diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..0bc1bab --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "rust"] + path = rust + url = https://github.com/input-output-hk/rust-cardano-crypto diff --git a/.travis.yml b/.travis.yml index effaedc..3b40e18 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,11 +5,7 @@ script: - cargo test --verbose --all matrix: include: - - rust: stable - - rust: beta - rust: nightly - - rust: nightly - env: NODE_JS_GLUE before_script: - rustup target add wasm32-unknown-unknown --toolchain nightly - nvm install 8.2.1 diff --git a/Cargo.toml b/Cargo.toml deleted file mode 100644 index e76bd30..0000000 --- a/Cargo.toml +++ /dev/null @@ -1,8 +0,0 @@ -[workspace] -members = [ - "rcw", - "wallet-crypto", - "wallet-wasm", -] -[dependencies] -printer = { path = "rust-crypto-wasm" } diff --git a/README.md b/README.md index a1673a0..735d4a2 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,22 @@ -cardano rust / wasm experiments -=============================== +# cardano wasm binding for JavaScript + +## Installation -Installation ------------- ``` # install rustup curl https://sh.rustup.rs -sSf | sh # use nightly version rustup install nightly -rustup default nightly -# with wasm32 target rustup target add wasm32-unknown-unknown --toolchain nightly ``` -Build the Library ------------------ +## Build the Library To Compile the rust crypto to a Web Assembly (WASM) module and build JS library run the `./build` script. (only necessary if you want to build locally) -Run the Example -------------------- +## Run the Example + There is a simple example application in `js-example` that can be run to test some of the features. ### installation @@ -31,26 +27,31 @@ within `js-example/` folder 3. `npm run install` ### Building + within `js-example/` run `npm run build` ### Running + open `js-example/index.html` in any browser -Use the Crypto Library ----------------------- +## Use the Crypto Library ### Install + You can either build the library locally on your machine to test the latest version with your project or install via NPM. #### Install locally: + in the root of this repo: `npm link` in the root of your project: `npm link rust-cardano-crypto` #### Install via NPM: + in the root of your project: `npm install rust-cardano-crypto` ### Import the API in Your Code + ```js // Import like this: import CardanoCrypto from 'rust-cardano-crypto' diff --git a/build b/build index 3e160bf..e50fbb3 100755 --- a/build +++ b/build @@ -1,4 +1,7 @@ #!/bin/sh set +e +git submodule update --init --recursive +pushd wallet-wasm cargo +nightly build --target wasm32-unknown-unknown --release --verbose +popd npm run build diff --git a/js/RustModule.js b/js/RustModule.js index fcef799..6e8dd3a 100644 --- a/js/RustModule.js +++ b/js/RustModule.js @@ -1,4 +1,4 @@ -import loadModule from '../target/wasm32-unknown-unknown/release/wallet_wasm.wasm'; +import loadModule from '../wallet-wasm/target/wasm32-unknown-unknown/release/wallet_wasm.wasm'; let Module = null; diff --git a/package-lock.json b/package-lock.json index 5e7af7d..b14fa14 100644 --- a/package-lock.json +++ b/package-lock.json @@ -239,9 +239,9 @@ "dev": true }, "acorn": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.5.0.tgz", - "integrity": "sha1-GrtYf78FH5Tj3iDmsm75ELGCgpg=", + "version": "5.5.3", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.5.3.tgz", + "integrity": "sha512-jd5MkIUlbbmb07nXH0DT3y7rDVtkzDi4XZOUVWAer8ajmF/DTSSbl5oNFyDOl/OXA33Bl79+ypHhl2pN20VeOQ==", "dev": true }, "acorn-dynamic-import": { @@ -262,14 +262,15 @@ } }, "ajv": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.2.1.tgz", - "integrity": "sha1-KKarxJOiq+D7TIUHrK7bQ/pVBnE=", + "version": "6.4.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.4.0.tgz", + "integrity": "sha1-06/3jpJ3VJdx2vAWTP9ISCt1T8Y=", "dev": true, "requires": { "fast-deep-equal": "1.1.0", "fast-json-stable-stringify": "2.0.0", - "json-schema-traverse": "0.3.1" + "json-schema-traverse": "0.3.1", + "uri-js": "3.0.2" } }, "ajv-keywords": { @@ -350,12 +351,12 @@ "asn1.js": { "version": "4.10.1", "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz", - "integrity": "sha1-ucK/WAXx5kqt7tbfOiv6+1pz9aA=", + "integrity": "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==", "dev": true, "requires": { "bn.js": "4.11.8", "inherits": "2.0.3", - "minimalistic-assert": "1.0.0" + "minimalistic-assert": "1.0.1" } }, "assert": { @@ -382,7 +383,7 @@ "async": { "version": "2.6.0", "resolved": "https://registry.npmjs.org/async/-/async-2.6.0.tgz", - "integrity": "sha1-YaKau2/MAm/qd+VtHG7FOnlZUfQ=", + "integrity": "sha512-xAfGg1/NTLBBKlHFmnd7PlmUW9KhVQIUuSrYem9xzFUZy13ScvtyGGejaae9iAVRiRq9+Cx7DPFaAAhCpyxyPw==", "dev": true, "requires": { "lodash": "4.17.5" @@ -1130,9 +1131,9 @@ } }, "base64-js": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.2.3.tgz", - "integrity": "sha1-+xNmgjPZYUz1+0vOlam6QJbN+AE=", + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.0.tgz", + "integrity": "sha512-ccav/yGvoa80BQDljCxsmmQ3Xvx60/UpBIij5QN21W3wBi/hhIC9OoO+KLpu9IJTS9j4DRVJ3aDDF9cMSoa2lw==", "dev": true }, "big.js": { @@ -1162,7 +1163,7 @@ "bn.js": { "version": "4.11.8", "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.8.tgz", - "integrity": "sha1-LN4J617jQfSEdGuwMJsyU7GxRC8=", + "integrity": "sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA==", "dev": true }, "boxen": { @@ -1257,9 +1258,9 @@ "dev": true }, "browserify-aes": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.1.1.tgz", - "integrity": "sha1-OLerVe24Bv8tzaGn8WIHc6R3xJ8=", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", + "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==", "dev": true, "requires": { "buffer-xor": "1.0.3", @@ -1271,20 +1272,20 @@ } }, "browserify-cipher": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/browserify-cipher/-/browserify-cipher-1.0.0.tgz", - "integrity": "sha1-mYgkSHS/XtTijalWZtzWasj8Njo=", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/browserify-cipher/-/browserify-cipher-1.0.1.tgz", + "integrity": "sha512-sPhkz0ARKbf4rRQt2hTpAHqn47X3llLkUGn+xEJzLjwY8LRs2p0v7ljvI5EyoRO/mexrNunNECisZs+gw2zz1w==", "dev": true, "requires": { - "browserify-aes": "1.1.1", - "browserify-des": "1.0.0", + "browserify-aes": "1.2.0", + "browserify-des": "1.0.1", "evp_bytestokey": "1.0.3" } }, "browserify-des": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/browserify-des/-/browserify-des-1.0.0.tgz", - "integrity": "sha1-2qJ3cXRwki7S/hhZQRihdUOXId0=", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/browserify-des/-/browserify-des-1.0.1.tgz", + "integrity": "sha512-zy0Cobe3hhgpiOM32Tj7KQ3Vl91m0njwsjzZQK1L+JDf11dzP9qIvjreVinsvXrgfjhStXwUWAEpB9D7Gwmayw==", "dev": true, "requires": { "cipher-base": "1.0.4", @@ -1314,13 +1315,13 @@ "create-hmac": "1.1.6", "elliptic": "6.4.0", "inherits": "2.0.3", - "parse-asn1": "5.1.0" + "parse-asn1": "5.1.1" } }, "browserify-zlib": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", - "integrity": "sha1-KGlFnZqjviRf6P4sofRuLn9U1z8=", + "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", "dev": true, "requires": { "pako": "1.0.6" @@ -1342,8 +1343,8 @@ "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=", "dev": true, "requires": { - "base64-js": "1.2.3", - "ieee754": "1.1.8", + "base64-js": "1.3.0", + "ieee754": "1.1.11", "isarray": "1.0.0" } }, @@ -1694,9 +1695,9 @@ "dev": true }, "create-ecdh": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.0.tgz", - "integrity": "sha1-iIxyNZbN92EvZJgjPuvXo1MBc30=", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.1.tgz", + "integrity": "sha512-iZvCCg8XqHQZ1ioNBTzXS/cQSkqkqcPs8xSX4upNB+DAk9Ht3uzQf2J32uAHNCne8LDmKr29AgZrEs4oIrwLuQ==", "dev": true, "requires": { "bn.js": "4.11.8", @@ -1752,18 +1753,18 @@ "crypto-browserify": { "version": "3.12.0", "resolved": "https://registry.npmjs.org/crypto-browserify/-/crypto-browserify-3.12.0.tgz", - "integrity": "sha1-OWz58xN/A+S45TLFj2mCVOAPgOw=", + "integrity": "sha512-fz4spIh+znjO2VjL+IdhEpRJ3YN6sMzITSBijk6FK2UvTqruSQW+/cCZTSNsMiZNvUeq0CqurF+dAbyiGOY6Wg==", "dev": true, "requires": { - "browserify-cipher": "1.0.0", + "browserify-cipher": "1.0.1", "browserify-sign": "4.0.4", - "create-ecdh": "4.0.0", + "create-ecdh": "4.0.1", "create-hash": "1.1.3", "create-hmac": "1.1.6", - "diffie-hellman": "5.0.2", + "diffie-hellman": "5.0.3", "inherits": "2.0.3", "pbkdf2": "3.0.14", - "public-encrypt": "4.0.0", + "public-encrypt": "4.0.2", "randombytes": "2.0.6", "randomfill": "1.0.4" } @@ -1780,7 +1781,7 @@ "integrity": "sha1-dUu1v+VUUdpppYuU1F9MWwRi1Y8=", "dev": true, "requires": { - "es5-ext": "0.10.39" + "es5-ext": "0.10.42" } }, "date-now": { @@ -1842,7 +1843,7 @@ "dev": true, "requires": { "inherits": "2.0.3", - "minimalistic-assert": "1.0.0" + "minimalistic-assert": "1.0.1" } }, "detect-indent": { @@ -1861,9 +1862,9 @@ "dev": true }, "diffie-hellman": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.2.tgz", - "integrity": "sha1-tYNXOScM/ias9jIJn97SoH8gnl4=", + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz", + "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==", "dev": true, "requires": { "bn.js": "4.11.8", @@ -1874,7 +1875,7 @@ "domain-browser": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/domain-browser/-/domain-browser-1.2.0.tgz", - "integrity": "sha1-PTH1AZGmdJ3RN1p/Ui6CPULlTto=", + "integrity": "sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==", "dev": true }, "dot-prop": { @@ -1915,7 +1916,7 @@ "hash.js": "1.1.3", "hmac-drbg": "1.0.1", "inherits": "2.0.3", - "minimalistic-assert": "1.0.0", + "minimalistic-assert": "1.0.1", "minimalistic-crypto-utils": "1.0.1" } }, @@ -1940,7 +1941,7 @@ "errno": { "version": "0.1.7", "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.7.tgz", - "integrity": "sha1-RoTXF3mtOa8Xfj8AeZb3xnyFJhg=", + "integrity": "sha512-MfrRBDWzIWifgq6tJj60gkAwtLNb6sQPlcFrSOflcP1aFmmruKQ2wRnze/8V6kgyz7H3FF8Npzv78mZ7XLLflg==", "dev": true, "requires": { "prr": "1.0.1" @@ -1956,13 +1957,14 @@ } }, "es5-ext": { - "version": "0.10.39", - "resolved": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.39.tgz", - "integrity": "sha1-/KIbZ1WSd8pKwaHtcEixB7b3bYc=", + "version": "0.10.42", + "resolved": "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.42.tgz", + "integrity": "sha512-AJxO1rmPe1bDEfSR6TJ/FgMFYuTBhR5R57KW58iCkYACMyFbrkqVyzXSurYoScDGvgyMpk7uRF/lPUPPTmsRSA==", "dev": true, "requires": { "es6-iterator": "2.0.3", - "es6-symbol": "3.1.1" + "es6-symbol": "3.1.1", + "next-tick": "1.0.0" } }, "es6-iterator": { @@ -1972,7 +1974,7 @@ "dev": true, "requires": { "d": "1.0.0", - "es5-ext": "0.10.39", + "es5-ext": "0.10.42", "es6-symbol": "3.1.1" } }, @@ -1983,7 +1985,7 @@ "dev": true, "requires": { "d": "1.0.0", - "es5-ext": "0.10.39", + "es5-ext": "0.10.42", "es6-iterator": "2.0.3", "es6-set": "0.1.5", "es6-symbol": "3.1.1", @@ -1997,7 +1999,7 @@ "dev": true, "requires": { "d": "1.0.0", - "es5-ext": "0.10.39", + "es5-ext": "0.10.42", "es6-iterator": "2.0.3", "es6-symbol": "3.1.1", "event-emitter": "0.3.5" @@ -2010,7 +2012,7 @@ "dev": true, "requires": { "d": "1.0.0", - "es5-ext": "0.10.39" + "es5-ext": "0.10.42" } }, "es6-weak-map": { @@ -2020,7 +2022,7 @@ "dev": true, "requires": { "d": "1.0.0", - "es5-ext": "0.10.39", + "es5-ext": "0.10.42", "es6-iterator": "2.0.3", "es6-symbol": "3.1.1" } @@ -2046,7 +2048,7 @@ "esrecurse": { "version": "4.2.1", "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.2.1.tgz", - "integrity": "sha1-AHo7n9vCs7uH5IeeoZyS/b05Qs8=", + "integrity": "sha512-64RBB++fIOAXPw3P9cy89qfMlvZEXZkqqJkjqqXIvzP5ezRZjW+lPWjw35UX/3EhUPFYbg5ER4JYgDw4007/DQ==", "dev": true, "requires": { "estraverse": "4.2.0" @@ -2071,7 +2073,7 @@ "dev": true, "requires": { "d": "1.0.0", - "es5-ext": "0.10.39" + "es5-ext": "0.10.42" } }, "event-stream": { @@ -2098,7 +2100,7 @@ "evp_bytestokey": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz", - "integrity": "sha1-f8vbGY3HGVlDLv4ThCaE4FJaywI=", + "integrity": "sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA==", "dev": true, "requires": { "md5.js": "1.3.4", @@ -3626,11 +3628,11 @@ "hash.js": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.3.tgz", - "integrity": "sha1-NA3tvmKQGHFRweodd3o0SJNd+EY=", + "integrity": "sha512-/UETyP0W22QILqS+6HowevwhEFJ3MBJnwTf75Qob9Wz9t0DPuisL8kW8YZMK62dHAKE1c1p+gY1TtOLY+USEHA==", "dev": true, "requires": { "inherits": "2.0.3", - "minimalistic-assert": "1.0.0" + "minimalistic-assert": "1.0.1" } }, "he": { @@ -3646,7 +3648,7 @@ "dev": true, "requires": { "hash.js": "1.1.3", - "minimalistic-assert": "1.0.0", + "minimalistic-assert": "1.0.1", "minimalistic-crypto-utils": "1.0.1" } }, @@ -3661,9 +3663,9 @@ } }, "hosted-git-info": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.5.0.tgz", - "integrity": "sha1-bWDjSzq7yDEwYsO3mO+NkBoHrzw=", + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.6.0.tgz", + "integrity": "sha512-lIbgIIQA3lz5XaB6vxakj6sDHADJiZadYEJB+FgA+C4nubM1NwcuvUr9EJPmnH1skZqpqUzWborWo8EIUi0Sdw==", "dev": true }, "https-browserify": { @@ -3678,9 +3680,9 @@ "integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ==" }, "ieee754": { - "version": "1.1.8", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.8.tgz", - "integrity": "sha1-vjPUCsEO8ZJnAfbwii2G+/0a0+Q=", + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.11.tgz", + "integrity": "sha512-VhDzCKN7K8ufStx/CLj5/PDTMgph+qwN5Pkd5i0sGnVwk56zJ0lkT8Qzi1xqWLS0Wp29DgDtNeS7v8/wMoZeHg==", "dev": true }, "ignore-by-default": { @@ -4022,7 +4024,7 @@ "json-loader": { "version": "0.5.7", "resolved": "https://registry.npmjs.org/json-loader/-/json-loader-0.5.7.tgz", - "integrity": "sha1-3KFKcCNf+C8KyaOr62DTN6NlGF0=", + "integrity": "sha512-QLPs8Dj7lnf3e3QYS1zkCo+4ZwqOiF9d/nZnYozTISxXWCfNs9yuky5rJw4/W34s7POaNlbZmQGaB5NiXCbP4w==", "dev": true }, "json-schema-traverse": { @@ -4263,7 +4265,7 @@ "miller-rabin": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/miller-rabin/-/miller-rabin-4.0.1.tgz", - "integrity": "sha1-8IA1HIZbDcViqEYpZtqlNUPHik0=", + "integrity": "sha512-115fLhvZVqWwHPbClyntxEVfVDfl9DLLTuJvq3g2O/Oxi8AiNouAHvDSzHS0viUJc+V5vm3eq91Xwqn9dp4jRA==", "dev": true, "requires": { "bn.js": "4.11.8", @@ -4273,13 +4275,13 @@ "mimic-fn": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz", - "integrity": "sha1-ggyGo5M0ZA6ZUWkovQP8qIBX0CI=", + "integrity": "sha512-jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ==", "dev": true }, "minimalistic-assert": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.0.tgz", - "integrity": "sha1-cCvi3aazf0g2vLP121ZkG2Sh09M=", + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", "dev": true }, "minimalistic-crypto-utils": { @@ -4413,15 +4415,21 @@ } }, "neo-async": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.5.0.tgz", - "integrity": "sha1-drHIIxMMyias+6zMj7rwovozsY8=", + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.5.1.tgz", + "integrity": "sha512-3KL3fvuRkZ7s4IFOMfztb7zJp3QaVWnBeGoJlgB38XnCRPj/0tLzzLG5IB8NYOHbJ8g8UGrgZv44GLDk6CxTxA==", + "dev": true + }, + "next-tick": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/next-tick/-/next-tick-1.0.0.tgz", + "integrity": "sha1-yobR/ogoFpsBICCOPchCS524NCw=", "dev": true }, "node-libs-browser": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/node-libs-browser/-/node-libs-browser-2.1.0.tgz", - "integrity": "sha1-X5QmPUBPbkR2fXJpAf/wVHjWAN8=", + "integrity": "sha512-5AzFzdoIMb89hBGMZglEegffzgRg+ZFoUmisQ8HI4j1KDdpx13J0taNp2y9xPbur6W61gepGDDotGBVQ7mfUCg==", "dev": true, "requires": { "assert": "1.4.1", @@ -4440,13 +4448,21 @@ "querystring-es3": "0.2.1", "readable-stream": "2.3.5", "stream-browserify": "2.0.1", - "stream-http": "2.8.0", + "stream-http": "2.8.1", "string_decoder": "1.0.3", - "timers-browserify": "2.0.6", + "timers-browserify": "2.0.10", "tty-browserify": "0.0.0", "url": "0.11.0", "util": "0.10.3", "vm-browserify": "0.0.4" + }, + "dependencies": { + "punycode": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", + "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=", + "dev": true + } } }, "nodemon": { @@ -4505,10 +4521,10 @@ "normalize-package-data": { "version": "2.4.0", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz", - "integrity": "sha1-EvlaMH1YNSB1oEkHuErIvpisAS8=", + "integrity": "sha512-9jjUFbTPfEy3R/ad/2oNbKtW9Hgovl5O1FvFWKkKblNXoN/Oou6+9+KKohPK13Yc3/TyunyWhJp6gvRNR/PPAw==", "dev": true, "requires": { - "hosted-git-info": "2.5.0", + "hosted-git-info": "2.6.0", "is-builtin-module": "1.0.0", "semver": "5.5.0", "validate-npm-package-license": "3.0.3" @@ -4655,7 +4671,7 @@ "os-locale": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-2.1.0.tgz", - "integrity": "sha1-QrwpAKa1uL0XN2yOiCtlr8zyS/I=", + "integrity": "sha512-3sslG3zJbEYcaC4YVAvDorjGxc7tv6KVATnLPZONiljsUncvihe9BQoVCEs0RZ1kmf4Hk9OBqlZfJZWI4GanKA==", "dev": true, "requires": { "execa": "0.7.0", @@ -4714,17 +4730,17 @@ "pako": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.6.tgz", - "integrity": "sha1-AQEhG6pwxLykoPY/Igbpe3368lg=", + "integrity": "sha512-lQe48YPsMJAig+yngZ87Lus+NF+3mtu7DVOBu6b/gHO1YpKwIj5AWjZ/TOS7i46HD/UixzWb1zeWDZfGZ3iYcg==", "dev": true }, "parse-asn1": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.0.tgz", - "integrity": "sha1-N8T5t+06tlx0gXtfJICTf7+XxxI=", + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.1.tgz", + "integrity": "sha512-KPx7flKXg775zZpnp9SxJlz00gTd4BmJ2yJufSc44gMCRrRQ7NSzAcSJQfifuOLgW6bEi+ftrALtsgALeB2Adw==", "dev": true, "requires": { "asn1.js": "4.10.1", - "browserify-aes": "1.1.1", + "browserify-aes": "1.2.0", "create-hash": "1.1.3", "evp_bytestokey": "1.0.3", "pbkdf2": "3.0.14" @@ -4935,22 +4951,22 @@ } }, "public-encrypt": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/public-encrypt/-/public-encrypt-4.0.0.tgz", - "integrity": "sha1-OfaZ86RlYN1eusvKaTyvfGXBjMY=", + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/public-encrypt/-/public-encrypt-4.0.2.tgz", + "integrity": "sha512-4kJ5Esocg8X3h8YgJsKAuoesBgB7mqH3eowiDzMUPKiRDDE7E/BqqZD1hnTByIaAFiwAw246YEltSq7tdrOH0Q==", "dev": true, "requires": { "bn.js": "4.11.8", "browserify-rsa": "4.0.1", "create-hash": "1.1.3", - "parse-asn1": "5.1.0", + "parse-asn1": "5.1.1", "randombytes": "2.0.6" } }, "punycode": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", - "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.0.tgz", + "integrity": "sha1-X4Y+3Im5bbCQdLrXlHvwkFbKTn0=", "dev": true }, "querystring": { @@ -4998,7 +5014,7 @@ "randomfill": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/randomfill/-/randomfill-1.0.4.tgz", - "integrity": "sha1-ySGW/IarQr6YPxvzF3giSTHWFFg=", + "integrity": "sha512-87lcbR8+MhcWcUiQ+9e+Rwx8MyR2P7qnt15ynUlbm3TU/fjbgz4GsvfSUDTemtCCtVCqb4ZcEFlyPNTh9bBTLw==", "dev": true, "requires": { "randombytes": "2.0.6", @@ -5490,7 +5506,7 @@ "source-list-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/source-list-map/-/source-list-map-2.0.0.tgz", - "integrity": "sha1-qqR0A/eyRakvvJfqCPJQ1gh+0IU=", + "integrity": "sha512-I2UmuJSRr/T8jisiROLU3A3ltr+swpniSmNPI4Ml3ZCX6tVnDsuZzK7F2hl5jTqbZBWCEKlj5HRQiPExXLgE8A==", "dev": true }, "source-map": { @@ -5530,7 +5546,7 @@ "spdx-correct": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.0.0.tgz", - "integrity": "sha1-BaW01xU6GVvJLDxCW2nzsqlSTII=", + "integrity": "sha512-N19o9z5cEyc8yQQPukRCZ9EUmb4HUpnrmaL/fxS2pBo2jbfcFRVuFZ/oFC+vZz0MNNk0h80iMn5/S6qGZOL5+g==", "dev": true, "requires": { "spdx-expression-parse": "3.0.0", @@ -5540,13 +5556,13 @@ "spdx-exceptions": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.1.0.tgz", - "integrity": "sha1-LHrmEFbHFKW5ubKyr30xHvXHj+k=", + "integrity": "sha512-4K1NsmrlCU1JJgUrtgEeTVyfx8VaYea9J9LvARxhbHtVtohPs/gFGG5yy49beySjlIMhhXZ4QqujIZEfS4l6Cg==", "dev": true }, "spdx-expression-parse": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.0.tgz", - "integrity": "sha1-meEZt6XaAOBUkcn6M4t5BII7QdA=", + "integrity": "sha512-Yg6D3XpRD4kkOmTpdgbUiEJFKghJH03fiC1OPll5h/0sO6neh2jqRDVHOQ4o/LMea0tgCkbMgea5ip/e+MkWyg==", "dev": true, "requires": { "spdx-exceptions": "2.1.0", @@ -5556,7 +5572,7 @@ "spdx-license-ids": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.0.tgz", - "integrity": "sha1-enzShHDMbToc/m1miG9rxDDTrIc=", + "integrity": "sha512-2+EPwgbnmOIl8HjGBXXMd9NAu02vLjOO1nWw4kmeRDFyHn+M/ETfHxQUK0oXg8ctgVnl9t3rosNVsZ1jG61nDA==", "dev": true }, "split": { @@ -5675,9 +5691,9 @@ } }, "stream-http": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/stream-http/-/stream-http-2.8.0.tgz", - "integrity": "sha1-/YZUbaybHJGv+PxdKHuY+vtBvBA=", + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/stream-http/-/stream-http-2.8.1.tgz", + "integrity": "sha512-cQ0jo17BLca2r0GfRdZKYAGLU6JRoIWxqSOakUMuKOT6MOK7AAlE856L33QuDmAy/eeOrhLee3dZKX0Uadu93A==", "dev": true, "requires": { "builtin-status-codes": "3.0.0", @@ -5793,9 +5809,9 @@ "dev": true }, "timers-browserify": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-2.0.6.tgz", - "integrity": "sha1-JB52kn2coF9NlZgZAi9bNmS2S64=", + "version": "2.0.10", + "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-2.0.10.tgz", + "integrity": "sha512-YvC1SV1XdOUaL6gx5CoGroT3Gu49pK9+TZ38ErPldOWW4j49GI1HKs9DV+KGq/w6y+LZ72W1c8cKz2vzY+qpzg==", "dev": true, "requires": { "setimmediate": "1.0.5" @@ -6042,6 +6058,15 @@ "xdg-basedir": "3.0.0" } }, + "uri-js": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-3.0.2.tgz", + "integrity": "sha1-+QuFhQf4HepNz7s8TD2/orVX+qo=", + "dev": true, + "requires": { + "punycode": "2.1.0" + } + }, "urix": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/urix/-/urix-0.1.0.tgz", @@ -6189,7 +6214,7 @@ "validate-npm-package-license": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.3.tgz", - "integrity": "sha1-gWQ7y+8b3+zUYjeT3EZIlIupgzg=", + "integrity": "sha512-63ZOUnL4SIXj4L0NixR3L1lcjO38crAbgrTpl28t8jjrfuiOBL5Iygm+60qPs/KsZGzPNg6Smnc/oY16QTjF0g==", "dev": true, "requires": { "spdx-correct": "3.0.0", @@ -6231,12 +6256,12 @@ "watchpack": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-1.5.0.tgz", - "integrity": "sha1-Ix54Ovgwoi+JZvZcTEusyBQHLu0=", + "integrity": "sha512-RSlipNQB1u48cq0wH/BNfCu1tD/cJ8ydFIkNYhp9o+3d+8unClkIovpW5qpFPgmL9OE48wfAnlZydXByWP82AA==", "dev": true, "requires": { "chokidar": "2.0.2", "graceful-fs": "4.1.11", - "neo-async": "2.5.0" + "neo-async": "2.5.1" } }, "webassembly-floating-point-hex-parser": { @@ -6259,12 +6284,12 @@ "webpack": { "version": "3.11.0", "resolved": "https://registry.npmjs.org/webpack/-/webpack-3.11.0.tgz", - "integrity": "sha1-d9pFGx17SxF62vQaGpO1dC8k2JQ=", + "integrity": "sha512-3kOFejWqj5ISpJk4Qj/V7w98h9Vl52wak3CLiw/cDOfbVTq7FeoZ0SdoHHY9PYlHr50ZS42OfvzE2vB4nncKQg==", "dev": true, "requires": { - "acorn": "5.5.0", + "acorn": "5.5.3", "acorn-dynamic-import": "2.0.2", - "ajv": "6.2.1", + "ajv": "6.4.0", "ajv-keywords": "3.1.0", "async": "2.6.0", "enhanced-resolve": "3.4.1", @@ -6289,7 +6314,7 @@ "webpack-sources": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.1.0.tgz", - "integrity": "sha1-oQHrrlnWUHNU1x2AE5UKOot6WlQ=", + "integrity": "sha512-aqYp18kPphgoO5c/+NaUvEeACtZjMESmDChuD3NBciVpah3XpMEU9VAAtIaB1BsfJWWTSdv8Vv1m3T0aRk2dUw==", "dev": true, "requires": { "source-list-map": "2.0.0", @@ -6299,7 +6324,7 @@ "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha1-dHIq8y6WFOnCh6jQu95IteLxomM=", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", "dev": true } } diff --git a/package.json b/package.json index 82d26da..c95feb8 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { - "name": "rust-cardano-crypto", + "name": "cardano-crypto", "version": "0.1.2", - "description": "Cardano crypto implemented in Rust and transpiled to WebAssembly", + "description": "Cardano crypto from rust-wasm binding", "main": "./dist/index.js", "scripts": { "build": "webpack", @@ -13,7 +13,7 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/input-output-hk/rust-cardano-crypto.git" + "url": "git+https://github.com/input-output-hk/js-cardano-wasm.git" }, "devDependencies": { "babel-core": "6.26.0", @@ -24,7 +24,7 @@ "mocha": "5.0.2", "nodemon": "1.17.1", "wasm-loader": "1.3.0", - "webpack": "3.11.0" + "webpack": "^3.11.0" }, "peerDependencies": { "bip39": "2.3.0" diff --git a/rcw/Cargo.toml b/rcw/Cargo.toml deleted file mode 100644 index a639bda..0000000 --- a/rcw/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "rcw" -version = "0.2.36" -authors = ["The Rust-Crypto Project Developers"] -license = "MIT/Apache-2.0" -homepage = "https://github.com/DaGenix/rust-crypto/" -repository = "https://github.com/DaGenix/rust-crypto/" -description = "A (mostly) pure-Rust implementation of various common cryptographic algorithms." -keywords = [ "Crypto", "MD5", "Sha1", "Sha2", "AES" ] - -[build-dependencies] - -[dependencies] - -#[lib] -#crate-type = ["cdylib"] diff --git a/rcw/LICENSE-APACHE b/rcw/LICENSE-APACHE deleted file mode 100644 index 78173fa..0000000 --- a/rcw/LICENSE-APACHE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/rcw/LICENSE-MIT b/rcw/LICENSE-MIT deleted file mode 100644 index 