebfbd08284e421702de0de18baa9c9596291b08466f37de21c7f", + "msg" : "6b3db4da3d57aa94842b9803a96e07fb6de7", + "ct" : "6298b296e24e8cc35dce0bed484b7f30d580", + "tag" : "3e377094f04709f64d7b985310a4db84", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 24, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "f901cfe8a69615a93fdf7a98cad48179", + "iv" : "6245709fb18853f68d833640", + "aad" : "7576f7028ec6eb5ea7e298342a94d4b202b370ef9768ec6561c4fe6b7e7296fa859c21", + "msg" : "e42a3c02c25b64869e146d7b233987bddfc240871d", + "ct" : "391cc328d484a4f46406181bcd62efd9b3ee197d05", + "tag" : "2d15506c84a9edd65e13e9d24a2a6e70", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 25, + "comment" : "", + "key" : "bedcfb5a011ebc84600fcb296c15af0d", + "iv" : "438a547a94ea88dce46c6c85", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "596d0538e48526be1c991e40cc031073", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 26, + "comment" : "", + "key" : "384ea416ac3c2f51a76e7d8226346d4e", + "iv" : "b30c084727ad1c592ac21d12", + "aad" : "", + "msg" : "35", + "ct" : "4f", + "tag" : "8b2b805fc0885e2b470d9dbe6cb15ed3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 27, + "comment" : "", + "key" : "cae31cd9f55526eb038241fc44cac1e5", + "iv" : "b5e006ded553110e6dc56529", + "aad" : "", + "msg" : "d10989f2c52e94ad", + "ct" : "04c7a55f97846e54", + "tag" : "48168ff846356c33032c719b518f18a8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 28, + "comment" : "", + "key" : "dd6197cd63c963919cf0c273ef6b28bf", + "iv" : "ecb0c42f7000ef0e6f95f24d", + "aad" : "", + "msg" : "4dcc1485365866e25ac3f2ca6aba97", + "ct" : "fd9521041b0397a15b0070b93f48a9", + "tag" : "09df91414578f7faf757d04ee26ab901", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 29, + "comment" : "", + "key" : "ffdf4228361ea1f8165852136b3480f7", + "iv" : "0e1666f2dc652f7708fb8f0d", + "aad" : "", + "msg" : "25b12e28ac0ef6ead0226a3b2288c800", + "ct" : "6eb905287ddfafc32f6b1c10046c089f", + "tag" : "4ff9f939a77c34b0cb1ee75fcb0dd29a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 30, + "comment" : "", + "key" : "c15ed227dd2e237ecd087eaaaad19ea4", + "iv" : "965ff6643116ac1443a2dec7", + "aad" : "", + "msg" : "fee62fde973fe025ad6b322dcdf3c63fc7", + "ct" : "6f62bd09d4f36f73e289ab6dd114727fe3", + "tag" : "ea727c084db2bc948de0928edddd7fcf", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 31, + "comment" : "", + "key" : "a8ee11b26d7ceb7f17eaa1e4b83a2cf6", + "iv" : "fbbc04fd6e025b7193eb57f6", + "aad" : "", + "msg" : "c08f085e6a9e0ef3636280c11ecfadf0c1e72919ffc17eaf", + "ct" : "80133a4bea7311f0d3c9835144c37c4ef0ef20c8f2e36be1", + "tag" : "b92f47c1af6713e14fbdf60efebb50c6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 32, + "comment" : "", + "key" : "7519588f30f7f08ff98e1beee6a2a783", + "iv" : "a2dbe708db51c68ef02994a6", + "aad" : "", + "msg" : "1851956319256ebb0f9ccaf325a24abfc5c3e90b055e57cdc0c7ab2165ae03b1", + "ct" : "778b308e4ca17607df36c0b94695bc64603173b814701a9f69147b42478a0b1f", + "tag" : "b75c98952c0aa11958a55c9c2ecf33f5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 33, + "comment" : "", + "key" : "a5b5b6bae45b741fe4663890098f326a", + "iv" : "4bad10c6d84fd43fd13ad36f", + "aad" : "30", + "msg" : "127b150080ec0bc7704e26f4ab11abb6", + "ct" : "173ba6370171be47dbb6163a63a3b725", + "tag" : "53aefed6e971d5a1f435f0730a6dd0fd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 34, + "comment" : "", + "key" : "0cecb9f512932d68e2c7c0bc4bd621c8", + "iv" : "2186a3091237adae83540e24", + "aad" : "743e", + "msg" : "437aeb94d842283ba57bb758e3d229f0", + "ct" : "959f0ff12481dedc4302ad7a904f9486", + "tag" : "0215be2ab9b0672a7b82893891057c9c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 35, + "comment" : "", + "key" : "55e04c122780be52ed9328928039008c", + "iv" : "0c908e58cddad69dea1a32c3", + "aad" : "25591707c004f506f4b51e85e29f6a", + "msg" : "26eb70672eef03667b34cc7d0df05872", + "ct" : "8ae3a16a237f1358ac8cfeb5f4cc2818", + "tag" : "28f5aa8a34a9f7c01c17759d142b1bae", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "", + "key" : "5f0a1b5f8f8673d566ec7f54e7dca4f2", + "iv" : "c30968c967e53505621628db", + "aad" : "c07092d799dac2b4c05fbddd04743c34", + "msg" : "f6538476daf04524cf134309dd84e187", + "ct" : "d5220f6a49d1e4c10d38c77c8156ebd0", + "tag" : "80b50f526286dad22d40984636f0e9ce", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "", + "key" : "671a70e883fb0611dffd0b1dd9b8cca2", + "iv" : "a51c37f467893c1608e56274", + "aad" : "3ea12d80f40f34f812479d2ecc13d2d6df", + "msg" : "3baf3edf04dc0c97aae081cdeb08021d", + "ct" : "3e771b9376e1d1cde3d9b73349c958bc", + "tag" : "ebd3ea678a1e87839a4356584ea89bac", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "", + "key" : "63f03172505d90e94900125cb8a4b0dd", + "iv" : "52c20979cdaaade573dba650", + "aad" : "5189ea6f39b2a78c0202fdff146c5cc6bdc7491d4786f80c6c6aef65634c05da", + "msg" : "602c98997ee03fd11ce00e92de193977", + "ct" : "05b568a589d0a77a8ee9c6f06415c6b6", + "tag" : "91ba5089dffb7538199c441728d5f84a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "Testing for ctr overflow", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "010101010101010101010101", + "aad" : "395f4091b410c373073bcdc79e02d3af", + "msg" : "43488548d88e6f774bcd2d52c18fbcc933a4e9a9613ff3edbe959ec59522adc098b3133b8d17b9e9dad631ad33752c95", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 40, + "comment" : "Testing for ctr overflow", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "616b2dff4d665e5f7ab890723dd981b1", + "msg" : "f012c6a7eb0e8af5bc45e015e7680a693dc709b95383f6a94babec1bc36e4be3cf4f55a31a94f11c6c3f90eed99682bc", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 41, + "comment" : "Testing for ctr overflow", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "030303030303030303030303", + "aad" : "387a8997605fd04ae8951c4759087864", + "msg" : "71ceee58179d6fb968521e9594dbf98cc0040f6aa38fe873c32a9b122d6cbfd51aa4778b3f4f37be7348690d97e2468b", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "fefffffffefffffffefffffffeffffff", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 42, + "comment" : "Testing for ctr overflow", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "060606060606060606060606", + "aad" : "6783b0d5e9d8a2a7274065797097d1ae", + "msg" : "2e14f9e9a09ea204557367898a80dcad117af3666bea25762b70633a9f3614fbe631ba617c371fd5566d5e613496e69f", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "ffffff7f00112233445566778899aabb", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 43, + "comment" : "Testing for ctr overflow", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "010101010101010101010101", + "aad" : "2933810c146f4f7dd146dd43f35199c6", + "msg" : "27fac75879c9d87cd52a0793137ba792f6f145148158eb538f2081e09cd0315986a7025045ecbb2ca1bb18a17bfcd567", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "ffffffffffffff7f0011223344556677", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 44, + "comment" : "Flipped bit 0 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "27dd62060507dae87c4f93f391ba15f9", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 45, + "comment" : "Flipped bit 0 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "9ea3371e258288d5a01b15384e2c99ee", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "Flipped bit 0 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "ce24e3ec0fe7b8550d621b71fdb5d0eb", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "Flipped bit 7 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "1471f354b359c235117febba854a823b", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "Flipped bit 7 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "11f820294fc9d13f1895d2fb5509913b", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "Flipped bit 8 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "45e7257b814f09de44177b27b914822f", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "Flipped bit 8 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "4c49780b5438c4a7ea9795b9856fdae1", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 51, + "comment" : "Flipped bit 8 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "ecc2f2f4142837a34f9cd1fa030a5d7f", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 