1da3a5f..0000000 --- a/rcw/LICENSE-MIT +++ /dev/null @@ -1,26 +0,0 @@ -Copyright (c) 2006-2009 Graydon Hoare -Copyright (c) 2009-2013 Mozilla Foundation - -Permission is hereby granted, free of charge, to any -person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the -Software without restriction, including without -limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software -is furnished to do so, subject to the following -conditions: - -The above copyright notice and this permission notice -shall be included in all copies or substantial portions -of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED -TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR -IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. diff --git a/rcw/src/aead.rs b/rcw/src/aead.rs deleted file mode 100644 index 4f4f3b7..0000000 --- a/rcw/src/aead.rs +++ /dev/null @@ -1,15 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -pub trait AeadEncryptor { - - fn encrypt(&mut self, input: &[u8], output: &mut [u8], tag: &mut [u8]); -} - -pub trait AeadDecryptor { - - fn decrypt(&mut self, input: &[u8], output: &mut [u8], tag: &[u8]) -> bool; -} \ No newline at end of file diff --git a/rcw/src/blake2b.rs b/rcw/src/blake2b.rs deleted file mode 100644 index 5fca9e3..0000000 --- a/rcw/src/blake2b.rs +++ /dev/null @@ -1,452 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use std::iter::repeat; -use cryptoutil::{copy_memory, read_u64v_le, write_u64v_le}; -use digest::Digest; -use mac::{Mac, MacResult}; -use util::secure_memset; - -static IV : [u64; 8] = [ - 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, - 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, - 0x510e527fade682d1, 0x9b05688c2b3e6c1f, - 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179, -]; - -static SIGMA : [[usize; 16]; 12] = [ - [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 ], - [ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 ], - [ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 ], - [ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 ], - [ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 ], - [ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 ], - [ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 ], - [ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 ], - [ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 ], - [ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 ], - [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 ], - [ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 ], -]; - -const BLAKE2B_BLOCKBYTES : usize = 128; -const BLAKE2B_OUTBYTES : usize = 64; -const BLAKE2B_KEYBYTES : usize = 64; -const BLAKE2B_SALTBYTES : usize = 16; -const BLAKE2B_PERSONALBYTES : usize = 16; - -#[derive(Copy)] -pub struct Blake2b { - h: [u64; 8], - t: [u64; 2], - f: [u64; 2], - buf: [u8; 2*BLAKE2B_BLOCKBYTES], - buflen: usize, - key: [u8; BLAKE2B_KEYBYTES], - key_length: u8, - last_node: u8, - digest_length: u8, - computed: bool, // whether the final digest has been computed - param: Blake2bParam -} - -impl Clone for Blake2b { fn clone(&self) -> Blake2b { *self } } - -#[derive(Copy, Clone)] -struct Blake2bParam { - digest_length: u8, - key_length: u8, - fanout: u8, - depth: u8, - leaf_length: u32, - node_offset: u64, - node_depth: u8, - inner_length: u8, - reserved: [u8; 14], - salt: [u8; BLAKE2B_SALTBYTES], - personal: [u8; BLAKE2B_PERSONALBYTES], -} - -macro_rules! G( ($r:expr, $i:expr, $a:expr, $b:expr, $c:expr, $d:expr, $m:expr) => ({ - $a = $a.wrapping_add($b).wrapping_add($m[SIGMA[$r][2*$i+0]]); - $d = ($d ^ $a).rotate_right(32); - $c = $c.wrapping_add($d); - $b = ($b ^ $c).rotate_right(24); - $a = $a.wrapping_add($b).wrapping_add($m[SIGMA[$r][2*$i+1]]); - $d = ($d ^ $a).rotate_right(16); - $c = $c .wrapping_add($d); - $b = ($b ^ $c).rotate_right(63); -})); - -macro_rules! round( ($r:expr, $v:expr, $m:expr) => ( { - G!($r,0,$v[ 0],$v[ 4],$v[ 8],$v[12], $m); - G!($r,1,$v[ 1],$v[ 5],$v[ 9],$v[13], $m); - G!($r,2,$v[ 2],$v[ 6],$v[10],$v[14], $m); - G!($r,3,$v[ 3],$v[ 7],$v[11],$v[15], $m); - G!($r,4,$v[ 0],$v[ 5],$v[10],$v[15], $m); - G!($r,5,$v[ 1],$v[ 6],$v[11],$v[12], $m); - G!($r,6,$v[ 2],$v[ 7],$v[ 8],$v[13], $m); - G!($r,7,$v[ 3],$v[ 4],$v[ 9],$v[14], $m); - } -)); - -impl Blake2b { - fn set_lastnode(&mut self) { - self.f[1] = 0xFFFFFFFFFFFFFFFF; - } - - fn set_lastblock(&mut self) { - if self.last_node!=0 { - self.set_lastnode(); - } - self.f[0] = 0xFFFFFFFFFFFFFFFF; - } - - fn increment_counter(&mut self, inc : u64) { - self.t[0] += inc; - self.t[1] += if self.t[0] < inc { 1 } else { 0 }; - } - - fn init0(param: Blake2bParam, digest_length: u8, key: &[u8]) -> Blake2b { - assert!(key.len() <= BLAKE2B_KEYBYTES); - let mut b = Blake2b { - h: IV, - t: [0,0], - f: [0,0], - buf: [0; 2*BLAKE2B_BLOCKBYTES], - buflen: 0, - last_node: 0, - digest_length: digest_length, - computed: false, - key: [0; BLAKE2B_KEYBYTES], - key_length: key.len() as u8, - param: param - }; - copy_memory(key, &mut b.key); - b - } - - fn apply_param(&mut self) { - use std::io::Write; - use cryptoutil::WriteExt; - - let mut param_bytes : [u8; 64] = [0; 64]; - { - let mut writer: &mut [u8] = &mut param_bytes; - writer.write_u8(self.param.digest_length).unwrap(); - writer.write_u8(self.param.key_length).unwrap(); - writer.write_u8(self.param.fanout).unwrap(); - writer.write_u8(self.param.depth).unwrap(); - writer.write_u32_le(self.param.leaf_length).unwrap(); - writer.write_u64_le(self.param.node_offset).unwrap(); - writer.write_u8(self.param.node_depth).unwrap(); - writer.write_u8(self.param.inner_length).unwrap(); - writer.write_all(&self.param.reserved).unwrap(); - writer.write_all(&self.param.salt).unwrap(); - writer.write_all(&self.param.personal).unwrap(); - } - - let mut param_words : [u64; 8] = [0; 8]; - read_u64v_le(&mut param_words, ¶m_bytes); - for (h, param_word) in self.h.iter_mut().zip(param_words.iter()) { - *h = *h ^ *param_word; - } - } - - - // init xors IV with input parameter block - fn init_param( p: Blake2bParam, key: &[u8] ) -> Blake2b { - let mut b = Blake2b::init0(p, p.digest_length, key); - b.apply_param(); - b - } - - fn default_param(outlen: u8) -> Blake2bParam { - Blake2bParam { - digest_length: outlen, - key_length: 0, - fanout: 1, - depth: 1, - leaf_length: 0, - node_offset: 0, - node_depth: 0, - inner_length: 0, - reserved: [0; 14], - salt: [0; BLAKE2B_SALTBYTES], - personal: [0; BLAKE2B_PERSONALBYTES], - } - } - - pub fn new(outlen: usize) -> Blake2b { - assert!(outlen > 0 && outlen <= BLAKE2B_OUTBYTES); - Blake2b::init_param(Blake2b::default_param(outlen as u8), &[]) - } - - fn apply_key(&mut self) { - let mut block : [u8; BLAKE2B_BLOCKBYTES] = [0; BLAKE2B_BLOCKBYTES]; - copy_memory(&self.key[..self.key_length as usize], &mut block); - self.update(&block); - secure_memset(&mut block[..], 0); - } - - pub fn new_keyed(outlen: usize, key: &[u8] ) -> Blake2b { - assert!(outlen > 0 && outlen <= BLAKE2B_OUTBYTES); - assert!(key.len() > 0 && key.len() <= BLAKE2B_KEYBYTES); - - let param = Blake2bParam { - digest_length: outlen as u8, - key_length: key.len() as u8, - fanout: 1, - depth: 1, - leaf_length: 0, - node_offset: 0, - node_depth: 0, - inner_length: 0, - reserved: [0; 14], - salt: [0; BLAKE2B_SALTBYTES], - personal: [0; BLAKE2B_PERSONALBYTES], - }; - - let mut b = Blake2b::init_param(param, key); - b.apply_key(); - b - } - - fn compress(&mut self) { - let mut ms: [u64; 16] = [0; 16]; - let mut vs: [u64; 16] = [0; 16]; - - read_u64v_le(&mut ms, &self.buf[0..BLAKE2B_BLOCKBYTES]); - - for (v, h) in vs.iter_mut().zip(self.h.iter()) { - *v = *h; - } - - vs[ 8] = IV[0]; - vs[ 9] = IV[1]; - vs[10] = IV[2]; - vs[11] = IV[3]; - vs[12] = self.t[0] ^ IV[4]; - vs[13] = self.t[1] ^ IV[5]; - vs[14] = self.f[0] ^ IV[6]; - vs[15] = self.f[1] ^ IV[7]; - round!( 0, vs, ms ); - round!( 1, vs, ms ); - round!( 2, vs, ms ); - round!( 3, vs, ms ); - round!( 4, vs, ms ); - round!( 5, vs, ms ); - round!( 6, vs, ms ); - round!( 7, vs, ms ); - round!( 8, vs, ms ); - round!( 9, vs, ms ); - round!( 10, vs, ms ); - round!( 11, vs, ms ); - - for (h_elem, (v_low, v_high)) in self.h.iter_mut().zip( vs[0..8].iter().zip(vs[8..16].iter()) ) { - *h_elem = *h_elem ^ *v_low ^ *v_high; - } - } - - fn update( &mut self, mut input: &[u8] ) { - while input.len() > 0 { - let left = self.buflen; - let fill = 2 * BLAKE2B_BLOCKBYTES - left; - - if input.len() > fill { - copy_memory(&input[0..fill], &mut self.buf[left..]); // Fill buffer - self.buflen += fill; - self.increment_counter( BLAKE2B_BLOCKBYTES as u64); - self.compress(); - - let mut halves = self.buf.chunks_mut(BLAKE2B_BLOCKBYTES); - let first_half = halves.next().unwrap(); - let second_half = halves.next().unwrap(); - copy_memory(second_half, first_half); - - self.buflen -= BLAKE2B_BLOCKBYTES; - input = &input[fill..input.len()]; - } else { // inlen <= fill - copy_memory(input, &mut self.buf[left..]); - self.buflen += input.len(); - break; - } - } - } - - fn finalize( &mut self, out: &mut [u8] ) { - assert!(out.len() == self.digest_length as usize); - if !self.computed { - if self.buflen > BLAKE2B_BLOCKBYTES { - self.increment_counter(BLAKE2B_BLOCKBYTES as u64); - self.compress(); - self.buflen -= BLAKE2B_BLOCKBYTES; - - let mut halves = self.buf.chunks_mut(BLAKE2B_BLOCKBYTES); - let first_half = halves.next().unwrap(); - let second_half = halves.next().unwrap(); - copy_memory(second_half, first_half); - } - - let incby = self.buflen as u64; - self.increment_counter(incby); - self.set_lastblock(); - for b in self.buf[self.buflen..].iter_mut() { - *b = 0; - } - self.compress(); - - write_u64v_le(&mut self.buf[0..64], &self.h); - self.computed = true; - } - let outlen = out.len(); - copy_memory(&self.buf[0..outlen], out); - } - - pub fn reset(&mut self) { - for (h_elem, iv_elem) in self.h.iter_mut().zip(IV.iter()) { - *h_elem = *iv_elem; - } - for t_elem in self.t.iter_mut() { - *t_elem = 0; - } - for f_elem in self.f.iter_mut() { - *f_elem = 0; - } - for b in self.buf.iter_mut() { - *b = 0; - } - self.buflen = 0; - self.last_node = 0; - self.computed = false; - self.apply_param(); - if self.key_length > 0 { - self.apply_key(); - } - } - - pub fn blake2b(out: &mut[u8], input: &[u8], key: &[u8]) { - let mut hasher : Blake2b = if key.len() > 0 { Blake2b::new_keyed(out.len(), key) } else { Blake2b::new(out.len()) }; - - hasher.update(input); - hasher.finalize(out); - } -} - -impl Digest for Blake2b { - fn reset(&mut self) { Blake2b::reset(self); } - fn input(&mut self, msg: &[u8]) { self.update(msg); } - fn result(&mut self, out: &mut [u8]) { self.finalize(out); } - fn output_bits(&self) -> usize { 8 * (self.digest_length as usize) } - fn block_size(&self) -> usize { 8 * BLAKE2B_BLOCKBYTES } -} - -impl Mac for Blake2b { - /** - * Process input data. - * - * # Arguments - * * data - The input data to process. - * - */ - fn input(&mut self, data: &[u8]) { - self.update(data); - } - - /** - * Reset the Mac state to begin processing another input stream. - */ - fn reset(&mut self) { - Blake2b::reset(self); - } - - /** - * Obtain the result of a Mac computation as a MacResult. - */ - fn result(&mut self) -> MacResult { - let mut mac: Vec = repeat(0).take(self.digest_length as usize).collect(); - self.raw_result(&mut mac); - MacResult::new_from_owned(mac) - } - - /** - * Obtain the result of a Mac computation as [u8]. This method should be used very carefully - * since incorrect use of the Mac code could result in permitting a timing attack which defeats - * the security provided by a Mac function. - */ - fn raw_result(&mut self, output: &mut [u8]) { - self.finalize(output); - } - - /** - * Get the size of the Mac code, in bytes. - */ - fn output_bytes(&self) -> usize { self.digest_length as usize } -} - - -#[cfg(test)] -mod mac_tests { - use blake2b::Blake2b; - use mac::Mac; - - #[test] - fn test_blake2b_mac() { - let key: Vec = (0..64).map(|i| i).collect(); - let mut m = Blake2b::new_keyed(64, &key[..]); - m.input(&[1,2,4,8]); - let expected = [ - 0x8e, 0xc6, 0xcb, 0x71, 0xc4, 0x5c, 0x3c, 0x90, - 0x91, 0xd0, 0x8a, 0x37, 0x1e, 0xa8, 0x5d, 0xc1, - 0x22, 0xb5, 0xc8, 0xe2, 0xd9, 0xe5, 0x71, 0x42, - 0xbf, 0xef, 0xce, 0x42, 0xd7, 0xbc, 0xf8, 0x8b, - 0xb0, 0x31, 0x27, 0x88, 0x2e, 0x51, 0xa9, 0x21, - 0x44, 0x62, 0x08, 0xf6, 0xa3, 0x58, 0xa9, 0xe0, - 0x7d, 0x35, 0x3b, 0xd3, 0x1c, 0x41, 0x70, 0x15, - 0x62, 0xac, 0xd5, 0x39, 0x4e, 0xee, 0x73, 0xae, - ]; - assert_eq!(m.result().code().to_vec(), expected.to_vec()); - } -} - -#[cfg(all(test, feature = "with-bench"))] -mod bench { - use test::Bencher; - - use digest::Digest; - use blake2b::Blake2b; - - - #[bench] - pub fn blake2b_10(bh: & mut Bencher) { - let mut sh = Blake2b::new(64); - let bytes = [1u8; 10]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn blake2b_1k(bh: & mut Bencher) { - let mut sh = Blake2b::new(64); - let bytes = [1u8; 1024]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn blake2b_64k(bh: & mut Bencher) { - let mut sh = Blake2b::new(64); - let bytes = [1u8; 65536]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } -} diff --git a/rcw/src/blake2s.rs b/rcw/src/blake2s.rs deleted file mode 100644 index fc8e095..0000000 --- a/rcw/src/blake2s.rs +++ /dev/null @@ -1,524 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use std::iter::repeat; -use cryptoutil::{copy_memory, read_u32v_le, write_u32v_le}; -use digest::Digest; -use mac::{Mac, MacResult}; -use util::secure_memset; - -static IV : [u32; 8] = [ - 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, - 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 -]; - -static SIGMA : [[usize; 16]; 10] = [ - [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 ], - [ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 ], - [ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 ], - [ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 ], - [ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 ], - [ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 ], - [ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 ], - [ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 ], - [ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 ], - [ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 ] -]; - -const BLAKE2S_BLOCKBYTES : usize = 64; -const BLAKE2S_OUTBYTES : usize = 32; -const BLAKE2S_KEYBYTES : usize = 32; -const BLAKE2S_SALTBYTES : usize = 8; -const BLAKE2S_PERSONALBYTES : usize = 8; - -#[derive(Copy)] -pub struct Blake2s { - h: [u32; 8], - t: [u32; 2], - f: [u32; 2], - buf: [u8; 2*BLAKE2S_BLOCKBYTES], - buflen: usize, - key: [u8; BLAKE2S_KEYBYTES], - key_length: u8, - last_node: u8, - digest_length: u8, - computed: bool, // whether the final digest has been computed - param: Blake2sParam -} - -impl Clone for Blake2s { fn clone(&self) -> Blake2s { *self } } - -#[derive(Copy, Clone)] -struct Blake2sParam { - digest_length: u8, - key_length: u8, - fanout: u8, - depth: u8, - leaf_length: u32, - node_offset: [u8; 6], - node_depth: u8, - inner_length: u8, - salt: [u8; BLAKE2S_SALTBYTES], - personal: [u8; BLAKE2S_PERSONALBYTES], -} - -macro_rules! G( ($r:expr, $i:expr, $a:expr, $b:expr, $c:expr, $d:expr, $m:expr) => ({ - $a = $a.wrapping_add($b).wrapping_add($m[SIGMA[$r][2*$i+0]]); - $d = ($d ^ $a).rotate_right(16); - $c = $c.wrapping_add($d); - $b = ($b ^ $c).rotate_right(12); - $a = $a.wrapping_add($b).wrapping_add($m[SIGMA[$r][2*$i+1]]); - $d = ($d ^ $a).rotate_right(8); - $c = $c.wrapping_add($d); - $b = ($b ^ $c).rotate_right(7); -})); - -macro_rules! round( ($r:expr, $v:expr, $m:expr) => ( { - G!($r,0,$v[ 0],$v[ 4],$v[ 8],$v[12], $m); - G!($r,1,$v[ 1],$v[ 5],$v[ 9],$v[13], $m); - G!($r,2,$v[ 2],$v[ 6],$v[10],$v[14], $m); - G!($r,3,$v[ 3],$v[ 7],$v[11],$v[15], $m); - G!($r,4,$v[ 0],$v[ 5],$v[10],$v[15], $m); - G!($r,5,$v[ 1],$v[ 6],$v[11],$v[12], $m); - G!($r,6,$v[ 2],$v[ 7],$v[ 8],$v[13], $m); - G!($r,7,$v[ 3],$v[ 4],$v[ 9],$v[14], $m); - } -)); - -impl Blake2s { - fn set_lastnode(&mut self) { - self.f[1] = 0xFFFFFFFF; - } - - fn set_lastblock(&mut self) { - if self.last_node!=0 { - self.set_lastnode(); - } - self.f[0] = 0xFFFFFFFF; - } - - fn increment_counter(&mut self, inc : u32) { - self.t[0] += inc; - self.t[1] += if self.t[0] < inc { 1 } else { 0 }; - } - - fn init0(param: Blake2sParam, digest_length: u8, key: &[u8]) -> Blake2s { - assert!(key.len() <= BLAKE2S_KEYBYTES); - let mut b = Blake2s { - h: IV, - t: [0,0], - f: [0,0], - buf: [0; 2*BLAKE2S_BLOCKBYTES], - buflen: 0, - last_node: 0, - digest_length: digest_length, - computed: false, - key: [0; BLAKE2S_KEYBYTES], - key_length: key.len() as u8, - param: param - }; - copy_memory(key, &mut b.key); - b - } - - fn apply_param(&mut self) { - use std::io::Write; - use cryptoutil::WriteExt; - - let mut param_bytes : [u8; 32] = [0; 32]; - { - let mut writer: &mut [u8] = &mut param_bytes; - writer.write_u8(self.param.digest_length).unwrap(); - writer.write_u8(self.param.key_length).unwrap(); - writer.write_u8(self.param.fanout).unwrap(); - writer.write_u8(self.param.depth).unwrap(); - writer.write_u32_le(self.param.leaf_length).unwrap(); - writer.write_all(&self.param.node_offset).unwrap(); - writer.write_u8(self.param.node_depth).unwrap(); - writer.write_u8(self.param.inner_length).unwrap(); - writer.write_all(&self.param.salt).unwrap(); - writer.write_all(&self.param.personal).unwrap(); - } - - let mut param_words : [u32; 8] = [0; 8]; - read_u32v_le(&mut param_words, ¶m_bytes); - for (h, param_word) in self.h.iter_mut().zip(param_words.iter()) { - *h = *h ^ *param_word; - } - } - - - // init xors IV with input parameter block - fn init_param( p: Blake2sParam, key: &[u8] ) -> Blake2s { - let mut b = Blake2s::init0(p, p.digest_length, key); - b.apply_param(); - b - } - - fn default_param(outlen: u8) -> Blake2sParam { - Blake2sParam { - digest_length: outlen, - key_length: 0, - fanout: 1, - depth: 1, - leaf_length: 0, - node_offset: [0; 6], - node_depth: 0, - inner_length: 0, - salt: [0; BLAKE2S_SALTBYTES], - personal: [0; BLAKE2S_PERSONALBYTES], - } - } - - pub fn new(outlen: usize) -> Blake2s { - assert!(outlen > 0 && outlen <= BLAKE2S_OUTBYTES); - Blake2s::init_param(Blake2s::default_param(outlen as u8), &[]) - } - - fn apply_key(&mut self) { - let mut block : [u8; BLAKE2S_BLOCKBYTES] = [0; BLAKE2S_BLOCKBYTES]; - copy_memory(&self.key[..self.key_length as usize], &mut block); - self.update(&block); - secure_memset(&mut block[..], 0); - } - - pub fn new_keyed(outlen: usize, key: &[u8] ) -> Blake2s { - assert!(outlen > 0 && outlen <= BLAKE2S_OUTBYTES); - assert!(key.len() > 0 && key.len() <= BLAKE2S_KEYBYTES); - - let param = Blake2sParam { - digest_length: outlen as u8, - key_length: key.len() as u8, - fanout: 1, - depth: 1, - leaf_length: 0, - node_offset: [0; 6], - node_depth: 0, - inner_length: 0, - salt: [0; BLAKE2S_SALTBYTES], - personal: [0; BLAKE2S_PERSONALBYTES], - }; - - let mut b = Blake2s::init_param(param, key); - b.apply_key(); - b - } - - fn compress(&mut self) { - let mut ms: [u32; 16] = [0; 16]; - let mut vs: [u32; 16] = [0; 16]; - - read_u32v_le(&mut ms, &self.buf[0..BLAKE2S_BLOCKBYTES]); - - for (v, h) in vs.iter_mut().zip(self.h.iter()) { - *v = *h; - } - - vs[ 8] = IV[0]; - vs[ 9] = IV[1]; - vs[10] = IV[2]; - vs[11] = IV[3]; - vs[12] = self.t[0] ^ IV[4]; - vs[13] = self.t[1] ^ IV[5]; - vs[14] = self.f[0] ^ IV[6]; - vs[15] = self.f[1] ^ IV[7]; - round!( 0, vs, ms ); - round!( 1, vs, ms ); - round!( 2, vs, ms ); - round!( 3, vs, ms ); - round!( 4, vs, ms ); - round!( 5, vs, ms ); - round!( 6, vs, ms ); - round!( 7, vs, ms ); - round!( 8, vs, ms ); - round!( 9, vs, ms ); - - for (h_elem, (v_low, v_high)) in self.h.iter_mut().zip( vs[0..8].iter().zip(vs[8..16].iter()) ) { - *h_elem = *h_elem ^ *v_low ^ *v_high; - } - } - - fn update( &mut self, mut input: &[u8] ) { - while input.len() > 0 { - let left = self.buflen; - let fill = 2 * BLAKE2S_BLOCKBYTES - left; - - if input.len() > fill { - copy_memory(&input[0..fill], &mut self.buf[left..]); // Fill buffer - self.buflen += fill; - self.increment_counter( BLAKE2S_BLOCKBYTES as u32); - self.compress(); - - let mut halves = self.buf.chunks_mut(BLAKE2S_BLOCKBYTES); - let first_half = halves.next().unwrap(); - let second_half = halves.next().unwrap(); - copy_memory(second_half, first_half); - - self.buflen -= BLAKE2S_BLOCKBYTES; - input = &input[fill..input.len()]; - } else { // inlen <= fill - copy_memory(input, &mut self.buf[left..]); - self.buflen += input.len(); - break; - } - } - } - - fn finalize( &mut self, out: &mut [u8] ) { - assert!(out.len() == self.digest_length as usize); - if !self.computed { - if self.buflen > BLAKE2S_BLOCKBYTES { - self.increment_counter(BLAKE2S_BLOCKBYTES as u32); - self.compress(); - self.buflen -= BLAKE2S_BLOCKBYTES; - - let mut halves = self.buf.chunks_mut(BLAKE2S_BLOCKBYTES); - let first_half = halves.next().unwrap(); - let second_half = halves.next().unwrap(); - copy_memory(second_half, first_half); - } - - let incby = self.buflen as u32; - self.increment_counter(incby); - self.set_lastblock(); - for b in self.buf[self.buflen..].iter_mut() { - *b = 0; - } - self.compress(); - - write_u32v_le(&mut self.buf[0..32], &self.h); - self.computed = true; - } - let outlen = out.len(); - copy_memory(&self.buf[0..outlen], out); - } - - pub fn reset(&mut self) { - for (h_elem, iv_elem) in self.h.iter_mut().zip(IV.iter()) { - *h_elem = *iv_elem; - } - for t_elem in self.t.iter_mut() { - *t_elem = 0; - } - for f_elem in self.f.iter_mut() { - *f_elem = 0; - } - for b in self.buf.iter_mut() { - *b = 0; - } - self.buflen = 0; - self.last_node = 0; - self.computed = false; - self.apply_param(); - if self.key_length > 0 { - self.apply_key(); - } - } - - pub fn blake2s(out: &mut[u8], input: &[u8], key: &[u8]) { - let mut hasher : Blake2s = if key.len() > 0 { Blake2s::new_keyed(out.len(), key) } else { Blake2s::new(out.len()) }; - - hasher.update(input); - hasher.finalize(out); - } -} - -impl Digest for Blake2s { - fn reset(&mut self) { Blake2s::reset(self); } - fn input(&mut self, msg: &[u8]) { self.update(msg); } - fn result(&mut self, out: &mut [u8]) { self.finalize(out); } - fn output_bits(&self) -> usize { 8 * (self.digest_length as usize) } - fn block_size(&self) -> usize { 8 * BLAKE2S_BLOCKBYTES } -} - -impl Mac for Blake2s { - /** - * Process input data. - * - * # Arguments - * * data - The input data to process. - * - */ - fn input(&mut self, data: &[u8]) { - self.update(data); - } - - /** - * Reset the Mac state to begin processing another input stream. - */ - fn reset(&mut self) { - Blake2s::reset(self); - } - - /** - * Obtain the result of a Mac computation as a MacResult. - */ - fn result(&mut self) -> MacResult { - let mut mac: Vec = repeat(0).take(self.digest_length as usize).collect(); - self.raw_result(&mut mac); - MacResult::new_from_owned(mac) - } - - /** - * Obtain the result of a Mac computation as [u8]. This method should be used very carefully - * since incorrect use of the Mac code could result in permitting a timing attack which defeats - * the security provided by a Mac function. - */ - fn raw_result(&mut self, output: &mut [u8]) { - self.finalize(output); - } - - /** - * Get the size of the Mac code, in bytes. - */ - fn output_bytes(&self) -> usize { self.digest_length as usize } -} - -#[cfg(test)] -mod digest_tests { - //use cryptoutil::test::test_digest_1million_random; - use blake2s::Blake2s; - use digest::Digest; - - - struct Test { - input: Vec, - output: Vec, - key: Option>, - } - - fn test_hash(tests: &[Test]) { - for t in tests { - let mut sh = match t.key { - Some(ref key) => Blake2s::new_keyed(32, &key), - None => Blake2s::new(32) - }; - - // Test that it works when accepting the message all at once - sh.input(&t.input[..]); - - let mut out = [0u8; 32]; - sh.result(&mut out); - assert!(&out[..] == &t.output[..]); - - sh.reset(); - - // Test that it works when accepting the message in pieces - let len = t.input.len(); - let mut left = len; - while left > 0 { - let take = (left + 1) / 2; - sh.input(&t.input[len - left..take + len - left]); - left -= take; - } - - let mut out = [0u8; 32]; - sh.result(&mut out); - assert!