52, + "comment" : "Flipped bit 31 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "69c7f5605da8e0684990b087411f8cf5", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 53, + "comment" : "Flipped bit 31 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "20b346be60e7e97588bf504ce707ce0b", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 54, + "comment" : "Flipped bit 56 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "3955107da2e9938c6b19bb19ae9fc09f", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 55, + "comment" : "Flipped bit 56 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "b1385d46a8accd7022c142442a0b13e9", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 56, + "comment" : "Flipped bit 63 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "19b298f3a061a73cb774da927ce11ca2", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 57, + "comment" : "Flipped bit 63 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "bff8c631e61c18a050a523ad4a750a20", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 58, + "comment" : "Flipped bit 64 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "7b6171302b689c926852163e310f08d4", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "Flipped bit 88 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "4e79aa30003226402245893e91f2024c", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "Flipped bit 88 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "9312e1813a05b8682555061b05edcef1", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "Flipped bit 96 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "643684185211af58061022efa360d54b", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "Flipped bit 96 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "786d8056e26150918e3cbe520cafeb50", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "Flipped bit 97 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "555036128fa18ecadd090cb772ac0bf3", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "Flipped bit 97 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "a5b43b8e1dbb2bfbda1b625fee4064a7", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "Flipped bit 120 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "ae47cc5d7681dd480c23469c5519b647", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "Flipped bit 120 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "d53dd677184702eaa660f1349195fc04", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "Flipped bit 120 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "dc78584e4599dd4b2fb333db2f9ccb95", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "Flipped bit 121 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "0bfd9271e79153a8afdb7f3d96fe446f", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 69, + "comment" : "Flipped bit 121 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "1e0537a95b7200134d0b440657d50fd1", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 70, + "comment" : "Flipped bit 121 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "7633155df35857258d23b0651d60847c", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 71, + "comment" : "Flipped bit 126 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "ab0a064b473de43598adf81ee297d856", + "msg" : "0fed395814f1750a", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 72, + "comment" : "Flipped bit 127 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "f62bdc3f4fcb699ee12f6e87dcc704cb", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "Flipped bit 127 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "1320051031807b8f44e9d2cb1ec6aa92", + "msg" : "03c0e39b77bd62d32568f4c86c90bfdb", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "Flipped bit 127 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "329b813d3ae2225d3e15f97a28037bcc", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "Flipped bit 0..127 in tag", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "edc723bedd0078696acdea005c74b841", + "msg" : "63995888995b338c", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 96, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 76, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "07f5f4169bbf55a8400cd47ea6fd400f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "0100000000000000", + "ct" : "c2ef328e5c71c83b", + "tag" : "843122130f7364b761e0b97427e3df28", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "010000000000000000000000", + "ct" : "9aab2aeb3faa0a34aea8e2b1", + "tag" : "8ca50da9ae6559e48fd10f6e5c9ca17e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "01000000000000000000000000000000", + "ct" : "85a01b63025ba19b7fd3ddfc033b3e76", + "tag" : "c9eac6fa700942702e90862383c6c366", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "0100000000000000000000000000000002000000000000000000000000000000", + "ct" : "4a6a9db4c8c6549201b9edb53006cba821ec9cf850948a7c86c68ac7539d027f", + "tag" : "e819e63abcd020b006a976397632eb5d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "010000000000000000000000000000000200000000000000000000000000000003000000000000000000000000000000", + "ct" : "c00d121893a9fa603f48ccc1ca3c57ce7499245ea0046db16c53c7c66fe717e39cf6c748837b61f6ee3adcee17534ed5", + "tag" : "790bc96880a99ba804bd12c0e6a22cc4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "", + "msg" : "01000000000000000000000000000000020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000", + "ct" : "c2d5160a1f8683834910acdafc41fbb1632d4a353e8b905ec9a5499ac34f96c7e1049eb080883891a4db8caaa1f99dd004d80487540735234e3744512c6f90ce", + "tag" : "112864c269fc0d9d88c61fa47e39aa08", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "0200000000000000", + "ct" : "1de22967237a8132", + "tag" : "91213f267e3b452f02d01ae33e4ec854", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "020000000000000000000000", + "ct" : "163d6f9cc1b346cd453a2e4c", + "tag" : "c1a4a19ae800941ccdc57cc8413c277f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "02000000000000000000000000000000", + "ct" : "c91545823cc24f17dbb0e9e807d5ec17", + "tag" : "b292d28ff61189e8e49f3875ef91aff7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "0200000000000000000000000000000003000000000000000000000000000000", + "ct" : "07dad364bfc2b9da89116d7bef6daaaf6f255510aa654f920ac81b94e8bad365", + "tag" : "aea1bad12702e1965604374aab96dbbc", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "020000000000000000000000000000000300000000000000000000000000000004000000000000000000000000000000", + "ct" : "c67a1f0f567a5198aa1fcc8e3f21314336f7f51ca8b1af61feac35a86416fa47fbca3b5f749cdf564527f2314f42fe25", + "tag" : "03332742b228c647173616cfd44c54eb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "01", + "msg" : "02000000000000000000000000000000030000000000000000000000000000000400000000000000000000000000000005000000000000000000000000000000", + "ct" : "67fd45e126bfb9a79930c43aad2d36967d3f0e4d217c1e551f59727870beefc98cb933a8fce9de887b1e40799988db1fc3f91880ed405b2dd298318858467c89", + "tag" : "5bde0285037c5de81e5b570a049b62a0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "010000000000000000000000", + "msg" : "02000000", + "ct" : "22b3f4cd", + "tag" : "1835e517741dfddccfa07fa4661b74cf", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "010000000000000000000000000000000200", + "msg" : "0300000000000000000000000000000004000000", + "ct" : "43dd0163cdb48f9fe3212bf61b201976067f342b", + "tag" : "b879ad976d8242acc188ab59cabfe307", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0100000000000000000000000000000000000000000000000000000000000000", + "iv" : "030000000000000000000000", + "aad" : "0100000000000000000000000000000002000000", + "msg" : "030000000000000000000000000000000400", + "ct" : "462401724b5ce6588d5a54aae5375513a075", + "tag" : "cfcdf5042112aa29685c912fc2056543", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "e66021d5eb8e4f4066d4adb9c33560e4f46e44bb3da0015c94f7088736864200", + "iv" : "e0eaf5284d884a0e77d31646", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "169fbb2fbf389a995f6390af22228a62", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "bae8e37fc83441b16034566b7a806c46bb91c3c5aedb64a6c590bc84d1a5e269", + "iv" : "e4b47801afc0577e34699b9e", + "aad" : "4fbdc66f14", + "msg" : "671fdd", + "ct" : "0eaccb", + "tag" : "93da9bb81333aee0c785b240d319719d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "6545fc880c94a95198874296d5cc1fd161320b6920ce07787f86743b275d1ab3", + "iv" : "2f6d1f0434d8848c1177441f", + "aad" : "6787f3ea22c127aaf195", + "msg" : "195495860f04", + "ct" : "a254dad4f3f9", + "tag" : "6b62b84dc40c84636a5ec12020ec8c2c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "d1894728b3fed1473c528b8426a582995929a1499e9ad8780c8d63d0ab4149c0", + "iv" : "9f572c614b4745914474e7c7", + "aad" : "489c8fde2be2cf97e74e932d4ed87d", + "msg" : "c9882e5386fd9f92ec", + "ct" : "0df9e308678244c44b", + "tag" : "c0fd3dc6628dfe55ebb0b9fb2295c8c2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 96, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "a44102952ef94b02b805249bac80e6f61455bfac8308a2d40d8c845117808235", + "iv" : "5c9e940fea2f582950a70d5a", + "aad" : "0da55210cc1c1b0abde3b2f204d1e9f8b06bc47f", + "msg" : "1db2316fd568378da107b52b", + "ct" : "8dbeb9f7255bf5769dd56692", + "tag" : "404099c2587f64979f21826706d497d5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 97, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "9745b3d1ae06556fb6aa7890bebc18fe6b3db4da3d57aa94842b9803a96e07fb", + "iv" : "6de71860f762ebfbd08284e4", + "aad" : "f37de21c7ff901cfe8a69615a93fdf7a98cad481796245709f", + "msg" : "21702de0de18baa9c9596291b08466", + "ct" : "793576dfa5c0f88729a7ed3c2f1bff", + "tag" : "b3080d28f6ebb5d3648ce97bd5ba67fd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "b18853f68d833640e42a3c02c25b64869e146d7b233987bddfc240871d7576f7", + "iv" : "028ec6eb5ea7e298342a94d4", + "aad" : "9c2159058b1f0fe91433a5bdc20e214eab7fecef4454a10ef0657df21ac7", + "msg" : "b202b370ef9768ec6561c4fe6b7e7296fa85", + "ct" : "857e16a64915a787637687db4a9519635cdd", + "tag" : "454fc2a154fea91f8363a39fec7d0a49", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "3c535de192eaed3822a2fbbe2ca9dfc88255e14a661b8aa82cc54236093bbc23", + "iv" : "688089e55540db1872504e1c", + "aad" : "734320ccc9d9bbbb19cb81b2af4ecbc3e72834321f7aa0f70b7282b4f33df23f167541", + "msg" : "ced532ce4159b035277d4dfbb7db62968b13cd4eec", + "ct" : "626660c26ea6612fb17ad91e8e767639edd6c9faee", + "tag" : "9d6c7029675b89eaf4ba1ded1a286594", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0000000000000000000000000000000000000000000000000000000000000000", + "iv" : "000000000000000000000000", + "aad" : "", + "msg" : "000000000000000000000000000000004db923dc793ee6497c76dcc03a98e108", + "ct" : "f3f80f2cf0cb2dd9c5984fcda908456cc537703b5ba70324a6793a7bf218d3ea", + "tag" : "ffffffff000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "draft-irtf-cfrg-gcmsiv-09", + "key" : "0000000000000000000000000000000000000000000000000000000000000000", + "iv" : "000000000000000000000000", + "aad" : "", + "msg" : "eb3640277c7ffd1303c7a542d02d3e4c0000000000000000", + "ct" : "18ce4f0b8cb4d0cac65fea8f79257b20888e53e72299e56d", + "tag" : "ffffffff000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "", + "key" : "80ba3192c803ce965ea371d5ff073cf0f43b6a2ab576b208426e11409c09b9b0", + "iv" : "4da5bf8dfd5852c1ea12379d", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "181720f6ecdcdd332c89d20e09f11b0f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "", + "key" : "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273", + "iv" : "99e23ec48985bccdeeab60f1", + "aad" : "", + "msg" : "2a", + "ct" : "fa", + "tag" : "868ee11a7fe13996ac26962a7e861962", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "", + "key" : "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152", + "iv" : "4f07afedfdc3b6c2361823d3", + "aad" : "", + "msg" : "be3308f72a2c6aed", + "ct" : "c32210c306fac7dc", + "tag" : "da60d8ff4d550e6801b0ce488ed1b6fe", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 105, + "comment" : "", + "key" : "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb", + "iv" : "68ab7fdbf61901dad461d23c", + "aad" : "", + "msg" : "51f8c1f731ea14acdb210a6d973e07", + "ct" : "0180029193bbb29e326b5817e8ea01", + "tag" : "4dd43e861c5f141a693ebc056ed0f0f9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 106, + "comment" : "", + "key" : "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a", + "iv" : "2fcb1b38a99e71b84740ad9b", + "aad" : "", + "msg" : "549b365af913f3b081131ccb6b825588", + "ct" : "31cb136074adcd00cf75e9587d7e8424", + "tag" : "567871b7aaaf3c00f42fd9d5962df514", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 107, + "comment" : "", + "key" : "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011", + "iv" : "45aaa3e5d16d2d42dc03445d", + "aad" : "", + "msg" : "3ff1514b1c503915918f0c0c31094a6e1f", + "ct" : "c97e58e8730a567e8bdf5eb981cdd5f323", + "tag" : "4b2dc825fef9dc6bf234f2b8ff798f9e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 108, + "comment" : "", + "key" : "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7", + "iv" : "e6b1adf2fd58a8762c65f31b", + "aad" : "", + "msg" : "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", + "ct" : "c2669f9fc8fe6013c4dd22468d43c2af73647b7018531d29", + "tag" : "06a58c8d44e99b3262cad0e920df1f85", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 109, + "comment" : "", + "key" : "e1731d5854e1b70cb3ffe8b786a2b3ebf0994370954757b9dc8c7bc5354634a3", + "iv" : "72cfd90ef3026ca22b7e6e6a", + "aad" : "", + "msg" : "b9c554cbc36ac18ae897df7beecac1dbeb4eafa156bb60ce2e5d48f05715e678", + "ct" : "faaef557c31a231115f393c4b3c1a1413fb40b4204458d5f9ef8a9f2f12486ae", + "tag" : "72fc457255aadf708719c46986caefad", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 110, + "comment" : "", + "key" : "7d00b48095adfa3272050607b264185002ba99957c498be022770f2ce2f3143c", + "iv" : "87345f1055fd9e2102d50656", + "aad" : "02", + "msg" : "e5ccaa441bc814688f8f6e8f28b500b2", + "ct" : "12fffdccd1e5a9708fa30ccf99137067", + "tag" : "688e0b634f51c4f6d983629c8a63c1c0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 111, + "comment" : "", + "key" : "6432717f1db85e41ac7836bce25185a080d5762b9e2b18444b6ec72c3bd8e4dc", + "iv" : "87a3163ec0598ad95b3aa713", + "aad" : "b648", + "msg" : "02cde168fba3f544bbd0332f7adeada8", + "ct" : "b75b8e96de2ef9704ade5c64cab59671", + "tag" : "dec00ceb899c4a6a29be67f1b30435e0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 112, + "comment" : "", + "key" : "8e34cf73d245a1082a920b86364eb896c4946467bcb3d58929fcb36690e6394f", + "iv" : "6f573aa86baa492ba46596df", + "aad" : "bd4cd02fc7502bbdbdf6c9a3cbe8f0", + "msg" : "16ddd23ff53f3d23c06334487040eb47", + "ct" : "8e67034384170a646e9eea1606a8e899", + "tag" : "fe7a3dd42beb5ff70bb471ff76f0d341", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 113, + "comment" : "", + "key" : "cb5575f5c7c45c91cf320b139fb594237560d0a3e6f865a67d4f633f2c08f016", + "iv" : "1a6518f02ede1da6809266d9", + "aad" : "89cce9fb47441d07e0245a66fe8b778b", + "msg" : "623b7850c321e2cf0c6fbcc8dfd1aff2", + "ct" : "7eeb00c65fe7e0c79255e3cd90013588", + "tag" : "957d35fb25fdc17f00db33756967fd02", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 114, + "comment" : "", + "key" : "a5569e729a69b24ba6e0ff15c4627897436824c941e9d00b2e93fddc4ba77657", + "iv" : "564dee49ab00d240fc1068c3", + "aad" : "d19f2d989095f7ab03a5fde84416e00c0e", + "msg" : "87b3a4d7b26d8d3203a0de1d64ef82e3", + "ct" : "f83e3b4333400d6393d085fe947057c4", + "tag" : "7a30291bb506ae3961f61d683c9d94d1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 115, + "comment" : "", + "key" : "3937986af86dafc1ba0c4672d8abc46c207062682d9c264ab06d6c5807205130", + "iv" : "8df4b15a888c33286a7b7651", + "aad" : "ba446f6f9a0ced22450feb10737d9007fd69abc19b1d4d9049a5551e86ec2b37", + "msg" : "dc9e9eaf11e314182df6a4eba17aec9c", + "ct" : "97db4d850442eb33e6089af6f3cadf7b", + "tag" : "3ccbb125b2835754c1409d227e374d0b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 116, + "comment" : "Testing for ctr overflow", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "010101010101010101010101", + "aad" : "40c32e00c2fdab59c1a1c573b46b5068", + "msg" : "bdd411814564c4218d224d50591c818855a862a0a519ac0b3d71a2edb12aa71eb81959bcc6b84c45aa424c9aca0b7bdd", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 