(&out[..] == &t.output[..]); - - sh.reset(); - } - } - - #[test] - fn test_blake2s_digest() { - let tests = vec![ - // from: https://github.com/BLAKE2/BLAKE2/blob/master/testvectors/blake2s-test.txt - Test { - input: vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, - 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, - 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, - 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, - 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, - 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, - 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, - 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, - 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, - 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, - 0xfc, 0xfd, 0xfe], - output: vec![0x3f, 0xb7, 0x35, 0x06, 0x1a, 0xbc, 0x51, 0x9d, 0xfe, 0x97, 0x9e, - 0x54, 0xc1, 0xee, 0x5b, 0xfa, 0xd0, 0xa9, 0xd8, 0x58, 0xb3, 0x31, - 0x5b, 0xad, 0x34, 0xbd, 0xe9, 0x99, 0xef, 0xd7, 0x24, 0xdd], - key: Some(vec![0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f]) - }, - ]; - - test_hash(&tests[..]); - } -} - - -#[cfg(test)] -mod mac_tests { - use blake2s::Blake2s; - use mac::Mac; - - #[test] - fn test_blake2s_mac() { - let key: Vec = (0..32).map(|i| i).collect(); - let mut m = Blake2s::new_keyed(32, &key[..]); - m.input(&[1,2,4,8]); - let expected = [ - 0x0e, 0x88, 0xf6, 0x8a, 0xaa, 0x5c, 0x4e, 0xd8, - 0xf7, 0xed, 0x28, 0xf8, 0x04, 0x45, 0x01, 0x9c, - 0x7e, 0xf9, 0x76, 0x2b, 0x4f, 0xf1, 0xad, 0x7e, - 0x05, 0x5b, 0xa8, 0xc8, 0x82, 0x9e, 0xe2, 0x49 - ]; - assert_eq!(m.result().code().to_vec(), expected.to_vec()); - } -} - -#[cfg(all(test, feature = "with-bench"))] -mod bench { - use test::Bencher; - - use digest::Digest; - use blake2s::Blake2s; - - - #[bench] - pub fn blake2s_10(bh: & mut Bencher) { - let mut sh = Blake2s::new(32); - let bytes = [1u8; 10]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn blake2s_1k(bh: & mut Bencher) { - let mut sh = Blake2s::new(32); - let bytes = [1u8; 1024]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn blake2s_64k(bh: & mut Bencher) { - let mut sh = Blake2s::new(32); - let bytes = [1u8; 65536]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } -} diff --git a/rcw/src/buffer.rs b/rcw/src/buffer.rs deleted file mode 100644 index c9ad3e9..0000000 --- a/rcw/src/buffer.rs +++ /dev/null @@ -1,288 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use std::cmp; - -use cryptoutil; - -#[derive(Clone,Copy)] -pub enum BufferResult { - BufferUnderflow, - BufferOverflow -} - -pub trait ReadBuffer { - fn is_empty(&self) -> bool; - fn is_full(&self) -> bool; - fn remaining(&self) -> usize; - fn capacity(&self) -> usize; - fn position(&self) -> usize { self.capacity() - self.remaining() } - - fn rewind(&mut self, distance: usize); - fn truncate(&mut self, amount: usize); - fn reset(&mut self); - - fn peek_next(&self, count: usize) -> &[u8]; - fn peek_remaining(&self) -> &[u8] { - self.peek_next(self.remaining()) - } - - fn take_next(&mut self, count: usize) -> &[u8]; - fn take_remaining(&mut self) -> &[u8] { - let rem = self.remaining(); - self.take_next(rem) - } - - fn push_to(&mut self, output: &mut W) { - let count = cmp::min(output.remaining(), self.remaining()); - cryptoutil::copy_memory(self.take_next(count), output.take_next(count)); - } -} - -pub trait WriteBuffer { - fn is_empty(&self) -> bool; - fn is_full(&self) -> bool; - fn remaining(&self) -> usize; - fn capacity(&self) -> usize; - fn position(&self) -> usize { self.capacity() - self.remaining() } - - fn rewind(&mut self, distance: usize); - fn reset(&mut self); - - // FIXME - Shouldn't need mut self - fn peek_read_buffer(&mut self) -> RefReadBuffer; - - fn take_next(&mut self, count: usize) -> &mut [u8]; - fn take_remaining(&mut self) -> &mut [u8] { - let rem = self.remaining(); - self.take_next(rem) - } - fn take_read_buffer(&mut self) -> RefReadBuffer; -} - -pub struct RefReadBuffer<'a> { - buff: &'a [u8], - pos: usize -} - -impl <'a> RefReadBuffer<'a> { - pub fn new(buff: &[u8]) -> RefReadBuffer { - RefReadBuffer { - buff: buff, - pos: 0 - } - } -} - -impl <'a> ReadBuffer for RefReadBuffer<'a> { - fn is_empty(&self) -> bool { self.pos == self.buff.len() } - fn is_full(&self) -> bool { self.pos == 0 } - fn remaining(&self) -> usize { self.buff.len() - self.pos } - fn capacity(&self) -> usize { self.buff.len() } - - fn rewind(&mut self, distance: usize) { self.pos -= distance; } - fn truncate(&mut self, amount: usize) { - self.buff = &self.buff[..self.buff.len() - amount]; - } - fn reset(&mut self) { self.pos = 0; } - - fn peek_next(&self, count: usize) -> &[u8] { &self.buff[self.pos..count] } - - fn take_next(&mut self, count: usize) -> &[u8] { - let r = &self.buff[self.pos..self.pos + count]; - self.pos += count; - r - } -} - -pub struct OwnedReadBuffer { - buff: Vec, - len: usize, - pos: usize -} - -impl OwnedReadBuffer { - pub fn new(buff: Vec) -> OwnedReadBuffer { - let len = buff.len(); - OwnedReadBuffer { - buff: buff, - len: len, - pos: 0 - } - } - pub fn new_with_len<'a>(buff: Vec, len: usize) -> OwnedReadBuffer { - OwnedReadBuffer { - buff: buff, - len: len, - pos: 0 - } - } - pub fn into_write_buffer(self) -> OwnedWriteBuffer { - OwnedWriteBuffer::new(self.buff) - } - pub fn borrow_write_buffer(&mut self) -> BorrowedWriteBuffer { - self.pos = 0; - self.len = 0; - BorrowedWriteBuffer::new(self) - } -} - -impl ReadBuffer for OwnedReadBuffer { - fn is_empty(&self) -> bool { self.pos == self.len } - fn is_full(&self) -> bool { self.pos == 0 } - fn remaining(&self) -> usize { self.len - self.pos } - fn capacity(&self) -> usize { self.len } - - fn rewind(&mut self, distance: usize) { self.pos -= distance; } - fn truncate(&mut self, amount: usize) { self.len -= amount; } - fn reset(&mut self) { self.pos = 0; } - - fn peek_next(&self, count: usize) -> &[u8] { &self.buff[self.pos..count] } - - fn take_next(&mut self, count: usize) -> &[u8] { - let r = &self.buff[self.pos..self.pos + count]; - self.pos += count; - r - } -} - -pub struct RefWriteBuffer<'a> { - buff: &'a mut [u8], - len: usize, - pos: usize -} - -impl <'a> RefWriteBuffer<'a> { - pub fn new(buff: &mut [u8]) -> RefWriteBuffer { - let len = buff.len(); - RefWriteBuffer { - buff: buff, - len: len, - pos: 0 - } - } -} - -impl <'a> WriteBuffer for RefWriteBuffer<'a> { - fn is_empty(&self) -> bool { self.pos == 0 } - fn is_full(&self) -> bool { self.pos == self.len } - fn remaining(&self) -> usize { self.len - self.pos } - fn capacity(&self) -> usize { self.len } - - fn rewind(&mut self, distance: usize) { self.pos -= distance; } - fn reset(&mut self) { self.pos = 0; } - - fn peek_read_buffer(&mut self) -> RefReadBuffer { - RefReadBuffer::new(&mut self.buff[..self.pos]) - } - - fn take_next(&mut self, count: usize) -> &mut [u8] { - let r = &mut self.buff[self.pos..self.pos + count]; - self.pos += count; - r - } - fn take_read_buffer(&mut self) -> RefReadBuffer { - let r = RefReadBuffer::new(&mut self.buff[..self.pos]); - self.pos = 0; - r - } -} - -pub struct BorrowedWriteBuffer<'a> { - parent: &'a mut OwnedReadBuffer, - pos: usize, - len: usize -} - -impl <'a> BorrowedWriteBuffer<'a> { - fn new(parent: &mut OwnedReadBuffer) -> BorrowedWriteBuffer { - let buff_len = parent.buff.len(); - BorrowedWriteBuffer { - parent: parent, - pos: 0, - len: buff_len - } - } -} - -impl <'a> WriteBuffer for BorrowedWriteBuffer<'a> { - fn is_empty(&self) -> bool { self.pos == 0 } - fn is_full(&self) -> bool { self.pos == self.len } - fn remaining(&self) -> usize { self.len - self.pos } - fn capacity(&self) -> usize { self.len } - - fn rewind(&mut self, distance: usize) { - self.pos -= distance; - self.parent.len -= distance; - } - fn reset(&mut self) { - self.pos = 0; - self.parent.len = 0; - } - - fn peek_read_buffer(&mut self) -> RefReadBuffer { - RefReadBuffer::new(&self.parent.buff[..self.pos]) - } - - fn take_next<>(&mut self, count: usize) -> &mut [u8] { - let r = &mut self.parent.buff[self.pos..self.pos + count]; - self.pos += count; - self.parent.len += count; - r - } - fn take_read_buffer(&mut self) -> RefReadBuffer { - let r = RefReadBuffer::new(&self.parent.buff[..self.pos]); - self.pos = 0; - self.parent.len = 0; - r - } -} - -pub struct OwnedWriteBuffer { - buff: Vec, - len: usize, - pos: usize -} - -impl OwnedWriteBuffer { - pub fn new(buff: Vec) -> OwnedWriteBuffer { - let len = buff.len(); - OwnedWriteBuffer { - buff: buff, - len: len, - pos: 0 - } - } - pub fn into_read_buffer(self) -> OwnedReadBuffer { - let pos = self.pos; - OwnedReadBuffer::new_with_len(self.buff, pos) - } -} - -impl WriteBuffer for OwnedWriteBuffer { - fn is_empty(&self) -> bool { self.pos == 0 } - fn is_full(&self) -> bool { self.pos == self.len } - fn remaining(&self) -> usize { self.len - self.pos } - fn capacity(&self) -> usize { self.len } - - fn rewind(&mut self, distance: usize) { self.pos -= distance; } - fn reset(&mut self) { self.pos = 0; } - - fn peek_read_buffer<'a>(&'a mut self) -> RefReadBuffer<'a> { - RefReadBuffer::new(&self.buff[..self.pos]) - } - - fn take_next<'a>(&'a mut self, count: usize) -> &'a mut [u8] { - let r = &mut self.buff[self.pos..self.pos + count]; - self.pos += count; - r - } - fn take_read_buffer<'a>(&'a mut self) -> RefReadBuffer<'a> { - let r = RefReadBuffer::new(&self.buff[..self.pos]); - self.pos = 0; - r - } -} diff --git a/rcw/src/chacha20.rs b/rcw/src/chacha20.rs deleted file mode 100644 index 0167970..0000000 --- a/rcw/src/chacha20.rs +++ /dev/null @@ -1,634 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. -use std::cmp; - -use buffer::{BufferResult, RefReadBuffer, RefWriteBuffer}; -use symmetriccipher::{Encryptor, Decryptor, SynchronousStreamCipher, SymmetricCipherError}; -use cryptoutil::{read_u32_le, symm_enc_or_dec, write_u32_le, xor_keystream}; -use simd::u32x4; - -#[derive(Clone,Copy)] -struct ChaChaState { - a: u32x4, - b: u32x4, - c: u32x4, - d: u32x4 -} - -#[derive(Copy)] -pub struct ChaCha20 { - state : ChaChaState, - output : [u8; 64], - offset : usize, -} - -impl Clone for ChaCha20 { fn clone(&self) -> ChaCha20 { *self } } - -macro_rules! swizzle{ - ($b: expr, $c: expr, $d: expr) => {{ - let u32x4(b10, b11, b12, b13) = $b; - $b = u32x4(b11, b12, b13, b10); - let u32x4(c10, c11, c12, c13) = $c; - $c = u32x4(c12, c13,c10, c11); - let u32x4(d10, d11, d12, d13) = $d; - $d = u32x4(d13, d10, d11, d12); - }} -} - -macro_rules! state_to_buffer { - ($state: expr, $output: expr) => {{ - let u32x4(a1, a2, a3, a4) = $state.a; - let u32x4(b1, b2, b3, b4) = $state.b; - let u32x4(c1, c2, c3, c4) = $state.c; - let u32x4(d1, d2, d3, d4) = $state.d; - let lens = [ - a1,a2,a3,a4, - b1,b2,b3,b4, - c1,c2,c3,c4, - d1,d2,d3,d4 - ]; - for i in 0..lens.len() { - write_u32_le(&mut $output[i*4..(i+1)*4], lens[i]); - } - }} -} - -macro_rules! round{ - ($state: expr) => {{ - $state.a = $state.a + $state.b; - rotate!($state.d, $state.a, S16); - $state.c = $state.c + $state.d; - rotate!($state.b, $state.c, S12); - $state.a = $state.a + $state.b; - rotate!($state.d, $state.a, S8); - $state.c = $state.c + $state.d; - rotate!($state.b, $state.c, S7); - }} -} - -macro_rules! rotate { - ($a: expr, $b: expr, $c:expr) => {{ - let v = $a ^ $b; - let r = S32 - $c; - let right = v >> r; - $a = (v << $c) ^ right - }} -} - -static S32:u32x4 = u32x4(32, 32, 32, 32); -static S16:u32x4 = u32x4(16, 16, 16, 16); -static S12:u32x4 = u32x4(12, 12, 12, 12); -static S8:u32x4 = u32x4(8, 8, 8, 8); -static S7:u32x4 = u32x4(7, 7, 7, 7); - -impl ChaCha20 { - pub fn new(key: &[u8], nonce: &[u8]) -> ChaCha20 { - assert!(key.len() == 16 || key.len() == 32); - assert!(nonce.len() == 8 || nonce.len() == 12); - - ChaCha20{ state: ChaCha20::expand(key, nonce), output: [0u8; 64], offset: 64 } - } - - pub fn new_xchacha20(key: &[u8], nonce: &[u8]) -> ChaCha20 { - assert!(key.len() == 32); - assert!(nonce.len() == 24); - - // HChaCha20 produces a 256-bit output block starting from a 512 bit - // input block where (x0,x1,...,x15) where - // - // * (x0, x1, x2, x3) is the ChaCha20 constant. - // * (x4, x5, ... x11) is a 256 bit key. - // * (x12, x13, x14, x15) is a 128 bit nonce. - let mut xchacha20 = ChaCha20{ state: ChaCha20::expand(key, &nonce[0..16]), output: [0u8; 64], offset: 64 }; - - // Use HChaCha to derive the subkey, and initialize a ChaCha20 instance - // with the subkey and the remaining 8 bytes of the nonce. - let mut new_key = [0; 32]; - xchacha20.hchacha20(&mut new_key); - xchacha20.state = ChaCha20::expand(&new_key, &nonce[16..24]); - - xchacha20 - } - - fn expand(key: &[u8], nonce: &[u8]) -> ChaChaState { - - let constant = match key.len() { - 16 => b"expand 16-byte k", - 32 => b"expand 32-byte k", - _ => unreachable!(), - }; - ChaChaState { - a: u32x4( - read_u32_le(&constant[0..4]), - read_u32_le(&constant[4..8]), - read_u32_le(&constant[8..12]), - read_u32_le(&constant[12..16]) - ), - b: u32x4( - read_u32_le(&key[0..4]), - read_u32_le(&key[4..8]), - read_u32_le(&key[8..12]), - read_u32_le(&key[12..16]) - ), - c: if key.len() == 16 { - u32x4( - read_u32_le(&key[0..4]), - read_u32_le(&key[4..8]), - read_u32_le(&key[8..12]), - read_u32_le(&key[12..16]) - ) - } else { - u32x4( - read_u32_le(&key[16..20]), - read_u32_le(&key[20..24]), - read_u32_le(&key[24..28]), - read_u32_le(&key[28..32]) - ) - }, - d: if nonce.len() == 16 { - u32x4( - read_u32_le(&nonce[0..4]), - read_u32_le(&nonce[4..8]), - read_u32_le(&nonce[8..12]), - read_u32_le(&nonce[12..16]) - ) - } else if nonce.len() == 12 { - u32x4( - 0, - read_u32_le(&nonce[0..4]), - read_u32_le(&nonce[4..8]), - read_u32_le(&nonce[8..12]) - ) - } else { - u32x4( - 0, - 0, - read_u32_le(&nonce[0..4]), - read_u32_le(&nonce[4..8]) - ) - } - } - } - - fn hchacha20(&mut self, out: &mut [u8]) -> () { - let mut state = self.state; - - // Apply r/2 iterations of the same "double-round" function, - // obtaining (z0, z1, ... z15) = doubleround r/2 (x0, x1, ... x15). - for _ in 0..10 { - round!(state); - let u32x4(b10, b11, b12, b13) = state.b; - state.b = u32x4(b11, b12, b13, b10); - let u32x4(c10, c11, c12, c13) = state.c; - state.c = u32x4(c12, c13,c10, c11); - let u32x4(d10, d11, d12, d13) = state.d; - state.d = u32x4(d13, d10, d11, d12); - round!(state); - let u32x4(b20, b21, b22, b23) = state.b; - state.b = u32x4(b23, b20, b21, b22); - let u32x4(c20, c21, c22, c23) = state.c; - state.c = u32x4(c22, c23, c20, c21); - let u32x4(d20, d21, d22, d23) = state.d; - state.d = u32x4(d21, d22, d23, d20); - } - - // HChaCha20 then outputs the 256-bit block (z0, z1, z2, z3, z12, z13, - // z14, z15). These correspond to the constant and input positions in - // the ChaCha matrix. - let u32x4(a1, a2, a3, a4) = state.a; - let u32x4(d1, d2, d3, d4) = state.d; - let lens = [ - a1,a2,a3,a4, - d1,d2,d3,d4 - ]; - for i in 0..lens.len() { - write_u32_le(&mut out[i*4..(i+1)*4], lens[i]); - } - } - - // put the the next 64 keystream bytes into self.output - fn update(&mut self) { - let mut state = self.state; - - for _ in 0..10 { - round!(state); - swizzle!(state.b, state.c, state.d); - round!(state); - swizzle!(state.d, state.c, state.b); - } - state.a = state.a + self.state.a; - state.b = state.b + self.state.b; - state.c = state.c + self.state.c; - state.d = state.d + self.state.d; - - state_to_buffer!(state, self.output); - - self.state.d = self.state.d + u32x4(1, 0, 0, 0); - let u32x4(c12, _, _, _) = self.state.d; - if c12 == 0 { - // we could increment the other counter word with an 8 byte nonce - // but other implementations like boringssl have this same - // limitation - panic!("counter is exhausted"); - } - - self.offset = 0; - } -} - -impl SynchronousStreamCipher for ChaCha20 { - fn process(&mut self, input: &[u8], output: &mut [u8]) { - assert!(input.len() == output.len()); - let len = input.len(); - let mut i = 0; - while i < len { - // If there is no keystream available in the output buffer, - // generate the next block. - if self.offset == 64 { - self.update(); - } - - // Process the min(available keystream, remaining input length). - let count = cmp::min(64 - self.offset, len - i); - xor_keystream(&mut output[i..i+count], &input[i..i+count], &self.output[self.offset..]); - i += count; - self.offset += count; - } - } -} - -impl Encryptor for ChaCha20 { - fn encrypt(&mut self, input: &mut RefReadBuffer, output: &mut RefWriteBuffer, _: bool) - -> Result { - symm_enc_or_dec(self, input, output) - } -} - -impl Decryptor for ChaCha20 { - fn decrypt(&mut self, input: &mut RefReadBuffer, output: &mut RefWriteBuffer, _: bool) - -> Result { - symm_enc_or_dec(self, input, output) - } -} - -#[cfg(test)] -mod test { - use std::iter::repeat; - - use chacha20::ChaCha20; - use symmetriccipher::SynchronousStreamCipher; - - #[test] - fn test_chacha20_256_tls_vectors() { - struct TestVector { - key: [u8; 32], - nonce: [u8; 8], - keystream: Vec, - }; - // taken from http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04 - let test_vectors = vec!( - TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ], - keystream: vec!( - 0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90, - 0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28, - 0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a, - 0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7, - 0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d, - 0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37, - 0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c, - 0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86, - ), - }, TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ], - keystream: vec!( - 0x45, 0x40, 0xf0, 0x5a, 0x9f, 0x1f, 0xb2, 0x96, - 0xd7, 0x73, 0x6e, 0x7b, 0x20, 0x8e, 0x3c, 0x96, - 0xeb, 0x4f, 0xe1, 0x83, 0x46, 0x88, 0xd2, 0x60, - 0x4f, 0x45, 0x09, 0x52, 0xed, 0x43, 0x2d, 0x41, - 0xbb, 0xe2, 0xa0, 0xb6, 0xea, 0x75, 0x66, 0xd2, - 0xa5, 0xd1, 0xe7, 0xe2, 0x0d, 0x42, 0xaf, 0x2c, - 0x53, 0xd7, 0x92, 0xb1, 0xc4, 0x3f, 0xea, 0x81, - 0x7e, 0x9a, 0xd2, 0x75, 0xae, 0x54, 0x69, 0x63, - ), - }, TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ], - keystream: vec!( - 0xde, 0x9c, 0xba, 0x7b, 0xf3, 0xd6, 0x9e, 0xf5, - 0xe7, 0x86, 0xdc, 0x63, 0x97, 0x3f, 0x65, 0x3a, - 0x0b, 0x49, 0xe0, 0x15, 0xad, 0xbf, 0xf7, 0x13, - 0x4f, 0xcb, 0x7d, 0xf1, 0x37, 0x82, 0x10, 0x31, - 0xe8, 0x5a, 0x05, 0x02, 0x78, 0xa7, 0x08, 0x45, - 0x27, 0x21, 0x4f, 0x73, 0xef, 0xc7, 0xfa, 0x5b, - 0x52, 0x77, 0x06, 0x2e, 0xb7, 0xa0, 0x43, 0x3e, - 0x44, 0x5f, 0x41, 0xe3, - ), - }, TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - nonce: [ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ], - keystream: vec!( - 0xef, 0x3f, 0xdf, 0xd6, 0xc6, 0x15, 0x78, 0xfb, - 0xf5, 0xcf, 0x35, 0xbd, 0x3d, 0xd3, 0x3b, 0x80, - 0x09, 0x63, 0x16, 0x34, 0xd2, 0x1e, 0x42, 0xac, - 0x33, 0x96, 0x0b, 0xd1, 0x38, 0xe5, 0x0d, 0x32, - 0x11, 0x1e, 0x4c, 0xaf, 0x23, 0x7e, 0xe5, 0x3c, - 0xa8, 0xad, 0x64, 0x26, 0x19, 0x4a, 0x88, 0x54, - 0x5d, 0xdc, 0x49, 0x7a, 0x0b, 0x46, 0x6e, 0x7d, - 0x6b, 0xbd, 0xb0, 0x04, 0x1b, 0x2f, 0x58, 0x6b, - ), - }, TestVector{ - key: [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - ], - nonce: [ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 ], - keystream: vec!( - 0xf7, 0x98, 0xa1, 0x89, 0xf1, 0x95, 0xe6, 0x69, - 0x82, 0x10, 0x5f, 0xfb, 0x64, 0x0b, 0xb7, 0x75, - 0x7f, 0x57, 0x9d, 0xa3, 0x16, 0x02, 0xfc, 0x93, - 0xec, 0x01, 0xac, 0x56, 0xf8, 0x5a, 0xc3, 0xc1, - 0x34, 0xa4, 0x54, 0x7b, 0x73, 0x3b, 0x46, 0x41, - 0x30, 0x42, 0xc9, 0x44, 0x00, 0x49, 0x17, 0x69, - 0x05, 0xd3, 0xbe, 0x59, 0xea, 0x1c, 0x53, 0xf1, - 0x59, 0x16, 0x15, 0x5c, 0x2b, 0xe8, 0x24, 0x1a, - 0x38, 0x00, 0x8b, 0x9a, 0x26, 0xbc, 0x35, 0x94, - 0x1e, 0x24, 0x44, 0x17, 0x7c, 0x8a, 0xde, 0x66, - 0x89, 0xde, 0x95, 0x26, 0x49, 0x86, 0xd9, 0x58, - 0x89, 0xfb, 0x60, 0xe8, 0x46, 0x29, 0xc9, 0xbd, - 0x9a, 0x5a, 0xcb, 0x1c, 0xc1, 0x18, 0xbe, 0x56, - 0x3e, 0xb9, 0xb3, 0xa4, 0xa4, 0x72, 0xf8, 0x2e, - 0x09, 0xa7, 0xe7, 0x78, 0x49, 0x2b, 0x56, 0x2e, - 0xf7, 0x13, 0x0e, 0x88, 0xdf, 0xe0, 0x31, 0xc7, - 0x9d, 0xb9, 0xd4, 0xf7, 0xc7, 0xa8, 0x99, 0x15, - 0x1b, 0x9a, 0x47, 0x50, 0x32, 0xb6, 0x3f, 0xc3, - 0x85, 0x24, 0x5f, 0xe0, 0x54, 0xe3, 0xdd, 0x5a, - 0x97, 0xa5, 0xf5, 0x76, 0xfe, 0x06, 0x40, 0x25, - 0xd3, 0xce, 0x04, 0x2c, 0x56, 0x6a, 0xb2, 0xc5, - 0x07, 0xb1, 0x38, 0xdb, 0x85, 0x3e, 0x3d, 0x69, - 0x59, 0x66, 0x09, 0x96, 0x54, 0x6c, 0xc9, 0xc4, - 0xa6, 0xea, 0xfd, 0xc7, 0x77, 0xc0, 0x40, 0xd7, - 0x0e, 0xaf, 0x46, 0xf7, 0x6d, 0xad, 0x39, 0x79, - 0xe5, 0xc5, 0x36, 0x0c, 0x33, 0x17, 0x16, 0x6a, - 0x1c, 0x89, 0x4c, 0x94, 0xa3, 0x71, 0x87, 0x6a, - 0x94, 0xdf, 0x76, 0x28, 0xfe, 0x4e, 0xaa, 0xf2, - 0xcc, 0xb2, 0x7d, 0x5a, 0xaa, 0xe0, 0xad, 0x7a, - 0xd0, 0xf9, 0xd4, 0xb6, 0xad, 0x3b, 0x54, 0x09, - 0x87, 0x46, 0xd4, 0x52, 0x4d, 0x38, 0x40, 0x7a, - 0x6d, 0xeb, 0x3a, 0xb7, 0x8f, 0xab, 0x78, 0xc9, - ), - }, - ); - - for tv in test_vectors.iter() { - let mut c = ChaCha20::new(&tv.key, &tv.nonce); - let input: Vec = repeat(0).take(tv.keystream.len()).collect(); - let mut output: Vec = repeat(0).take(input.len()).collect(); - c.process(&input[..], &mut output[..]); - assert_eq!(output, tv.keystream); - } - } - - #[test] - fn test_xchacha20_basic() { - // There aren't any convenient test vectors for XChaCha/20, - // so, a simple test case was generated using Andrew Moon's - // chacha-opt library, with the key/nonce from test_salsa20_cryptopp(). - let key = - [0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, - 0x62, 0xcd, 0x51, 0x19, 0x7a, 0x9a, 0x46, 0xc7, - 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64, 0x74, 0xf2, - 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89]; - let nonce = - [0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, - 0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6, - 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37]; - let input = [0u8; 139]; - let mut stream = [0u8; 139]; - let result = - [0x4f, 0xeb, 0xf2, 0xfe, 0x4b, 0x35, 0x9c, 0x50, - 0x8d, 0xc5, 0xe8, 0xb5, 0x98, 0x0c, 0x88, 0xe3, - 0x89, 0x46, 0xd8, 0xf1, 0x8f, 0x31, 0x34, 0x65, - 0xc8, 0x62, 0xa0, 0x87, 0x82, 0x64, 0x82, 0x48, - 0x01, 0x8d, 0xac, 0xdc, 0xb9, 0x04, 0x17, 0x88, - 0x53, 0xa4, 0x6d, 0xca, 0x3a, 0x0e, 0xaa, 0xee, - 0x74, 0x7c, 0xba, 0x97, 0x43, 0x4e, 0xaf, 0xfa, - 0xd5, 0x8f, 0xea, 0x82, 0x22, 0x04, 0x7e, 0x0d, - 0xe6, 0xc3, 0xa6, 0x77, 0x51, 0x06, 0xe0, 0x33, - 0x1a, 0xd7, 0x14, 0xd2, 0xf2, 0x7a, 0x55, 0x64, - 0x13, 0x40, 0xa1, 0xf1, 0xdd, 0x9f, 0x94, 0x53, - 0x2e, 0x68, 0xcb, 0x24, 0x1c, 0xbd, 0xd1, 0x50, - 0x97, 0x0d, 0x14, 0xe0, 0x5c, 0x5b, 0x17, 0x31, - 0x93, 0xfb, 0x14, 0xf5, 0x1c, 0x41, 0xf3, 0x93, - 0x83, 0x5b, 0xf7, 0xf4, 0x16, 0xa7, 0xe0, 0xbb, - 0xa8, 0x1f, 0xfb, 0x8b, 0x13, 0xaf, 0x0e, 0x21, - 0x69, 0x1d, 0x7e, 0xce, 0xc9, 0x3b, 0x75, 0xe6, - 0xe4, 0x18, 0x3a]; - - let mut xchacha20 = ChaCha20::new_xchacha20(&key, &nonce); - xchacha20.process(&input, &mut stream); - assert!(stream[..] == result[..]); - } - - #[test] - fn test_chacha20_256_tls_vectors_96_nonce() { - struct TestVector { - key: [u8; 32], - nonce: [u8; 12], - keystream: Vec, - }; - // taken from http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04 - let test_vectors = vec!( - TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ], - keystream: vec!( - 0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90, - 0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28, - 0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a, - 0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7, - 0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d, - 0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37, - 0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c, - 0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86, - ), - }, TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ], - keystream: vec!( - 0x45, 0x40, 0xf0, 0x5a, 0x9f, 0x1f, 0xb2, 0x96, - 0xd7, 0x73, 0x6e, 0x7b, 0x20, 0x8e, 0x3c, 0x96, - 0xeb, 0x4f, 0xe1, 0x83, 0x46, 0x88, 0xd2, 0x60, - 0x4f, 0x45, 0x09, 0x52, 0xed, 0x43, 0x2d, 0x41, - 0xbb, 0xe2, 0xa0, 0xb6, 0xea, 0x75, 0x66, 0xd2, - 0xa5, 0xd1, 0xe7, 0xe2, 0x0d, 0x42, 0xaf, 0x2c, - 0x53, 0xd7, 0x92, 0xb1, 0xc4, 0x3f, 0xea, 0x81, - 0x7e, 0x9a, 0xd2, 0x75, 0xae, 0x54, 0x69, 0x63, - ), - }, TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ], - keystream: vec!( - 0xde, 0x9c, 0xba, 0x7b, 0xf3, 0xd6, 0x9e, 0xf5, - 0xe7, 0x86, 0xdc, 0x63, 0x97, 0x3f, 0x65, 0x3a, - 0x0b, 0x49, 0xe0, 0x15, 0xad, 0xbf, 0xf7, 0x13, - 0x4f, 0xcb, 0x7d, 0xf1, 0x37, 0x82, 0x10, 0x31, - 0xe8, 0x5a, 0x05, 0x02, 0x78, 0xa7, 0x08, 0x45, - 0x27, 0x21, 0x4f, 0x73, 0xef, 0xc7, 0xfa, 0x5b, - 0x52, 0x77, 0x06, 0x2e, 0xb7, 0xa0, 0x43, 0x3e, - 0x44, 0x5f, 0x41, 0xe3, - ), - }, TestVector{ - key: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - nonce: [ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ], - keystream: vec!( - 0xef, 0x3f, 0xdf, 0xd6, 0xc6, 0x15, 0x78, 0xfb, - 0xf5, 0xcf, 0x35, 0xbd, 0x3d, 0xd3, 0x3b, 0x80, - 0x09, 0x63, 0x16, 0x34, 0xd2, 0x1e, 0x42, 0xac, - 0x33, 0x96, 0x0b, 0xd1, 0x38, 0xe5, 0x0d, 0x32, - 0x11, 0x1e, 0x4c, 0xaf, 0x23, 0x7e, 0xe5, 0x3c, - 0xa8, 0xad, 0x64, 0x26, 0x19, 0x4a, 0x88, 0x54, - 0x5d, 0xdc, 0x49, 0x7a, 0x0b, 0x46, 0x6e, 0x7d, - 0x6b, 0xbd, 0xb0, 0x04, 0x1b, 0x2f, 0x58, 0x6b, - ), - }, TestVector{ - key: [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - ], - nonce: [0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 ], - keystream: vec!