117, + "comment" : "Testing for ctr overflow", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "000000000000000000000000", + "aad" : "2cc3a1973e0560f7224a394e52fa8488", + "msg" : "d04846a01f472262e60a1cb4cfcbdcb05c3f819628a3a49395c5dae96c434b2417ce071699afa74a60c32c0bafd9c01a", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 118, + "comment" : "Testing for ctr overflow", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "010101010101010101010101", + "aad" : "2e34d12622a441b557eeb1d647c6cb73", + "msg" : "79637cee9decf33e3080de3d2c55bd21cd529ba8080b583edb6cfe13cda04bd00debe58b8cd48d6e02a1ecfc4d87923a", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "fefffffffefffffffefffffffeffffff", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 119, + "comment" : "Testing for ctr overflow", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "000000000000000000000000", + "aad" : "0814a95481bf915a4097949e3525c7e7", + "msg" : "6492a73880dac7f36743715b0fc7063d3e46a25044310bba5849ed88bfcb54b0adbe3978040bda849906e1aa09d1a8e3", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "ffffff7f00112233445566778899aabb", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 120, + "comment" : "Testing for ctr overflow", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "010101010101010101010101", + "aad" : "b691ef42f2ab8d1b4a581bb08394b13a", + "msg" : "7848d9e872f40bca1b82a4e7185fb75193b3496cc1dc2a72b86ed156ab8389e71687ed25eb6485e66561fa8c39853368", + "ct" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "ffffffffffffff7f0011223344556677", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 121, + "comment" : "Flipped bit 0 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "e144878b0bbbf01b75231277e1e0d114", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 122, + "comment" : "Flipped bit 0 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "0289eaa93eb084107d2088435ef2a0cd", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 123, + "comment" : "Flipped bit 1 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "f3bd6013669b7d9371727fcb1aafea75", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 124, + "comment" : "Flipped bit 7 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "922e91b2c5016e4303c737d1608ca25f", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "Flipped bit 7 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "7195dd0addce5dd7014bfddb2f23206f", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 126, + "comment" : "Flipped bit 7 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "32fc2a53e9678f1fc6d63081c36c6f2c", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 127, + "comment" : "Flipped bit 8 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "c55ba71ee250216f8ecfe822d712dd38", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 128, + "comment" : "Flipped bit 8 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "5546acf865fc305fbd7ff1092cb9c2c3", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 129, + "comment" : "Flipped bit 31 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "6b060eebe1843b409a4dfd0be8f86a2b", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 130, + "comment" : "Flipped bit 31 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "c4adb92f1a60eb2faff88675f62a7276", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 131, + "comment" : "Flipped bit 32 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "70c5a8591f52f869c6415a6d7000e253", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 132, + "comment" : "Flipped bit 56 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "46c788111083d8913153a6e37e5506a3", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 133, + "comment" : "Flipped bit 56 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "1ed7665962378cec4039c793a8f744d0", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 134, + "comment" : "Flipped bit 56 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "a0f7587c5862609c6dc983780bcda180", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "Flipped bit 63 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "b5fe79f182cb9f2945208e29513928d1", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 136, + "comment" : "Flipped bit 63 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "c1dbf87e4a586b040c53f6dd9063b4cd", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 137, + "comment" : "Flipped bit 64 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "845466e603ca85a224693d150ae13ba3", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 138, + "comment" : "Flipped bit 88 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "90a992a8443d65870b4d8bca85e4a698", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 139, + "comment" : "Flipped bit 88 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "e1737a834410e5fba6cdc1d1f7d12c12", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 140, + "comment" : "Flipped bit 96 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "445c8fffa3d960e39ca86260c66418d8", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 141, + "comment" : "Flipped bit 97 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "18cb9f5eede6224fa3fcd525cf9f958b", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 142, + "comment" : "Flipped bit 97 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "8c4fbca37d2e361856b9f80adf455fa0", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 143, + "comment" : "Flipped bit 97 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "bc517fe140abf2b42eb1cafe8c0715a9", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 144, + "comment" : "Flipped bit 120 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "617e1c5ef62ed35cf678e670f116ff2f", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 145, + "comment" : "Flipped bit 120 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "e71802b7a37e8ef1f001ef0c52c636f2", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 146, + "comment" : "Flipped bit 120 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "be647e37f154d4a8edca5a29ca221cc5", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 147, + "comment" : "Flipped bit 121 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "b3caa01f49c7cbc56c7c92547257957e", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 148, + "comment" : "Flipped bit 121 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "ab0347a2aec4cc4c366583062442ba07", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 149, + "comment" : "Flipped bit 126 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "62573ef39a27f77b37fb7bfc84e46cee", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 150, + "comment" : "Flipped bit 126 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "28e3cadfb16834e824642e965588c200", + "msg" : "759dfbbb8a251ccc", + "ct" : "0000000000000000", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 151, + "comment" : "Flipped bit 126 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "7edd2fc15bed224a46dc8608e1766080", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 152, + "comment" : "Flipped bit 127 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "7e0e03104e2c0ff20ba4c35742180c5b", + "msg" : "", + "ct" : "", + "tag" : "0987e35e40981a2730c1740c7201731f", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 153, + "comment" : "Flipped bit 127 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "9a24dc75c5ddd3bab57ff532eb86d224", + "msg" : "f663044a4e7dd822aba0b7de2d869981", + "ct" : "00000000000000000000000000000000", + "tag" : "13a1883272188b4c8d2727178198fe95", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 154, + "comment" : "Flipped bit 127 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "3196aec499c15bc043b6866ba0df6e6b", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 155, + "comment" : "Flipped bit 0..127 in tag", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "55a2987aa94bf46ad1b6d253a44c1622", + "msg" : "49861b1fb6bcf8e4", + "ct" : "ffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + } + ] + } + ] +} \ No newline at end of file diff --git a/testdata/rfc8452_128.txt b/testdata/rfc8452_128.txt new file mode 100644 index 0000000..34fb926 --- /dev/null +++ b/testdata/rfc8452_128.txt @@ -0,0 +1,479 @@ + Plaintext (0 bytes) = + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 00000000000000000000000000000000 + POLYVAL result = 00000000000000000000000000000000 + POLYVAL result XOR nonce = 03000000000000000000000000000000 + ... and masked = 03000000000000000000000000000000 + Tag = dc20e2d83f25705bb49e439eca56de25 + Initial counter = dc20e2d83f25705bb49e439eca56dea5 + Result (16 bytes) = dc20e2d83f25705bb49e439eca56de25 + + + Plaintext (8 bytes) = 0100000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 00000000000000004000000000000000 + POLYVAL result = eb93b7740962c5e49d2a90a7dc5cec74 + POLYVAL result XOR nonce = e893b7740962c5e49d2a90a7dc5cec74 + ... and masked = e893b7740962c5e49d2a90a7dc5cec74 + Tag = 578782fff6013b815b287c22493a364c + Initial counter = 578782fff6013b815b287c22493a36cc + Result (24 bytes) = b5d839330ac7b786578782fff6013b81 + 5b287c22493a364c + + + Plaintext (12 bytes) = 010000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 00000000000000006000000000000000 + POLYVAL result = 48eb6c6c5a2dbe4a1dde508fee06361b + POLYVAL result XOR nonce = 4beb6c6c5a2dbe4a1dde508fee06361b + ... and masked = 4beb6c6c5a2dbe4a1dde508fee06361b + Tag = a4978db357391a0bc4fdec8b0d106639 + Initial counter = a4978db357391a0bc4fdec8b0d1066b9 + Result (28 bytes) = 7323ea61d05932260047d942a4978db3 + 57391a0bc4fdec8b0d106639 + + + Plaintext (16 bytes) = 01000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 00000000000000008000000000000000 + POLYVAL result = 20806c26e3c1de019e111255708031d6 + POLYVAL result XOR nonce = 23806c26e3c1de019e111255708031d6 + ... and masked = 23806c26e3c1de019e11125570803156 + Tag = 303aaf90f6fe21199c6068577437a0c4 + Initial counter = 303aaf90f6fe21199c6068577437a0c4 + Result (32 bytes) = 743f7c8077ab25f8624e2e948579cf77 + 303aaf90f6fe21199c6068577437a0c4 + + + Plaintext (32 bytes) = 01000000000000000000000000000000 + 02000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 00000000000000000001000000000000 + POLYVAL result = ce6edc9a50b36d9a98986bbf6a261c3b + POLYVAL result XOR nonce = cd6edc9a50b36d9a98986bbf6a261c3b + ... and masked = cd6edc9a50b36d9a98986bbf6a261c3b + Tag = 1a8e45dcd4578c667cd86847bf6155ff + Initial counter = 1a8e45dcd4578c667cd86847bf6155ff + Result (48 bytes) = 84e07e62ba83a6585417245d7ec413a9 + fe427d6315c09b57ce45f2e3936a9445 + 1a8e45dcd4578c667cd86847bf6155ff + + + Plaintext (48 bytes) = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 00000000000000008001000000000000 + POLYVAL result = 81388746bc22d26b2abc3dcb15754222 + POLYVAL result XOR nonce = 82388746bc22d26b2abc3dcb15754222 + ... and masked = 82388746bc22d26b2abc3dcb15754222 + Tag = 5e6e311dbf395d35b0fe39c2714388f8 + Initial counter = 5e6e311dbf395d35b0fe39c2714388f8 + Result (64 bytes) = 3fd24ce1f5a67b75bf2351f181a475c7 + b800a5b4d3dcf70106b1eea82fa1d64d + f42bf7226122fa92e17a40eeaac1201b + 5e6e311dbf395d35b0fe39c2714388f8 + + + Plaintext (64 bytes) = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 00000000000000000002000000000000 + POLYVAL result = 1e39b6d3344d348f6044f89935d1cf78 + POLYVAL result XOR nonce = 1d39b6d3344d348f6044f89935d1cf78 + ... and masked = 1d39b6d3344d348f6044f89935d1cf78 + Tag = 8a263dd317aa88d56bdf3936dba75bb8 + Initial counter = 8a263dd317aa88d56bdf3936dba75bb8 + Result (80 bytes) = 2433668f1058190f6d43e360f4f35cd8 + e475127cfca7028ea8ab5c20f7ab2af0 + 2516a2bdcbc08d521be37ff28c152bba + 36697f25b4cd169c6590d1dd39566d3f + 8a263dd317aa88d56bdf3936dba75bb8 + + + Plaintext (8 bytes) = 0200000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 08000000000000004000000000000000 + POLYVAL result = b26781e7e2c1376f96bec195f3709b2a + POLYVAL result XOR nonce = b16781e7e2c1376f96bec195f3709b2a + ... and masked = b16781e7e2c1376f96bec195f3709b2a + Tag = 3b0a1a2560969cdf790d99759abd1508 + Initial counter = 3b0a1a2560969cdf790d99759abd1588 + Result (24 bytes) = 1e6daba35669f4273b0a1a2560969cdf + 790d99759abd1508 + + + Plaintext (12 bytes) = 020000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 08000000000000006000000000000000 + POLYVAL result = 111f5affb18e4cc1164a01bdc12a4145 + POLYVAL result XOR nonce = 121f5affb18e4cc1164a01bdc12a4145 + ... and masked = 121f5affb18e4cc1164a01bdc12a4145 + Tag = 08299c5102745aaa3a0c469fad9e075a + Initial counter = 08299c5102745aaa3a0c469fad9e07da + Result (28 bytes) = 296c7889fd99f41917f4462008299c51 + 02745aaa3a0c469fad9e075a + + + Plaintext (16 bytes) = 02000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 08000000000000008000000000000000 + POLYVAL result = 79745ab508622c8a958543675fac4688 + POLYVAL result XOR nonce = 7a745ab508622c8a958543675fac4688 + ... and masked = 7a745ab508622c8a958543675fac4608 + Tag = 8f8936ec039e4e4bb97ebd8c4457441f + Initial counter = 8f8936ec039e4e4bb97ebd8c4457449f + Result (32 bytes) = e2b0c5da79a901c1745f700525cb335b + 8f8936ec039e4e4bb97ebd8c4457441f + + + Plaintext (32 bytes) = 02000000000000000000000000000000 + 03000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 08000000000000000001000000000000 + POLYVAL result = 2ce7daaf7c89490822051255b12eca6b + POLYVAL result XOR nonce = 2fe7daaf7c89490822051255b12eca6b + ... and masked = 2fe7daaf7c89490822051255b12eca6b + Tag = e6af6a7f87287da059a71684ed3498e1 + Initial counter = e6af6a7f87287da059a71684ed3498e1 + Result (48 bytes) = 620048ef3c1e73e57e02bb8562c416a3 + 19e73e4caac8e96a1ecb2933145a1d71 + e6af6a7f87287da059a71684ed3498e1 + + + Plaintext (48 bytes) = 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 08000000000000008001000000000000 + POLYVAL result = 9ca987715d69c1786711dfcd22f830fc + POLYVAL result XOR nonce = 9fa987715d69c1786711dfcd22f830fc + ... and masked = 9fa987715d69c1786711dfcd22f8307c + Tag = 6a8cc3865f76897c2e4b245cf31c51f2 + Initial counter = 6a8cc3865f76897c2e4b245cf31c51f2 + Result (64 bytes) = 50c8303ea93925d64090d07bd109dfd9 + 515a5a33431019c17d93465999a8b005 + 3201d723120a8562b838cdff25bf9d1e + 6a8cc3865f76897c2e4b245cf31c51f2 + + + Plaintext (64 bytes) = 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 05000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 05000000000000000000000000000000 + 08000000000000000002000000000000 + POLYVAL result = ffcd05d5770f34ad9267f0a59994b15a + POLYVAL result XOR nonce = fccd05d5770f34ad9267f0a59994b15a + ... and masked = fccd05d5770f34ad9267f0a59994b15a + Tag = cdc46ae475563de037001ef84ae21744 + Initial counter = cdc46ae475563de037001ef84ae217c4 + Result (80 bytes) = 2f5c64059db55ee0fb847ed513003746 + aca4e61c711b5de2e7a77ffd02da42fe + ec601910d3467bb8b36ebbaebce5fba3 + 0d36c95f48a3e7980f0e7ac299332a80 + cdc46ae475563de037001ef84ae21744 + + + Plaintext (4 bytes) = 02000000 + AAD (12 bytes) = 010000000000000000000000 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 60000000000000002000000000000000 + POLYVAL result = f6ce9d3dcd68a2fd603c7ecc18fb9918 + POLYVAL result XOR nonce = f5ce9d3dcd68a2fd603c7ecc18fb9918 + ... and masked = f5ce9d3dcd68a2fd603c7ecc18fb9918 + Tag = 07eb1f84fb28f8cb73de8e99e2f48a14 + Initial counter = 07eb1f84fb28f8cb73de8e99e2f48a94 + Result (20 bytes) = a8fe3e8707eb1f84fb28f8cb73de8e99 + e2f48a14 + + + Plaintext (20 bytes) = 03000000000000000000000000000000 + 04000000 + AAD (18 bytes) = 01000000000000000000000000000000 + 0200 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 9000000000000000a000000000000000 + POLYVAL result = 4781d492cb8f926c504caa36f61008fe + POLYVAL result XOR nonce = 4481d492cb8f926c504caa36f61008fe + ... and masked = 4481d492cb8f926c504caa36f610087e + Tag = 24afc9805e976f451e6d87f6fe106514 + Initial counter = 24afc9805e976f451e6d87f6fe106594 + Result (36 bytes) = 6bb0fecf5ded9b77f902c7d5da236a43 + 91dd029724afc9805e976f451e6d87f6 + fe106514 + + + Plaintext (18 bytes) = 03000000000000000000000000000000 + 0400 + AAD (20 bytes) = 01000000000000000000000000000000 + 02000000 + Key = 01000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = d9b360279694941ac5dbc6987ada7377 + Record encryption key = 4004a0dcd862f2a57360219d2d44ef6c + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + a0000000000000009000000000000000 + POLYVAL result = 75cbc23a1a10e348aeb8e384b5cc79fd + POLYVAL result XOR nonce = 76cbc23a1a10e348aeb8e384b5cc79fd + ... and masked = 76cbc23a1a10e348aeb8e384b5cc797d + Tag = bff9b2ef00fb47920cc72a0c0f13b9fd + Initial counter = bff9b2ef00fb47920cc72a0c0f13b9fd + Result (34 bytes) = 44d0aaf6fb2f1f34add5e8064e83e12a + 2adabff9b2ef00fb47920cc72a0c0f13 + b9fd + + Plaintext (0 bytes) = + AAD (0 bytes) = + Key = e66021d5eb8e4f4066d4adb9c33560e4 + Nonce = f46e44bb3da0015c94f70887 + Record authentication key = 036ee1fe2d7926af68898095e54e7b3c + Record encryption key = 5e46482396008223b5c1d25173d87539 + POLYVAL input = 00000000000000000000000000000000 + POLYVAL result = 00000000000000000000000000000000 + POLYVAL result XOR nonce = f46e44bb3da0015c94f7088700000000 + ... and masked = f46e44bb3da0015c94f7088700000000 + Tag = a4194b79071b01a87d65f706e3949578 + Initial counter = a4194b79071b01a87d65f706e39495f8 + Result (16 bytes) = a4194b79071b01a87d65f706e3949578 + + + Plaintext (3 bytes) = 7a806c + AAD (5 bytes) = 46bb91c3c5 + Key = 36864200e0eaf5284d884a0e77d31646 + Nonce = bae8e37fc83441b16034566b + Record authentication key = 3e28de1120b2981a0155795ca2812af6 + Record encryption key = 6d4b78b31a4c9c03d8db0f42f7507fae + POLYVAL input = 46bb91c3c50000000000000000000000 + 7a806c00000000000000000000000000 + 28000000000000001800000000000000 + POLYVAL result = 43d9a745511dcfa21b96dd606f1d5720 + POLYVAL result XOR nonce = f931443a99298e137ba28b0b6f1d5720 + ... and masked = f931443a99298e137ba28b0b6f1d5720 + Tag = 711bd85bc1e4d3e0a462e074eea428a8 + Initial counter = 711bd85bc1e4d3e0a462e074eea428a8 + Result (19 bytes) = af60eb711bd85bc1e4d3e0a462e074ee + a428a8 + + + Plaintext (6 bytes) = bdc66f146545 + AAD (10 bytes) = fc880c94a95198874296 + Key = aedb64a6c590bc84d1a5e269e4b47801 + Nonce = afc0577e34699b9e671fdd4f + Record authentication key = 43b8de9cea62330d15cccfc84a33e8c8 + Record encryption key = 8e54631607e431e095b54852868e3a27 + POLYVAL input = fc880c94a95198874296000000000000 + bdc66f14654500000000000000000000 + 50000000000000003000000000000000 + POLYVAL result = 26498e0d2b1ef004e808c458e8f2f515 + POLYVAL result XOR nonce = 8989d9731f776b9a8f171917e8f2f515 + ... and masked = 8989d9731f776b9a8f171917e8f2f515 + Tag = d6a9c45545cfc11f03ad743dba20f966 + Initial counter = d6a9c45545cfc11f03ad743dba20f9e6 + Result (22 bytes) = bb93a3e34d3cd6a9c45545cfc11f03ad + 743dba20f966 + + + Plaintext (9 bytes) = 1177441f195495860f + AAD (15 bytes) = 046787f3ea22c127aaf195d1894728 + Key = d5cc1fd161320b6920ce07787f86743b + Nonce = 275d1ab32f6d1f0434d8848c + Record authentication key = 8a51df64d93eaf667c2c09bd454ce5c5 + Record encryption key = 43ab276c2b4a473918ca73f2dd85109c + POLYVAL input = 046787f3ea22c127aaf195d189472800 + 1177441f195495860f00000000000000 + 78000000000000004800000000000000 + POLYVAL result = 63a3451c0b23345ad02bba59956517cf + POLYVAL result XOR nonce = 44fe5faf244e2b5ee4f33ed5956517cf + ... and masked = 44fe5faf244e2b5ee4f33ed59565174f + Tag = 1d02fd0cd174c84fc5dae2f60f52fd2b + Initial counter = 1d02fd0cd174c84fc5dae2f60f52fdab + Result (25 bytes) = 4f37281f7ad12949d01d02fd0cd174c8 + 4fc5dae2f60f52fd2b + + + Plaintext (12 bytes) = 9f572c614b4745914474e7c7 + AAD (20 bytes) = c9882e5386fd9f92ec489c8fde2be2cf + 97e74e93 + Key = b3fed1473c528b8426a582995929a149 + Nonce = 9e9ad8780c8d63d0ab4149c0 + Record authentication key = 22f50707a95dd416df069d670cb775e8 + Record encryption key = f674a5584ee21fe97b4cebc468ab61e4 + POLYVAL input = c9882e5386fd9f92ec489c8fde2be2cf + 97e74e93000000000000000000000000 + 9f572c614b4745914474e7c700000000 + a0000000000000006000000000000000 + POLYVAL result = 0cca0423fba9d77fe7e2e6963b08cdd0 + POLYVAL result XOR nonce = 9250dc5bf724b4af4ca3af563b08cdd0 + ... and masked = 9250dc5bf724b4af4ca3af563b08cd50 + Tag = c1dc2f871fb7561da1286e655e24b7b0 + Initial counter = c1dc2f871fb7561da1286e655e24b7b0 + Result (28 bytes) = f54673c5ddf710c745641c8bc1dc2f87 + 1fb7561da1286e655e24b7b0 + + + Plaintext (15 bytes) = 0d8c8451178082355c9e940fea2f58 + AAD (25 bytes) = 2950a70d5a1db2316fd568378da107b5 + 2b0da55210cc1c1b0a + Key = 2d4ed87da44102952ef94b02b805249b + Nonce = ac80e6f61455bfac8308a2d4 + Record authentication key = 0b00a29a83e7e95b92e3a0783b29f140 + Record encryption key = a430c27f285aed913005975c42eed5f3 + POLYVAL input = 2950a70d5a1db2316fd568378da107b5 + 2b0da55210cc1c1b0a00000000000000 + 0d8c8451178082355c9e940fea2f5800 + c8000000000000007800000000000000 + POLYVAL result = 1086ef25247aa41009bbc40871d9b350 + POLYVAL result XOR nonce = bc0609d3302f1bbc8ab366dc71d9b350 + ... and masked = bc0609d3302f1bbc8ab366dc71d9b350 + Tag = 83b3449b9f39552de99dc214a1190b0b + Initial counter = 83b3449b9f39552de99dc214a1190b8b + Result (31 bytes) = c9ff545e07b88a015f05b274540aa183 + b3449b9f39552de99dc214a1190b0b + + + Plaintext (18 bytes) = 6b3db4da3d57aa94842b9803a96e07fb + 6de7 + AAD (30 bytes) = 1860f762ebfbd08284e421702de0de18 + baa9c9596291b08466f37de21c7f + Key = bde3b2f204d1e9f8b06bc47f9745b3d1 + Nonce = ae06556fb6aa7890bebc18fe + Record authentication key = 21c874a8bad3603d1c3e8784df5b3f9f + Record encryption key = d1c16d72651c3df504eae27129d818e8 + POLYVAL input = 1860f762ebfbd08284e421702de0de18 + baa9c9596291b08466f37de21c7f0000 + 6b3db4da3d57aa94842b9803a96e07fb + 6de70000000000000000000000000000 + f0000000000000009000000000000000 + POLYVAL result = 55462a5afa0da8d646481e049ef9c764 + POLYVAL result XOR nonce = fb407f354ca7d046f8f406fa9ef9c764 + ... and masked = fb407f354ca7d046f8f406fa9ef9c764 + Tag = 3e377094f04709f64d7b985310a4db84 + Initial counter = 3e377094f04709f64d7b985310a4db84 + Result (34 bytes) = 6298b296e24e8cc35dce0bed484b7f30 + d5803e377094f04709f64d7b985310a4 + db84 + + + Plaintext (21 bytes) = e42a3c02c25b64869e146d7b233987bd + dfc240871d + AAD (35 bytes) = 7576f7028ec6eb5ea7e298342a94d4b2 + 02b370ef9768ec6561c4fe6b7e7296fa + 859c21 + Key = f901cfe8a69615a93fdf7a98cad48179 + Nonce = 6245709fb18853f68d833640 + Record authentication key = 3724f55f1d22ac0ab830da0b6a995d74 + Record encryption key = 75ac87b70c05db287de779006105a344 + POLYVAL input = 7576f7028ec6eb5ea7e298342a94d4b2 + 02b370ef9768ec6561c4fe6b7e7296fa + 859c2100000000000000000000000000 + e42a3c02c25b64869e146d7b233987bd + dfc240871d0000000000000000000000 + 1801000000000000a800000000000000 + POLYVAL result = 4cbba090f03f7d1188ea55749fa6c7bd + POLYVAL result XOR nonce = 2efed00f41b72ee7056963349fa6c7bd + ... and masked = 2efed00f41b72ee7056963349fa6c73d + Tag = 2d15506c84a9edd65e13e9d24a2a6e70 + Initial counter = 2d15506c84a9edd65e13e9d24a2a6ef0 + Result (37 bytes) = 391cc328d484a4f46406181bcd62efd9 + b3ee197d052d15506c84a9edd65e13e9 + d24a2a6e70 diff --git a/testdata/rfc8452_256.txt b/testdata/rfc8452_256.txt new file mode 100644 index 0000000..e47b896 --- /dev/null +++ b/testdata/rfc8452_256.txt @@ -0,0 +1,527 @@ + Plaintext (0 bytes) = + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 00000000000000000000000000000000 + POLYVAL result = 00000000000000000000000000000000 + POLYVAL result XOR nonce = 03000000000000000000000000000000 + ... and masked = 03000000000000000000000000000000 + Tag = 07f5f4169bbf55a8400cd47ea6fd400f + Initial counter = 07f5f4169bbf55a8400cd47ea6fd408f + Result (16 bytes) = 07f5f4169bbf55a8400cd47ea6fd400f + + + Plaintext (8 bytes) = 0100000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 00000000000000004000000000000000 + POLYVAL result = 05230f62f0eac8aa14fe4d646b59cd41 + POLYVAL result XOR nonce = 06230f62f0eac8aa14fe4d646b59cd41 + ... and masked = 06230f62f0eac8aa14fe4d646b59cd41 + Tag = 843122130f7364b761e0b97427e3df28 + Initial counter = 843122130f7364b761e0b97427e3dfa8 + Result (24 bytes) = c2ef328e5c71c83b843122130f7364b7 + 61e0b97427e3df28 + + + Plaintext (12 bytes) = 010000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 00000000000000006000000000000000 + POLYVAL result = 6d81a24732fd6d03ae5af544720a1c13 + POLYVAL result XOR nonce = 6e81a24732fd6d03ae5af544720a1c13 + ... and masked = 6e81a24732fd6d03ae5af544720a1c13 + Tag = 8ca50da9ae6559e48fd10f6e5c9ca17e + Initial counter = 8ca50da9ae6559e48fd10f6e5c9ca1fe + Result (28 bytes) = 9aab2aeb3faa0a34aea8e2b18ca50da9 + ae6559e48fd10f6e5c9ca17e + + + Plaintext (16 bytes) = 01000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 00000000000000008000000000000000 + POLYVAL result = 74eee2bf7c9a165f8b25dea73db32a6d + POLYVAL result XOR nonce = 77eee2bf7c9a165f8b25dea73db32a6d + ... and masked = 77eee2bf7c9a165f8b25dea73db32a6d + Tag = c9eac6fa700942702e90862383c6c366 + Initial counter = c9eac6fa700942702e90862383c6c3e6 + Result (32 bytes) = 85a01b63025ba19b7fd3ddfc033b3e76 + c9eac6fa700942702e90862383c6c366 + + + Plaintext (32 bytes) = 01000000000000000000000000000000 + 02000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 00000000000000000001000000000000 + POLYVAL result = 899b6381b3d46f0def7aa0517ba188f5 + POLYVAL result XOR nonce = 8a9b6381b3d46f0def7aa0517ba188f5 + ... and masked = 8a9b6381b3d46f0def7aa0517ba18875 + Tag = e819e63abcd020b006a976397632eb5d + Initial counter = e819e63abcd020b006a976397632ebdd + Result (48 bytes) = 4a6a9db4c8c6549201b9edb53006cba8 + 21ec9cf850948a7c86c68ac7539d027f + e819e63abcd020b006a976397632eb5d + + + Plaintext (48 bytes) = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 00000000000000008001000000000000 + POLYVAL result = c1f8593d8fc29b0c290cae1992f71f51 + POLYVAL result XOR nonce = c2f8593d8fc29b0c290cae1992f71f51 + ... and masked = c2f8593d8fc29b0c290cae1992f71f51 + Tag = 790bc96880a99ba804bd12c0e6a22cc4 + Initial counter = 790bc96880a99ba804bd12c0e6a22cc4 + Result (64 bytes) = c00d121893a9fa603f48ccc1ca3c57ce + 7499245ea0046db16c53c7c66fe717e3 + 9cf6c748837b61f6ee3adcee17534ed5 + 790bc96880a99ba804bd12c0e6a22cc4 + + + Plaintext (64 bytes) = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + AAD (0 bytes) = + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 00000000000000000002000000000000 + POLYVAL result = 6ef38b06046c7c0e225efaef8e2ec4c4 + POLYVAL result XOR nonce = 6df38b06046c7c0e225efaef8e2ec4c4 + ... and masked = 6df38b06046c7c0e225efaef8e2ec444 + Tag = 112864c269fc0d9d88c61fa47e39aa08 + Initial counter = 112864c269fc0d9d88c61fa47e39aa88 + Result (80 bytes) = c2d5160a1f8683834910acdafc41fbb1 + 632d4a353e8b905ec9a5499ac34f96c7 + e1049eb080883891a4db8caaa1f99dd0 + 04d80487540735234e3744512c6f90ce + 112864c269fc0d9d88c61fa47e39aa08 + + + Plaintext (8 bytes) = 0200000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 08000000000000004000000000000000 + POLYVAL result = 34e57bafe011b9b36fc6821b7ffb3354 + POLYVAL result XOR nonce = 37e57bafe011b9b36fc6821b7ffb3354 + ... and masked = 37e57bafe011b9b36fc6821b7ffb3354 + Tag = 91213f267e3b452f02d01ae33e4ec854 + Initial counter = 91213f267e3b452f02d01ae33e4ec8d4 + Result (24 bytes) = 1de22967237a813291213f267e3b452f + 02d01ae33e4ec854 + + + Plaintext (12 bytes) = 020000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 08000000000000006000000000000000 + POLYVAL result = 5c47d68a22061c1ad5623a3b66a8e206 + POLYVAL result XOR nonce = 5f47d68a22061c1ad5623a3b66a8e206 + ... and masked = 5f47d68a22061c1ad5623a3b66a8e206 + Tag = c1a4a19ae800941ccdc57cc8413c277f + Initial counter = c1a4a19ae800941ccdc57cc8413c27ff + Result (28 bytes) = 163d6f9cc1b346cd453a2e4cc1a4a19a + e800941ccdc57cc8413c277f + + + Plaintext (16 bytes) = 02000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 08000000000000008000000000000000 + POLYVAL result = 452896726c616746f01d11d82911d478 + POLYVAL result XOR nonce = 462896726c616746f01d11d82911d478 + ... and masked = 462896726c616746f01d11d82911d478 + Tag = b292d28ff61189e8e49f3875ef91aff7 + Initial counter = b292d28ff61189e8e49f3875ef91aff7 + Result (32 bytes) = c91545823cc24f17dbb0e9e807d5ec17 + b292d28ff61189e8e49f3875ef91aff7 + + + Plaintext (32 bytes) = 02000000000000000000000000000000 + 03000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 08000000000000000001000000000000 + POLYVAL result = 4e58c1e341c9bb0ae34eda9509dfc90c + POLYVAL result XOR nonce = 4d58c1e341c9bb0ae34eda9509dfc90c + ... and masked = 4d58c1e341c9bb0ae34eda9509dfc90c + Tag = aea1bad12702e1965604374aab96dbbc + Initial counter = aea1bad12702e1965604374aab96dbbc + Result (48 bytes) = 07dad364bfc2b9da89116d7bef6daaaf + 6f255510aa654f920ac81b94e8bad365 + aea1bad12702e1965604374aab96dbbc + + + Plaintext (48 bytes) = 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 08000000000000008001000000000000 + POLYVAL result = 2566a4aff9a525df9772c16d4eaf8d2a + POLYVAL result XOR nonce = 2666a4aff9a525df9772c16d4eaf8d2a + ... and masked = 2666a4aff9a525df9772c16d4eaf8d2a + Tag = 03332742b228c647173616cfd44c54eb + Initial counter = 03332742b228c647173616cfd44c54eb + Result (64 bytes) = c67a1f0f567a5198aa1fcc8e3f213143 + 36f7f51ca8b1af61feac35a86416fa47 + fbca3b5f749cdf564527f2314f42fe25 + 03332742b228c647173616cfd44c54eb + + + Plaintext (64 bytes) = 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 05000000000000000000000000000000 + AAD (1 bytes) = 01 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 05000000000000000000000000000000 + 08000000000000000002000000000000 + POLYVAL result = da58d2f61b0a9d343b2f37fb0c519733 + POLYVAL result XOR nonce = d958d2f61b0a9d343b2f37fb0c519733 + ... and masked = d958d2f61b0a9d343b2f37fb0c519733 + Tag = 5bde0285037c5de81e5b570a049b62a0 + Initial counter = 5bde0285037c5de81e5b570a049b62a0 + Result (80 bytes) = 67fd45e126bfb9a79930c43aad2d3696 + 7d3f0e4d217c1e551f59727870beefc9 + 8cb933a8fce9de887b1e40799988db1f + c3f91880ed405b2dd298318858467c89 + 5bde0285037c5de81e5b570a049b62a0 + + + Plaintext (4 bytes) = 02000000 + AAD (12 bytes) = 010000000000000000000000 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 60000000000000002000000000000000 + POLYVAL result = 6dc76ae84b88916e073a303aafde05cf + POLYVAL result XOR nonce = 6ec76ae84b88916e073a303aafde05cf + ... and masked = 6ec76ae84b88916e073a303aafde054f + Tag = 1835e517741dfddccfa07fa4661b74cf + Initial counter = 1835e517741dfddccfa07fa4661b74cf + Result (20 bytes) = 22b3f4cd1835e517741dfddccfa07fa4 + 661b74cf + + + Plaintext (20 bytes) = 03000000000000000000000000000000 + 04000000 + AAD (18 bytes) = 01000000000000000000000000000000 + 0200 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + 9000000000000000a000000000000000 + POLYVAL result = 973ef4fd04bd31d193816ab26f8655ca + POLYVAL result XOR nonce = 943ef4fd04bd31d193816ab26f8655ca + ... and masked = 943ef4fd04bd31d193816ab26f86554a + Tag = b879ad976d8242acc188ab59cabfe307 + Initial counter = b879ad976d8242acc188ab59cabfe387 + Result (36 bytes) = 43dd0163cdb48f9fe3212bf61b201976 + 067f342bb879ad976d8242acc188ab59 + cabfe307 + + + Plaintext (18 bytes) = 03000000000000000000000000000000 + 0400 + AAD (20 bytes) = 01000000000000000000000000000000 + 02000000 + Key = 01000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 030000000000000000000000 + Record authentication key = b5d3c529dfafac43136d2d11be284d7f + Record encryption key = b914f4742be9e1d7a2f84addbf96dec3 + 456e3c6c05ecc157cdbf0700fedad222 + POLYVAL input = 01000000000000000000000000000000 + 02000000000000000000000000000000 + 03000000000000000000000000000000 + 04000000000000000000000000000000 + a0000000000000009000000000000000 + POLYVAL result = 2cbb6b7ab2dbffefb797f825f826870c + POLYVAL result XOR nonce = 2fbb6b7ab2dbffefb797f825f826870c + ... and masked = 2fbb6b7ab2dbffefb797f825f826870c + Tag = cfcdf5042112aa29685c912fc2056543 + Initial counter = cfcdf5042112aa29685c912fc20565c3 + Result (34 bytes) = 462401724b5ce6588d5a54aae5375513 + a075cfcdf5042112aa29685c912fc205 + 6543 + + Plaintext (0 bytes) = + AAD (0 bytes) = + Key = e66021d5eb8e4f4066d4adb9c33560e4 + f46e44bb3da0015c94f7088736864200 + Nonce = e0eaf5284d884a0e77d31646 + Record authentication key = e40d26f82774aa27f47b047b608b9585 + Record encryption key = 7c7c3d9a542cef53dde0e6de9b580040 + 0f82e73ec5f7ee41b7ba8dcb9ba078c3 + POLYVAL input = 00000000000000000000000000000000 + POLYVAL result = 00000000000000000000000000000000 + POLYVAL result XOR nonce = e0eaf5284d884a0e77d3164600000000 + ... and masked = e0eaf5284d884a0e77d3164600000000 + Tag = 169fbb2fbf389a995f6390af22228a62 + Initial counter = 169fbb2fbf389a995f6390af22228ae2 + Result (16 bytes) = 169fbb2fbf389a995f6390af22228a62 + + + Plaintext (3 bytes) = 671fdd + AAD (5 bytes) = 4fbdc66f14 + Key = bae8e37fc83441b16034566b7a806c46 + bb91c3c5aedb64a6c590bc84d1a5e269 + Nonce = e4b47801afc0577e34699b9e + Record authentication key = b546f5a850d0a90adfe39e95c2510fc6 + Record encryption key = b9d1e239d62cbb5c49273ddac8838bdc + c53bca478a770f07087caa4e0a924a55 + POLYVAL input = 4fbdc66f140000000000000000000000 + 671fdd00000000000000000000000000 + 28000000000000001800000000000000 + POLYVAL result = b91f91f96b159a7c611c05035b839e92 + POLYVAL result XOR nonce = 5dabe9f8c4d5cd0255759e9d5b839e92 + ... and masked = 5dabe9f8c4d5cd0255759e9d5b839e12 + Tag = 93da9bb81333aee0c785b240d319719d + Initial counter = 93da9bb81333aee0c785b240d319719d + Result (19 bytes) = 0eaccb93da9bb81333aee0c785b240d3 + 19719d + + + Plaintext (6 bytes) = 195495860f04 + AAD (10 bytes) = 6787f3ea22c127aaf195 + Key = 6545fc880c94a95198874296d5cc1fd1 + 61320b6920ce07787f86743b275d1ab3 + Nonce = 2f6d1f0434d8848c1177441f + Record authentication key = e156e1f9b0b07b780cbe30f259e3c8da + Record encryption key = 6fc1c494519f944aae52fcd8b14e5b17 + 1b5a9429d3b76e430d49940c0021d612 + POLYVAL input = 6787f3ea22c127aaf195000000000000 + 195495860f0400000000000000000000 + 50000000000000003000000000000000 + POLYVAL result = 2c480ed9d236b1df24c6eec109bd40c1 + POLYVAL result XOR nonce = 032511dde6ee355335b1aade09bd40c1 + ... and masked = 032511dde6ee355335b1aade09bd4041 + Tag = 6b62b84dc40c84636a5ec12020ec8c2c + Initial counter = 6b62b84dc40c84636a5ec12020ec8cac + Result (22 bytes) = a254dad4f3f96b62b84dc40c84636a5e + c12020ec8c2c + + + Plaintext (9 bytes) = c9882e5386fd9f92ec + AAD (15 bytes) = 489c8fde2be2cf97e74e932d4ed87d + Key = d1894728b3fed1473c528b8426a58299 + 5929a1499e9ad8780c8d63d0ab4149c0 + Nonce = 9f572c614b4745914474e7c7 + Record authentication key = 0533fd71f4119257361a3ff1469dd4e5 + Record encryption key = 4feba89799be8ac3684fa2bb30ade0ea + 51390e6d87dcf3627d2ee44493853abe + POLYVAL input = 489c8fde2be2cf97e74e932d4ed87d00 + c9882e5386fd9f92ec00000000000000 + 78000000000000004800000000000000 + POLYVAL result = bf160bc9ded8c63057d2c38aae552fb4 + POLYVAL result XOR nonce = 204127a8959f83a113a6244dae552fb4 + ... and masked = 204127a8959f83a113a6244dae552f34 + Tag = c0fd3dc6628dfe55ebb0b9fb2295c8c2 + Initial counter = c0fd3dc6628dfe55ebb0b9fb2295c8c2 + Result (25 bytes) = 0df9e308678244c44bc0fd3dc6628dfe + 55ebb0b9fb2295c8c2 + + + Plaintext (12 bytes) = 1db2316fd568378da107b52b + AAD (20 bytes) = 0da55210cc1c1b0abde3b2f204d1e9f8 + b06bc47f + Key = a44102952ef94b02b805249bac80e6f6 + 1455bfac8308a2d40d8c845117808235 + Nonce = 5c9e940fea2f582950a70d5a + Record authentication key = 64779ab10ee8a280272f14cc8851b727 + Record encryption key = 25f40fc63f49d3b9016a8eeeb75846e0 + d72ca36ddbd312b6f5ef38ad14bd2651 + POLYVAL input = 0da55210cc1c1b0abde3b2f204d1e9f8 + b06bc47f000000000000000000000000 + 1db2316fd568378da107b52b00000000 + a0000000000000006000000000000000 + POLYVAL result = cc86ee22c861e1fd474c84676b42739c + POLYVAL result XOR nonce = 90187a2d224eb9d417eb893d6b42739c + ... and masked = 90187a2d224eb9d417eb893d6b42731c + Tag = 404099c2587f64979f21826706d497d5 + Initial counter = 404099c2587f64979f21826706d497d5 + Result (28 bytes) = 8dbeb9f7255bf5769dd56692404099c2 + 587f64979f21826706d497d5 + + + Plaintext (15 bytes) = 21702de0de18baa9c9596291b08466 + AAD (25 bytes) = f37de21c7ff901cfe8a69615a93fdf7a + 98cad481796245709f + Key = 9745b3d1ae06556fb6aa7890bebc18fe + 6b3db4da3d57aa94842b9803a96e07fb + Nonce = 6de71860f762ebfbd08284e4 + Record authentication key = 27c2959ed4daea3b1f52e849478de376 + Record encryption key = 307a38a5a6cf231c0a9af3b527f23a62 + e9a6ff09aff8ae669f760153e864fc93 + POLYVAL input = f37de21c7ff901cfe8a69615a93fdf7a + 98cad481796245709f00000000000000 + 21702de0de18baa9c9596291b0846600 + c8000000000000007800000000000000 + POLYVAL result = c4fa5e5b713853703bcf8e6424505fa5 + POLYVAL result XOR nonce = a91d463b865ab88beb4d0a8024505fa5 + ... and masked = a91d463b865ab88beb4d0a8024505f25 + Tag = b3080d28f6ebb5d3648ce97bd5ba67fd + Initial counter = b3080d28f6ebb5d3648ce97bd5ba67fd + Result (31 bytes) = 793576dfa5c0f88729a7ed3c2f1bffb3 + 080d28f6ebb5d3648ce97bd5ba67fd + + + Plaintext (18 bytes) = b202b370ef9768ec6561c4fe6b7e7296 + fa85 + AAD (30 bytes) = 9c2159058b1f0fe91433a5bdc20e214e + ab7fecef4454a10ef0657df21ac7 + Key = b18853f68d833640e42a3c02c25b6486 + 9e146d7b233987bddfc240871d7576f7 + Nonce = 028ec6eb5ea7e298342a94d4 + Record authentication key = 670b98154076ddb59b7a9137d0dcc0f0 + Record encryption key = 78116d78507fbe69d4a820c350f55c7c + b36c3c9287df0e9614b142b76a587c3f + POLYVAL input = 9c2159058b1f0fe91433a5bdc20e214e + ab7fecef4454a10ef0657df21ac70000 + b202b370ef9768ec6561c4fe6b7e7296 + fa850000000000000000000000000000 + f0000000000000009000000000000000 + POLYVAL result = 4e4108f09f41d797dc9256f8da8d58c7 + POLYVAL result XOR nonce = 4ccfce1bc1e6350fe8b8c22cda8d58c7 + ... and masked = 4ccfce1bc1e6350fe8b8c22cda8d5847 + Tag = 454fc2a154fea91f8363a39fec7d0a49 + Initial counter = 454fc2a154fea91f8363a39fec7d0ac9 + Result (34 bytes) = 857e16a64915a787637687db4a951963 + 5cdd454fc2a154fea91f8363a39fec7d + 0a49 + + + Plaintext (21 bytes) = ced532ce4159b035277d4dfbb7db6296 + 8b13cd4eec + AAD (35 bytes) = 734320ccc9d9bbbb19cb81b2af4ecbc3 + e72834321f7aa0f70b7282b4f33df23f + 167541 + Key = 3c535de192eaed3822a2fbbe2ca9dfc8 + 8255e14a661b8aa82cc54236093bbc23 + Nonce = 688089e55540db1872504e1c + Record authentication key = cb8c3aa3f8dbaeb4b28a3e86ff6625f8 + Record encryption key = 02426ce1aa3ab31313b0848469a1b5fc + 6c9af9602600b195b04ad407026bc06d + POLYVAL input = 734320ccc9d9bbbb19cb81b2af4ecbc3 + e72834321f7aa0f70b7282b4f33df23f + 16754100000000000000000000000000 + ced532ce4159b035277d4dfbb7db6296 + 8b13cd4eec0000000000000000000000 + 1801000000000000a800000000000000 + POLYVAL result = ffd503c7dd712eb3791b7114b17bb0cf + POLYVAL result XOR nonce = 97558a228831f5ab0b4b3f08b17bb0cf + ... and masked = 97558a228831f5ab0b4b3f08b17bb04f + Tag = 9d6c7029675b89eaf4ba1ded1a286594 + Initial counter = 9d6c7029675b89eaf4ba1ded1a286594 + Result (37 bytes) = 626660c26ea6612fb17ad91e8e767639 + edd6c9faee9d6c7029675b89eaf4ba1d + ed1a286594 diff --git a/testdata/rfc8452_256_wrap.txt b/testdata/rfc8452_256_wrap.txt new file mode 100644 index 0000000..cbd65e2 --- /dev/null +++ b/testdata/rfc8452_256_wrap.txt @@ -0,0 +1,42 @@ + Plaintext (32 bytes) = 00000000000000000000000000000000 + 4db923dc793ee6497c76dcc03a98e108 + AAD (0 bytes) = + Key = 00000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 000000000000000000000000 + Record authentication key = dc95c078a24089895275f3d86b4fb868 + Record encryption key = 779b38d15bffb63d39d6e9ae76a9b2f3 + 75d11b0e3a68c422845c7d4690fa594f + POLYVAL input = 00000000000000000000000000000000 + 4db923dc793ee6497c76dcc03a98e108 + 00000000000000000001000000000000 + POLYVAL result = 7367cdb411b730128dd56e8edc0eff56 + POLYVAL result XOR nonce = 7367cdb411b730128dd56e8edc0eff56 + ... and masked = 7367cdb411b730128dd56e8edc0eff56 + Tag = ffffffff000000000000000000000000 + Initial counter = ffffffff000000000000000000000080 + Result (48 bytes) = f3f80f2cf0cb2dd9c5984fcda908456c + c537703b5ba70324a6793a7bf218d3ea + ffffffff000000000000000000000000 + + + Plaintext (24 bytes) = eb3640277c7ffd1303c7a542d02d3e4c + 0000000000000000 + AAD (0 bytes) = + Key = 00000000000000000000000000000000 + 00000000000000000000000000000000 + Nonce = 000000000000000000000000 + Record authentication key = dc95c078a24089895275f3d86b4fb868 + Record encryption key = 779b38d15bffb63d39d6e9ae76a9b2f3 + 75d11b0e3a68c422845c7d4690fa594f + POLYVAL input = eb3640277c7ffd1303c7a542d02d3e4c + 00000000000000000000000000000000 + 0000000000000000c000000000000000 + POLYVAL result = 7367cdb411b730128dd56e8edc0eff56 + POLYVAL result XOR nonce = 7367cdb411b730128dd56e8edc0eff56 + ... and masked = 7367cdb411b730128dd56e8edc0eff56 + Tag = ffffffff000000000000000000000000 + Initial counter = ffffffff000000000000000000000080 + Result (40 bytes) = 18ce4f0b8cb4d0cac65fea8f79257b20 + 888e53e72299e56dffffffff00000000 + 0000000000000000