( - 0xf7, 0x98, 0xa1, 0x89, 0xf1, 0x95, 0xe6, 0x69, - 0x82, 0x10, 0x5f, 0xfb, 0x64, 0x0b, 0xb7, 0x75, - 0x7f, 0x57, 0x9d, 0xa3, 0x16, 0x02, 0xfc, 0x93, - 0xec, 0x01, 0xac, 0x56, 0xf8, 0x5a, 0xc3, 0xc1, - 0x34, 0xa4, 0x54, 0x7b, 0x73, 0x3b, 0x46, 0x41, - 0x30, 0x42, 0xc9, 0x44, 0x00, 0x49, 0x17, 0x69, - 0x05, 0xd3, 0xbe, 0x59, 0xea, 0x1c, 0x53, 0xf1, - 0x59, 0x16, 0x15, 0x5c, 0x2b, 0xe8, 0x24, 0x1a, - 0x38, 0x00, 0x8b, 0x9a, 0x26, 0xbc, 0x35, 0x94, - 0x1e, 0x24, 0x44, 0x17, 0x7c, 0x8a, 0xde, 0x66, - 0x89, 0xde, 0x95, 0x26, 0x49, 0x86, 0xd9, 0x58, - 0x89, 0xfb, 0x60, 0xe8, 0x46, 0x29, 0xc9, 0xbd, - 0x9a, 0x5a, 0xcb, 0x1c, 0xc1, 0x18, 0xbe, 0x56, - 0x3e, 0xb9, 0xb3, 0xa4, 0xa4, 0x72, 0xf8, 0x2e, - 0x09, 0xa7, 0xe7, 0x78, 0x49, 0x2b, 0x56, 0x2e, - 0xf7, 0x13, 0x0e, 0x88, 0xdf, 0xe0, 0x31, 0xc7, - 0x9d, 0xb9, 0xd4, 0xf7, 0xc7, 0xa8, 0x99, 0x15, - 0x1b, 0x9a, 0x47, 0x50, 0x32, 0xb6, 0x3f, 0xc3, - 0x85, 0x24, 0x5f, 0xe0, 0x54, 0xe3, 0xdd, 0x5a, - 0x97, 0xa5, 0xf5, 0x76, 0xfe, 0x06, 0x40, 0x25, - 0xd3, 0xce, 0x04, 0x2c, 0x56, 0x6a, 0xb2, 0xc5, - 0x07, 0xb1, 0x38, 0xdb, 0x85, 0x3e, 0x3d, 0x69, - 0x59, 0x66, 0x09, 0x96, 0x54, 0x6c, 0xc9, 0xc4, - 0xa6, 0xea, 0xfd, 0xc7, 0x77, 0xc0, 0x40, 0xd7, - 0x0e, 0xaf, 0x46, 0xf7, 0x6d, 0xad, 0x39, 0x79, - 0xe5, 0xc5, 0x36, 0x0c, 0x33, 0x17, 0x16, 0x6a, - 0x1c, 0x89, 0x4c, 0x94, 0xa3, 0x71, 0x87, 0x6a, - 0x94, 0xdf, 0x76, 0x28, 0xfe, 0x4e, 0xaa, 0xf2, - 0xcc, 0xb2, 0x7d, 0x5a, 0xaa, 0xe0, 0xad, 0x7a, - 0xd0, 0xf9, 0xd4, 0xb6, 0xad, 0x3b, 0x54, 0x09, - 0x87, 0x46, 0xd4, 0x52, 0x4d, 0x38, 0x40, 0x7a, - 0x6d, 0xeb, 0x3a, 0xb7, 0x8f, 0xab, 0x78, 0xc9, - ), - }, - ); - - for tv in test_vectors.iter() { - let mut c = ChaCha20::new(&tv.key, &tv.nonce); - let input: Vec = repeat(0).take(tv.keystream.len()).collect(); - let mut output: Vec = repeat(0).take(input.len()).collect(); - c.process(&input[..], &mut output[..]); - assert_eq!(output, tv.keystream); - } - } -} - -#[cfg(all(test, feature = "with-bench"))] -mod bench { - use test::Bencher; - use symmetriccipher::SynchronousStreamCipher; - use chacha20::ChaCha20; - - #[bench] - pub fn chacha20_10(bh: & mut Bencher) { - let mut chacha20 = ChaCha20::new(&[0; 32], &[0; 8]); - let input = [1u8; 10]; - let mut output = [0u8; 10]; - bh.iter( || { - chacha20.process(&input, &mut output); - }); - bh.bytes = input.len() as u64; - } - - #[bench] - pub fn chacha20_1k(bh: & mut Bencher) { - let mut chacha20 = ChaCha20::new(&[0; 32], &[0; 8]); - let input = [1u8; 1024]; - let mut output = [0u8; 1024]; - bh.iter( || { - chacha20.process(&input, &mut output); - }); - bh.bytes = input.len() as u64; - } - - #[bench] - pub fn chacha20_64k(bh: & mut Bencher) { - let mut chacha20 = ChaCha20::new(&[0; 32], &[0; 8]); - let input = [1u8; 65536]; - let mut output = [0u8; 65536]; - bh.iter( || { - chacha20.process(&input, &mut output); - }); - bh.bytes = input.len() as u64; - } -} diff --git a/rcw/src/chacha20poly1305.rs b/rcw/src/chacha20poly1305.rs deleted file mode 100644 index 61845ff..0000000 --- a/rcw/src/chacha20poly1305.rs +++ /dev/null @@ -1,801 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use aead::{AeadEncryptor,AeadDecryptor}; - -use chacha20::ChaCha20; -use symmetriccipher::SynchronousStreamCipher; -use poly1305::Poly1305; -use mac::Mac; -use cryptoutil::{write_u64_le}; -use util::fixed_time_eq; -#[derive(Clone, Copy)] -pub struct ChaCha20Poly1305 { - cipher : ChaCha20, - mac: Poly1305, - finished: bool, - data_len: usize -} - -impl ChaCha20Poly1305 { - pub fn new(key: &[u8], nonce: &[u8], aad: &[u8]) -> ChaCha20Poly1305 { - assert!(key.len() == 16 || key.len() == 32); - assert!(nonce.len() == 8 || nonce.len() == 12); - - let mut cipher = ChaCha20::new(key, nonce); - let mut mac_key = [0u8; 64]; - let zero_key = [0u8; 64]; - cipher.process(&zero_key, &mut mac_key); - - let mut mac = Poly1305::new(&mac_key[..32]); - mac.input(aad); - let mut aad_len = [0u8; 8]; - let aad_len_uint: u64 = aad.len() as u64; - write_u64_le(&mut aad_len, aad_len_uint); - mac.input(&aad_len); - ChaCha20Poly1305 { - cipher: cipher, - mac: mac, - finished: false, - data_len: 0 - } - } -} - -impl AeadEncryptor for ChaCha20Poly1305 { - fn encrypt(&mut self, input: &[u8], output: &mut [u8], out_tag: &mut [u8]) { - assert!(input.len() == output.len()); - assert!(self.finished == false); - self.cipher.process(input, output); - self.data_len += input.len(); - self.mac.input(output); - self.finished = true; - let mut data_len_buf = [0u8; 8]; - write_u64_le(&mut data_len_buf, self.data_len as u64); - self.mac.input(&data_len_buf); - self.mac.raw_result(out_tag); - } -} - -impl AeadDecryptor for ChaCha20Poly1305 { - fn decrypt(&mut self, input: &[u8], output: &mut [u8], tag: &[u8]) -> bool { - assert!(input.len() == output.len()); - assert!(self.finished == false); - - self.finished = true; - - self.mac.input(input); - - self.data_len += input.len(); - let mut data_len_buf = [0u8; 8]; - - write_u64_le(&mut data_len_buf, self.data_len as u64); - self.mac.input(&data_len_buf); - - let mut calc_tag = [0u8; 16]; - self.mac.raw_result(&mut calc_tag); - if fixed_time_eq(&calc_tag, tag) { - self.cipher.process(input, output); - true - } else { - false - } - } -} -#[cfg(test)] -mod test { - use std::iter::repeat; - - use chacha20poly1305::ChaCha20Poly1305; - use aead::{AeadEncryptor,AeadDecryptor}; - struct TestVector { - key: [u8; 32], - nonce: [u8; 8], - plain_text: Vec, - cipher_text: Vec, - aad: Vec, - tag: Vec - } - - #[test] - fn test_chacha20_256_poly1305_boringssl_vectors_encrypt() { - - for tv in get_test_vectors().iter() { - if tv.tag.len() < 16 { - continue; - } - let mut c = ChaCha20Poly1305::new(&tv.key, &tv.nonce, &tv.aad[..]); - let mut output: Vec = repeat(0).take(tv.plain_text.len()).collect(); - let mut tag: Vec = repeat(0).take(tv.tag.len()).collect(); - c.encrypt(&tv.plain_text[..], &mut output[..], &mut tag[..]); - assert_eq!(output, tv.cipher_text); - assert_eq!(tag, tv.tag); - } - } - #[test] - fn test_chacha20_256_poly1305_boringssl_vectors_decrypt() { - - for tv in get_test_vectors().iter() { - if tv.tag.len() < 16 { - continue; - } - let mut c = ChaCha20Poly1305::new(&tv.key, &tv.nonce, &tv.aad[..]); - let mut output: Vec = repeat(0).take(tv.plain_text.len()).collect(); - let result = c.decrypt(&tv.cipher_text[..], &mut output[..], &tv.tag[..]); - assert_eq!(output, tv.plain_text); - assert!(result); - } - } - fn get_test_vectors()-> Vec{ - vec!( - TestVector { - key: [0x9a, 0x97, 0xf6, 0x5b, 0x9b, 0x4c, 0x72, 0x1b, 0x96, 0x0a, 0x67, 0x21, 0x45, 0xfc, 0xa8, 0xd4, 0xe3, 0x2e, 0x67, 0xf9, 0x11, 0x1e, 0xa9, 0x79, 0xce, 0x9c, 0x48, 0x26, 0x80, 0x6a, 0xee, 0xe6], - nonce: [0x3d, 0xe9, 0xc0, 0xda, 0x2b, 0xd7, 0xf9, 0x1e], - aad: vec!(), - plain_text: vec!(), - cipher_text: vec!(), - tag: vec!(0x5a, 0x6e, 0x21, 0xf4, 0xba, 0x6d, 0xbe, 0xe5, 0x73, 0x80, 0xe7, 0x9e, 0x79, 0xc3, 0x0d, 0xef) - }, - TestVector{ - key: [0xbc, 0xb2, 0x63, 0x9b, 0xf9, 0x89, 0xc6, 0x25, 0x1b, 0x29, 0xbf, 0x38, 0xd3, 0x9a, 0x9b, 0xdc, 0xe7, 0xc5, 0x5f, 0x4b, 0x2a, 0xc1, 0x2a, 0x39, 0xc8, 0xa3, 0x7b, 0x5d, 0x0a, 0x5c, 0xc2, 0xb5], - nonce: [0x1e, 0x8b, 0x4c, 0x51, 0x0f, 0x5c, 0xa0, 0x83], - plain_text: vec!(0x8c, 0x84, 0x19, 0xbc, 0x27), - aad: vec!(0x34, 0xab, 0x88, 0xc2, 0x65), - cipher_text: vec!(0x1a, 0x7c, 0x2f, 0x33, 0xf5), - tag: vec!(0x28, 0x75, 0xc6, 0x59, 0xd0, 0xf2, 0x80, 0x8d, 0xe3, 0xa4, 0x00, 0x27, 0xfe, 0xff, 0x91, 0xa4) - }, - TestVector{ - key: [0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07], - nonce: [0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a], - plain_text: vec!(0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca), - aad: vec!(0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0), - cipher_text: vec!(0xe3, 0xe4, 0x46, 0xf7, 0xed, 0xe9, 0xa1, 0x9b, 0x62, 0xa4), - tag: vec!(0x67, 0x7d, 0xab, 0xf4, 0xe3, 0xd2, 0x4b, 0x87, 0x6b, 0xb2, 0x84, 0x75, 0x38, 0x96, 0xe1, 0xd6) - }, - TestVector{ - key: [0x42, 0x2a, 0x53, 0x55, 0xb5, 0x6d, 0xcf, 0x2b, 0x43, 0x6a, 0xa8, 0x15, 0x28, 0x58, 0x10, 0x6a, 0x88, 0xd9, 0xba, 0x23, 0xcd, 0xfe, 0x08, 0x7b, 0x5e, 0x74, 0xe8, 0x17, 0xa5, 0x23, 0x88, 0xb3], - nonce: [0x1d, 0x12, 0xd6, 0xd9, 0x18, 0x48, 0xf2, 0xea], - plain_text: vec!(0x53, 0x7a, 0x64, 0x53, 0x87, 0xf2, 0x2d, 0x6f, 0x6d, 0xbb, 0xea, 0x56, 0x8d, 0x3f, 0xeb), - aad: vec!(0xbe, 0xf2, 0x67, 0xc9, 0x9a, 0xec, 0x8a, 0xf5, 0x6b, 0xc2, 0x38, 0x61, 0x2b, 0xfe, 0xa6), - cipher_text: vec!(0x28, 0x1a, 0x36, 0x67, 0x05, 0xc5, 0xa2, 0x4b, 0x94, 0xe5, 0x61, 0x46, 0x68, 0x1e, 0x44), - tag: vec!(0x38, 0xf2, 0xb8, 0xee, 0x3b, 0xe4, 0x4a, 0xbb, 0xa3, 0xc0, 0x10, 0xd9, 0xca, 0xb6, 0xe0, 0x42) - }, - TestVector{ - key: [0xec, 0x7b, 0x86, 0x4a, 0x07, 0x8c, 0x3d, 0x05, 0xd9, 0x70, 0xb6, 0xea, 0x3b, 0xa6, 0xd3, 0x3d, 0x6b, 0xb7, 0x3d, 0xfa, 0x64, 0xc6, 0x22, 0xa4, 0x72, 0x7a, 0x96, 0xed, 0xe8, 0x76, 0xf6, 0x85], - nonce: [0x2b, 0xca, 0x0e, 0x59, 0xe3, 0x95, 0x08, 0xd3], - plain_text: vec!(0xb7, 0x67, 0x33, 0x89, 0x5c, 0x87, 0x1e, 0xdd, 0x72, 0x8a, 0x45, 0xed, 0x1a, 0x21, 0xf1, 0x5a, 0x95, 0x97, 0xd4, 0x9d), - aad: vec!(0xcc, 0x12, 0x43, 0xea, 0x54, 0x27, 0x2d, 0xb6, 0x02, 0xfb, 0x08, 0x53, 0xc8, 0xe7, 0x02, 0x7c, 0x56, 0x33, 0x8b, 0x6c), - cipher_text: vec!(0x1f, 0xb9, 0xb2, 0x95, 0x8f, 0xce, 0x47, 0xa5, 0xca, 0xda, 0x9d, 0x89, 0x5f, 0xbb, 0x0c, 0x00, 0xd3, 0x56, 0x98, 0x58), - tag: vec!(0x04, 0x2a, 0xd5, 0x04, 0x2c, 0x89, 0xeb, 0xc1, 0xaa, 0xd5, 0x7d, 0x3f, 0xb7, 0x03, 0xd3, 0x14) - }, - // TestVector{ - // key: [0x2c, 0x4c, 0x0f, 0xdb, 0x61, 0x1d, 0xf2, 0xd4, 0xd5, 0xe7, 0x89, 0x8c, 0x6a, 0xf0, 0x02, 0x27, 0x95, 0x36, 0x4a, 0xdb, 0x87, 0x49, 0x15, 0x5e, 0x2c, 0x68, 0x77, 0x6a, 0x09, 0x0e, 0x7d, 0x5c], - // nonce: [0x13, 0xce, 0x73, 0x82, 0x73, 0x4c, 0x4a, 0x71], - // plain_text: vec!(0x0d, 0xc6, 0xff, 0x21, 0xa3, 0x46, 0xe1, 0x33, 0x7d, 0xd0, 0xdb, 0x81, 0xd8, 0xf7, 0xd9, 0xf6, 0xfd, 0x18, 0x64, 0x41, 0x8b, 0x98, 0xaa, 0xdc, 0xdb), - // aad: vec!(0x01, 0x15, 0xed, 0xcb, 0x17, 0x6a, 0xb8, 0xbf, 0xa9, 0x47, 0xd1, 0xf7, 0xc3, 0xa8, 0x6a, 0x84, 0x5d, 0x31, 0x0b, 0xf6, 0x70, 0x6c, 0x59, 0xa8, 0xf9), - // cipher_text: vec!(0xda, 0xd6, 0x5e, 0x42, 0x44, 0xa1, 0xa1, 0x7c, 0xe5, 0x9d, 0x88, 0xb0, 0x0a, 0xf4, 0xf7, 0x43, 0x4b, 0xd7, 0x83, 0x0f, 0xfd, 0xd4, 0xc5, 0x55, 0x8f), - // tag: vec!(0xac, 0x14, 0x37, 0xb4, 0x5d, 0x8e, 0xac, 0xf9, 0xc0, 0xfe, 0x54, 0x7c, 0x84, 0xfb, 0x82, 0xa2) - // }, - // TestVector{ - // key: [0xc6, 0x6e, 0x89, 0xfb, 0xab, 0x01, 0x20, 0x8f, 0x6a, 0x60, 0x84, 0x7f, 0x4f, 0x34, 0xb3, 0x8d, 0x27, 0xb5, 0x54, 0xc1, 0x19, 0xcf, 0x8d, 0x9e, 0x0b, 0x11, 0x8a, 0xa7, 0x26, 0x6a, 0xb8, 0x65], - // nonce: [0x5d, 0x98, 0x56, 0x06, 0x0c, 0x54, 0xab, 0x06], - // plain_text: vec!(0xf9, 0xe3, 0xe9, 0xb5, 0xed, 0x07, 0xb2, 0x08, 0x0d, 0xb8, 0xc1, 0xff, 0xc3, 0x7e, 0x4a, 0x6c, 0xb3, 0xcd, 0x54, 0x46, 0x08, 0x92, 0x1e, 0x18, 0x61, 0x0d, 0x00, 0xb1, 0x7c, 0x6e), - // aad: vec!(0x85, 0xc1, 0x12, 0xa1, 0xef, 0xe0, 0xa2, 0x0e, 0xf3, 0xa5, 0x50, 0x52, 0x6a, 0x7a, 0xfb, 0xc9, 0x8f, 0x63, 0x67, 0xeb, 0xbe, 0xde, 0x4e, 0x70, 0x30, 0x99, 0xab, 0xd7, 0x8f, 0x51), - // cipher_text: vec!(0xb5, 0xcc, 0x75, 0x4f, 0x6d, 0xd1, 0x9e, 0xf2, 0xd6, 0x6f, 0x90, 0xe6, 0xbc, 0x9a, 0x32, 0x2d, 0xdf, 0x21, 0x6e, 0xf2, 0x48, 0xcb, 0xe7, 0x6b, 0x5a, 0xb6, 0xdd, 0x53, 0xbc, 0x36), - // tag: vec!(0x6d, 0xd9, 0x87, 0x10, 0xd8, 0xa8, 0x89, 0xdc, 0xee, 0xa0, 0xd0, 0xa9, 0x36, 0xf9, 0x86, 0x17) - // }, - // TestVector{ - // key: [0xa8, 0xb9, 0x76, 0x6f, 0x40, 0x4d, 0xea, 0x8c, 0xf7, 0xd7, 0xdf, 0xaf, 0x58, 0x22, 0xf5, 0x3d, 0xf9, 0xcc, 0xd0, 0x92, 0xe3, 0x32, 0xa5, 0x7f, 0x00, 0x7b, 0x30, 0x1b, 0x50, 0x7d, 0x5e, 0x14], - // nonce: [0xc7, 0xf2, 0xf7, 0xa2, 0x33, 0x10, 0x4a, 0x2d], - // plain_text: vec!(0x4d, 0x6f, 0xae, 0xae, 0xe3, 0x91, 0x79, 0xa7, 0xc8, 0x92, 0xfa, 0xae, 0x37, 0x19, 0x65, 0x6c, 0xc6, 0x14, 0xc7, 0xe6, 0xec, 0xd8, 0xfc, 0xb5, 0x70, 0xa3, 0xb8, 0x2c, 0x4d, 0xac, 0xe9, 0x69, 0x09, 0x03, 0x38), - // aad: vec!(0xc6, 0xd8, 0x3b, 0x6a, 0x56, 0x40, 0x8a, 0x35, 0x6e, 0x68, 0xd0, 0x49, 0x4d, 0x4e, 0xff, 0x15, 0x05, 0x30, 0xb0, 0x95, 0x51, 0xd0, 0x08, 0x37, 0x3d, 0x6d, 0xee, 0x2b, 0x8d, 0x6b, 0x56, 0x19, 0xd6, 0x7f, 0xdb), - // cipher_text: vec!(0xa1, 0x54, 0x43, 0xf0, 0x83, 0x31, 0x6e, 0xef, 0x62, 0x7a, 0x37, 0x1f, 0x4c, 0x9a, 0xc6, 0x54, 0xd0, 0xdd, 0x75, 0x25, 0x5d, 0x8a, 0x30, 0x31, 0x25, 0xe9, 0xf5, 0x1a, 0xf4, 0x23, 0x3f, 0xf4, 0xce, 0xb7, 0xfe), - // tag: vec!(0x52, 0x50, 0x4e, 0x88, 0x0f, 0x67, 0x92, 0xa6, 0x07, 0x08, 0xcc, 0x6d, 0xb7, 0x2e, 0xae, 0x42) - // }, - // TestVector{ - // key: [0x5e, 0x8d, 0x0e, 0x5f, 0x14, 0x67, 0xf7, 0xa7, 0x50, 0xc5, 0x51, 0x44, 0xd0, 0xc6, 0x70, 0xf7, 0xd9, 0x10, 0x75, 0xf3, 0x86, 0x79, 0x5b, 0x23, 0x0c, 0x9b, 0xf1, 0xc0, 0x4b, 0xa2, 0x50, 0xbc], - // nonce: [0x88, 0x04, 0x9f, 0x44, 0xba, 0x61, 0xb8, 0x8f], - // plain_text: vec!(0x51, 0xa1, 0xee, 0xbc, 0xc3, 0x48, 0xe0, 0x58, 0x21, 0x96, 0xa0, 0xbc, 0xe1, 0x6e, 0xd1, 0xf8, 0xac, 0x2e, 0x91, 0xc3, 0xe8, 0xa6, 0x90, 0xe0, 0x4a, 0x9f, 0x4b, 0x5c, 0xf6, 0x33, 0x13, 0xd7, 0xad, 0x08, 0xd1, 0xef, 0xbf, 0xf8, 0x5c, 0x89), - // aad: vec!(0x5d, 0x09, 0xbf, 0x0b, 0xe9, 0x00, 0x26, 0xf9, 0xfc, 0x51, 0xf7, 0x34, 0x18, 0xd6, 0xd8, 0x64, 0xb6, 0xd1, 0x97, 0xea, 0x03, 0x0b, 0x3d, 0xe0, 0x72, 0xbd, 0x2c, 0x2f, 0x5c, 0xab, 0x58, 0x60, 0xa3, 0x42, 0xab, 0xbd, 0x29, 0xdb, 0xa9, 0xdc), - // cipher_text: vec!(0x35, 0xaa, 0x4b, 0xd4, 0x53, 0x7a, 0xa6, 0x11, 0xfd, 0x75, 0x78, 0xfc, 0x22, 0x7d, 0xf5, 0x0e, 0xbc, 0xb0, 0x0c, 0x69, 0x2a, 0x1c, 0xf6, 0xf0, 0x2e, 0x50, 0xed, 0x92, 0x70, 0xbd, 0x93, 0xaf, 0x3b, 0xc6, 0x8f, 0x4c, 0x75, 0xb9, 0x66, 0x38), - // tag: vec!(0xcc, 0xea, 0x1c, 0xbb, 0xc8, 0x39, 0x44, 0xcc, 0x66, 0xdf, 0x4d, 0xbf, 0x6f, 0xb7, 0xfc, 0x46) - // }, - // TestVector{ - // key: [0x21, 0xa9, 0xf0, 0x7e, 0xc8, 0x91, 0xd4, 0x88, 0x80, 0x5e, 0x9b, 0x92, 0xbb, 0x1b, 0x22, 0x86, 0xf3, 0xf0, 0x41, 0x0c, 0x32, 0x3b, 0x07, 0xfe, 0xe1, 0xdc, 0x6f, 0x73, 0x79, 0xe2, 0x2e, 0x48], - // nonce: [0x06, 0x62, 0x15, 0xbe, 0x65, 0x67, 0x37, 0x7a], - // plain_text: vec!(0xc1, 0xb0, 0xaf, 0xfa, 0xf2, 0xb8, 0xd7, 0xef, 0x51, 0xcc, 0xa9, 0xaa, 0xcf, 0x79, 0x69, 0xf9, 0x2f, 0x92, 0x8c, 0x2e, 0x3c, 0xc7, 0xdb, 0x2e, 0x15, 0xf4, 0x7e, 0xe1, 0xf6, 0x50, 0x23, 0x91, 0x0d, 0x09, 0xf2, 0x09, 0xd0, 0x07, 0xb7, 0x43, 0x6e, 0xe8, 0x98, 0x13, 0x3d), - // aad: vec!(0xdf, 0xdf, 0xdf, 0x4d, 0x3a, 0x68, 0xb4, 0x7a, 0xd0, 0xd4, 0x88, 0x28, 0xdc, 0x17, 0xb2, 0x58, 0x5d, 0xa9, 0xc8, 0x1c, 0x3a, 0x8d, 0x71, 0xd8, 0x26, 0xb5, 0xfa, 0x80, 0x20, 0xfe, 0xe0, 0x02, 0x39, 0x7e, 0x91, 0xfc, 0x96, 0x58, 0xe9, 0xd6, 0x1d, 0x72, 0x8b, 0x93, 0xeb), - // cipher_text: vec!(0x8f, 0xf4, 0xce, 0xb6, 0x00, 0xe7, 0xd4, 0x56, 0x96, 0xd0, 0x24, 0x67, 0xf8, 0xe3, 0x0d, 0xf0, 0xd3, 0x38, 0x64, 0xa0, 0x40, 0xa4, 0x1f, 0xfb, 0x9e, 0x4c, 0x2d, 0xa0, 0x9b, 0x92, 0xe8, 0x8b, 0x6f, 0x6b, 0x85, 0x0e, 0x9f, 0x72, 0x58, 0xd8, 0x27, 0xb9, 0xaa, 0xf3, 0x46), - // tag: vec!(0x4e, 0xed, 0xdc, 0x99, 0x78, 0x40, 0x11, 0xf0, 0x75, 0x8b, 0xa5, 0xeb, 0xfb, 0xa6, 0x18, 0x27) - // }, - // TestVector{ - // key: [0x54, 0xc9, 0x3d, 0xb9, 0xaa, 0x0e, 0x00, 0xd1, 0x0b, 0x45, 0x04, 0x1c, 0x7a, 0x7e, 0x41, 0xee, 0x9f, 0x90, 0xab, 0x78, 0xae, 0x4c, 0x1b, 0xba, 0x18, 0xd6, 0x73, 0xc3, 0xb3, 0x70, 0xab, 0xde], - // nonce: [0x3f, 0x2d, 0x44, 0xe7, 0xb3, 0x52, 0x36, 0x0f], - // plain_text: vec!(0x12, 0x41, 0xe7, 0xd6, 0xfb, 0xe5, 0xee, 0xf5, 0xd8, 0xaf, 0x9c, 0x2f, 0xb8, 0xb5, 0x16, 0xe0, 0xf1, 0xdd, 0x49, 0xaa, 0x4e, 0xbe, 0x54, 0x91, 0x20, 0x51, 0x94, 0xfe, 0x5a, 0xea, 0x37, 0x04, 0xef, 0xaf, 0x30, 0xd3, 0x92, 0xf4, 0x4c, 0xc9, 0x9e, 0x09, 0x25, 0xb8, 0x44, 0x60, 0xd4, 0x87, 0x33, 0x44), - // aad: vec!(0xf1, 0xd1, 0xb0, 0x8d, 0xd6, 0xfe, 0x96, 0xc4, 0x65, 0x78, 0xc1, 0xd1, 0xad, 0x38, 0x88, 0x18, 0x40, 0xb1, 0x0c, 0xb5, 0xea, 0xe4, 0x1e, 0x5f, 0x05, 0xfe, 0x52, 0x87, 0x22, 0x3f, 0xa7, 0x22, 0x42, 0xae, 0xa4, 0x8c, 0xb3, 0x74, 0xa8, 0x0b, 0xe9, 0x37, 0xb5, 0x41, 0xf9, 0x38, 0x1e, 0xfa, 0x66, 0xbb), - // cipher_text: vec!(0x02, 0x7b, 0x86, 0x86, 0x5b, 0x80, 0xb4, 0xc4, 0xda, 0x82, 0x3a, 0x7d, 0x3d, 0xbc, 0xf5, 0x84, 0x5b, 0xf5, 0x7d, 0x58, 0xee, 0x33, 0x4e, 0xb3, 0x57, 0xe8, 0x23, 0x69, 0xcc, 0x62, 0x89, 0x79, 0xe2, 0x94, 0x78, 0x30, 0xd9, 0xd4, 0x81, 0x7e, 0xfd, 0x3d, 0x0b, 0xc4, 0x77, 0x9f, 0x0b, 0x38, 0x89, 0x43), - // tag: vec!(0x43, 0x03, 0xfa, 0x01, 0x74, 0xac, 0x2b, 0x99, 0x16, 0xbf, 0x89, 0xc5, 0x93, 0xba, 0xee, 0x37) - // }, - // TestVector{ - // key: [0x80, 0x8e, 0x0e, 0x73, 0xe9, 0xbc, 0xd2, 0x74, 0xd4, 0xc6, 0xf6, 0x5d, 0xf2, 0xfe, 0x95, 0x78, 0x22, 0xa6, 0x02, 0xf0, 0x39, 0xd4, 0x75, 0x26, 0x16, 0xba, 0x29, 0xa2, 0x89, 0x26, 0xef, 0x4a], - // nonce: [0x1b, 0x9c, 0xd7, 0x3d, 0x2f, 0xc3, 0xcb, 0x8e], - // plain_text: vec!(0x34, 0x36, 0xc7, 0xb5, 0xbe, 0x23, 0x94, 0xaf, 0x7e, 0x88, 0x32, 0x0c, 0x82, 0x32, 0x6a, 0x6d, 0xb3, 0x78, 0x87, 0xff, 0x9d, 0xe4, 0x19, 0x61, 0xc7, 0xd6, 0x54, 0xdd, 0x22, 0xdd, 0x1f, 0x7d, 0x40, 0x44, 0x4d, 0x48, 0xf5, 0xc6, 0x63, 0xb8, 0x6f, 0xf4, 0x1f, 0x3e, 0x15, 0xb5, 0xc8, 0xca, 0x13, 0x37, 0xf9, 0x76, 0x35, 0x85, 0x8f), - // aad: vec!(0xd5, 0x7c, 0xfb, 0xe5, 0xf2, 0x53, 0x80, 0x44, 0x28, 0x2e, 0x53, 0xb2, 0xf0, 0xbb, 0x4e, 0x86, 0xea, 0x22, 0x33, 0x04, 0x1f, 0xb3, 0x6a, 0xdb, 0x83, 0x38, 0xde, 0xd0, 0x92, 0x14, 0x8f, 0x8c, 0x2e, 0x89, 0x4e, 0xf8, 0x76, 0x6a, 0x7e, 0xc2, 0xdd, 0x02, 0xc6, 0xac, 0x5d, 0xba, 0xb0, 0xc3, 0x70, 0x3c, 0x5e, 0x91, 0x19, 0xe3, 0x7c), - // cipher_text: vec!(0x9b, 0x95, 0x0b, 0x3c, 0xaf, 0x7d, 0x25, 0xea, 0xf5, 0xfc, 0xa6, 0xfa, 0x3f, 0xe1, 0x2e, 0xd0, 0x77, 0xd8, 0x0d, 0xcd, 0x55, 0x79, 0x85, 0x12, 0x33, 0xc7, 0x66, 0xbb, 0x8b, 0xb6, 0x13, 0xec, 0x91, 0xd9, 0x25, 0xa9, 0x39, 0xbb, 0x52, 0xfb, 0x88, 0xd5, 0xed, 0xa8, 0x03, 0xcf, 0xe2, 0xa8, 0xcd, 0xa2, 0xe0, 0x55, 0xb9, 0x62, 0xfd), - // tag: vec!(0x6b, 0xf5, 0xb7, 0x18, 0xf5, 0xbb, 0xe1, 0x39, 0x5a, 0x5f, 0xdf, 0xcb, 0xbe, 0xf7, 0x52, 0xf5) - // }, - // TestVector{ - // key: [0x4a, 0xdf, 0xe1, 0xa2, 0x6c, 0x56, 0x36, 0x53, 0x6c, 0xd7, 0xcb, 0x72, 0xaa, 0x5b, 0xde, 0xd0, 0xb1, 0xaa, 0x64, 0x48, 0x7a, 0xd0, 0xe4, 0x07, 0x8f, 0x31, 0x1e, 0x87, 0x82, 0x76, 0x8e, 0x97], - // nonce: [0xd6, 0x9e, 0x54, 0xba, 0xde, 0xc1, 0x15, 0x60], - // plain_text: vec!(0x19, 0xb3, 0xf9, 0x41, 0x1c, 0xe8, 0x75, 0xfc, 0xb6, 0x84, 0xcb, 0xdc, 0x07, 0x93, 0x8c, 0x4c, 0x13, 0x47, 0xe1, 0x64, 0xf9, 0x64, 0x0d, 0x37, 0xb2, 0x2f, 0x97, 0x5b, 0x4b, 0x9a, 0x37, 0x3c, 0x43, 0x02, 0xae, 0x0e, 0x7d, 0xfd, 0xeb, 0xa1, 0xe0, 0xd0, 0x0c, 0xed, 0x44, 0x6e, 0x33, 0x8f, 0x4c, 0x5b, 0xc0, 0x1b, 0x4b, 0xec, 0xef, 0x51, 0x15, 0x82, 0x52, 0x76), - // aad: vec!(0xbd, 0xa1, 0xb0, 0xf6, 0xc2, 0xf4, 0xeb, 0x81, 0x21, 0xdc, 0xbd, 0x2e, 0xeb, 0xd9, 0x1a, 0x03, 0xae, 0x1d, 0x6e, 0x05, 0x23, 0xb9, 0xb6, 0xf3, 0x4b, 0x6f, 0x16, 0xce, 0xca, 0x0d, 0x08, 0x66, 0x54, 0xfb, 0x05, 0x52, 0xbf, 0xd5, 0xc8, 0xe1, 0x88, 0x77, 0x30, 0xe1, 0x44, 0x9e, 0xa0, 0x2d, 0x7f, 0x64, 0x7a, 0xe8, 0x35, 0xbc, 0x2d, 0xab, 0x4b, 0xbc, 0x65, 0xb9), - // cipher_text: vec!(0xea, 0x76, 0x5a, 0x82, 0x9d, 0x96, 0x1e, 0x08, 0xba, 0xca, 0xed, 0x80, 0x12, 0x37, 0xef, 0x40, 0x67, 0xdf, 0x38, 0xad, 0x37, 0x37, 0xb7, 0xc6, 0xde, 0x4d, 0xb5, 0x87, 0xa1, 0x02, 0xa8, 0x6f, 0xc4, 0xab, 0xba, 0xab, 0xea, 0x0e, 0xe9, 0x7c, 0x95, 0xca, 0x7f, 0x57, 0x1c, 0x7b, 0xab, 0x6f, 0x38, 0xcb, 0xae, 0x60, 0xcd, 0x6e, 0x6a, 0x4c, 0xe3, 0xc7, 0xa3, 0x20), - // tag: vec!(0xb4, 0x25, 0xcd, 0xf1, 0x0c, 0xd0, 0x12, 0x3a, 0x7e, 0x64, 0xb3, 0x47, 0xc6, 0xb4, 0xb1, 0xf0) - // }, - // TestVector{ - // key: [0xeb, 0x3d, 0xb8, 0x6c, 0x14, 0xb7, 0xcc, 0x2e, 0x49, 0x43, 0x45, 0xd0, 0xdf, 0xb4, 0x84, 0x1b, 0xbd, 0x3a, 0xa1, 0xe2, 0xbc, 0x64, 0x0c, 0xca, 0x0c, 0x6c, 0x40, 0x55, 0x20, 0x68, 0x56, 0x39], - // nonce: [0x88, 0xb5, 0x4b, 0x28, 0xd6, 0xda, 0x8c, 0x81], - // plain_text: vec!(0xf7, 0x5c, 0x0a, 0x35, 0x72, 0x71, 0x43, 0x0b, 0x1e, 0xcf, 0xf0, 0x7a, 0x30, 0x7b, 0x6c, 0x29, 0x32, 0x5c, 0x6e, 0x66, 0x93, 0x50, 0x46, 0x70, 0x4a, 0x19, 0x84, 0x5e, 0x62, 0x9f, 0x87, 0xa9, 0xe3, 0xb8, 0xaa, 0x6c, 0x1d, 0xf5, 0x5d, 0xd4, 0x26, 0xa4, 0x87, 0xd5, 0x33, 0xbb, 0x33, 0x3e, 0x46, 0xf0, 0xd3, 0x41, 0x84, 0x64, 0xac, 0x1b, 0xef, 0x05, 0x92, 0x31, 0xf8, 0xe8, 0x7e, 0x62, 0x84), - // aad: vec!(0x34, 0xb0, 0x8b, 0xb0, 0xdf, 0x82, 0x1c, 0x57, 0x3d, 0xcb, 0x56, 0xf5, 0xb8, 0xb4, 0xa9, 0x92, 0x04, 0x65, 0x06, 0x7f, 0x3b, 0x5b, 0xf3, 0xe3, 0x25, 0x4e, 0xa1, 0xda, 0x1a, 0x7f, 0xc9, 0x84, 0x7f, 0xd3, 0x8b, 0xdf, 0xe6, 0xb3, 0x09, 0x27, 0x94, 0x52, 0x63, 0xa9, 0x1f, 0xa2, 0x88, 0xc7, 0xcf, 0x1b, 0xee, 0x0f, 0xdd, 0xb0, 0xfa, 0xdf, 0x59, 0x48, 0xc5, 0xd8, 0x3e, 0xb4, 0x62, 0x35, 0x75), - // cipher_text: vec!(0x14, 0x6e, 0xc8, 0x4f, 0x5d, 0xc1, 0xc9, 0xfe, 0x9d, 0xe3, 0x30, 0x7a, 0x91, 0x82, 0xdb, 0xaa, 0x75, 0x96, 0x5b, 0xf8, 0x5f, 0x5e, 0x64, 0x56, 0x3e, 0x68, 0xd0, 0x39, 0xa5, 0xb6, 0x59, 0xaa, 0x88, 0x63, 0xb8, 0x92, 0x28, 0xed, 0xb9, 0x3f, 0xf3, 0xd8, 0xc3, 0x32, 0x3a, 0xb0, 0xd0, 0x33, 0x00, 0x47, 0x6a, 0xa4, 0xac, 0xa2, 0x06, 0xd4, 0x62, 0x6a, 0x6b, 0x26, 0x9b, 0x20, 0x78, 0x91, 0x2d), - // tag: vec!(0x00, 0x58, 0xa8, 0xdf, 0xf3, 0x2c, 0x29, 0x93, 0x5c, 0x62, 0x21, 0x0c, 0x35, 0x9b, 0xd2, 0x81) - // }, - // TestVector{ - // key: [0xdd, 0x5b, 0x49, 0xb5, 0x95, 0x3e, 0x04, 0xd9, 0x26, 0xd6, 0x64, 0xda, 0x3b, 0x65, 0xeb, 0xcf, 0xfb, 0xbf, 0x06, 0xab, 0xbe, 0x93, 0xa3, 0x81, 0x9d, 0xfc, 0x1a, 0xbb, 0xec, 0xba, 0xab, 0x13], - // nonce: [0xc5, 0xc8, 0x00, 0x94, 0x59, 0xb9, 0xe3, 0x1a], - // plain_text: vec!(0xf2, 0x1f, 0x67, 0x06, 0xa4, 0xdc, 0x33, 0xa3, 0x61, 0x36, 0x2c, 0x21, 0x4d, 0xef, 0xd5, 0x6d, 0x35, 0x3b, 0xcb, 0x29, 0x81, 0x1e, 0x58, 0x19, 0xab, 0x3c, 0x5c, 0x2c, 0x13, 0x95, 0x0c, 0x7a, 0xa0, 0x00, 0x0b, 0x9d, 0x1f, 0xe6, 0x9b, 0xb4, 0x64, 0x54, 0x51, 0x4d, 0xcc, 0xe8, 0x8a, 0x4a, 0x5e, 0xda, 0x09, 0x7c, 0x28, 0x1b, 0x81, 0xe5, 0x1d, 0x6a, 0x4d, 0xba, 0x47, 0xc8, 0x03, 0x26, 0xba, 0x6c, 0xea, 0x8e, 0x2b, 0xab), - // aad: vec!(0xfe, 0x6f, 0x4c, 0xbb, 0x00, 0x79, 0x4a, 0xde, 0xa5, 0x9e, 0x9d, 0xe8, 0xb0, 0x3c, 0x7f, 0xdf, 0x48, 0x2e, 0x46, 0xf6, 0xc4, 0x7a, 0x35, 0xf9, 0x69, 0x97, 0x66, 0x9c, 0x73, 0x5e, 0xd5, 0xe7, 0x29, 0xa4, 0x94, 0x16, 0xb4, 0x24, 0x68, 0x77, 0x7e, 0x6a, 0x8d, 0x7a, 0xa1, 0x73, 0xc1, 0x8b, 0x81, 0x77, 0x41, 0x8d, 0xed, 0x60, 0x01, 0x24, 0xa9, 0x8c, 0xbb, 0x65, 0x48, 0x9f, 0x9c, 0x24, 0xa0, 0x4f, 0x1e, 0x71, 0x27, 0xce), - // cipher_text: vec!(0x91, 0x1e, 0xad, 0x61, 0xb2, 0xaa, 0x81, 0xd0, 0x0c, 0x5e, 0xff, 0x53, 0xae, 0xea, 0x3a, 0xb7, 0x13, 0x70, 0x9e, 0xd5, 0x71, 0x76, 0x58, 0x90, 0xd5, 0x58, 0xfb, 0x59, 0xd3, 0x99, 0x3b, 0x45, 0xf5, 0x98, 0xa3, 0x9e, 0x5e, 0xff, 0x4b, 0xe8, 0x44, 0xc4, 0xd4, 0xbd, 0x1e, 0xf9, 0x62, 0x2e, 0x60, 0x41, 0x2b, 0x21, 0x14, 0x00, 0x07, 0xd5, 0x4d, 0xcf, 0x31, 0xb2, 0xc0, 0xe3, 0xe9, 0x8c, 0xf3, 0x3a, 0x00, 0xfd, 0x27, 0xf0), - // tag: vec!(0xd3, 0x8d, 0x67, 0x26, 0x65, 0xe2, 0xc8, 0xc4, 0xa0, 0x79, 0x54, 0xb1, 0x0e, 0xcf, 0xf7, 0xd9) - // }, - // TestVector{ - // key: [0x3b, 0x31, 0x9e, 0x40, 0x14, 0x8a, 0x67, 0xdc, 0x0b, 0xb1, 0x92, 0x71, 0xd9, 0x27, 0x2b, 0x32, 0x7b, 0xc5, 0xee, 0xe0, 0x87, 0x17, 0x3d, 0x3d, 0x13, 0x4a, 0xd5, 0x6c, 0x8c, 0x7d, 0xc0, 0x20], - // nonce: [0xce, 0x5c, 0xf6, 0xfe, 0xf8, 0x4d, 0x00, 0x10], - // plain_text: vec!(0x27, 0xb5, 0x62, 0x7b, 0x17, 0xa2, 0xde, 0x31, 0xad, 0x00, 0xfc, 0x2e, 0xcb, 0x34, 0x7d, 0xa0, 0xa3, 0x99, 0xbb, 0x75, 0xcc, 0x6e, 0xad, 0xd4, 0xd6, 0xee, 0x02, 0xde, 0x8f, 0xbd, 0x6a, 0x21, 0x68, 0xd4, 0x76, 0x3b, 0xa9, 0x36, 0x8b, 0xa9, 0x82, 0xe9, 0x7a, 0x2d, 0xb8, 0x12, 0x6d, 0xf0, 0x34, 0x3c, 0xda, 0xd0, 0x6d, 0x2b, 0xc7, 0xd7, 0xe1, 0x2e, 0xec, 0x73, 0x1d, 0x13, 0x0f, 0x8b, 0x87, 0x45, 0xc1, 0x95, 0x4b, 0xfd, 0x1d, 0x71, 0x7b, 0x4e, 0xa2), - // aad: vec!(0xa0, 0x26, 0xb6, 0x63, 0x8f, 0x29, 0x39, 0xec, 0x9c, 0xc2, 0x8d, 0x93, 0x5f, 0xb7, 0x11, 0x31, 0x57, 0xf3, 0xb5, 0xb7, 0xe2, 0x6c, 0x12, 0xf8, 0xf2, 0x5b, 0x36, 0x41, 0x2b, 0x0c, 0xd5, 0x60, 0xb7, 0xf1, 0x1b, 0x62, 0x78, 0x8a, 0x76, 0xbd, 0x17, 0x13, 0x42, 0xe2, 0xae, 0x85, 0x8b, 0xce, 0xcb, 0x82, 0x66, 0xff, 0x84, 0x82, 0xbb, 0xae, 0xd5, 0x93, 0xaf, 0xe8, 0x18, 0xb9, 0x82, 0x9e, 0x05, 0xe8, 0xe2, 0xb2, 0x81, 0xae, 0x77, 0x99, 0x58, 0x01, 0x42), - // cipher_text: vec!(0x36, 0x8f, 0xb6, 0x98, 0x92, 0x44, 0x7b, 0x75, 0x77, 0x8f, 0x1c, 0x52, 0x36, 0xe1, 0xe9, 0xd5, 0xd8, 0x92, 0x55, 0xc3, 0xd6, 0x8d, 0x56, 0x5a, 0x5b, 0xba, 0x4f, 0x52, 0x4d, 0x6a, 0xd2, 0x7d, 0xe1, 0x30, 0x87, 0xf3, 0x01, 0xe2, 0xef, 0x4c, 0x08, 0xf5, 0xe2, 0xc6, 0x12, 0x8b, 0x1d, 0x3e, 0x26, 0xde, 0x84, 0x5c, 0x4a, 0xc4, 0x86, 0x9e, 0x4c, 0x8b, 0xd8, 0x85, 0x8a, 0xd0, 0xd2, 0x6d, 0xec, 0x3b, 0x5d, 0x61, 0xa9, 0xe3, 0x66, 0x6a, 0x39, 0x11, 0xba), - // tag: vec!(0x2e, 0x70, 0x56, 0x4c, 0x39, 0x99, 0xc4, 0x48, 0xd9, 0x2c, 0xc6, 0xdf, 0x29, 0xd0, 0x95, 0xc4) - // }, - // TestVector{ - // key: [0x43, 0xbf, 0x97, 0x40, 0x7a, 0x82, 0xd0, 0xf6, 0x84, 0xbb, 0x85, 0x34, 0x23, 0x80, 0xd6, 0x6b, 0x85, 0xfc, 0xc8, 0x1c, 0x3e, 0x22, 0xf1, 0xc0, 0xd9, 0x72, 0xcd, 0x5b, 0xfd, 0xf4, 0x07, 0xf4], - // nonce: [0x8b, 0x6b, 0xa4, 0x94, 0xc5, 0x40, 0xfb, 0xa4], - // plain_text: vec!(0x4b, 0x4c, 0x7e, 0x29, 0x2a, 0x35, 0x7f, 0x56, 0xfd, 0xf5, 0x67, 0xc3, 0x2f, 0xc0, 0xf3, 0x36, 0x08, 0x11, 0x0d, 0x7c, 0xe5, 0xc6, 0x91, 0x12, 0x98, 0x7d, 0x7b, 0x5a, 0x0b, 0xd4, 0x6d, 0x86, 0x27, 0xa7, 0x21, 0xb0, 0xae, 0xd0, 0x70, 0xb5, 0x4e, 0xa9, 0x72, 0x60, 0x84, 0x18, 0x8c, 0x51, 0x8c, 0xba, 0x82, 0x9f, 0x39, 0x20, 0x36, 0x5a, 0xfc, 0x93, 0x82, 0xc6, 0xa5, 0xeb, 0x0d, 0xd3, 0x32, 0xb8, 0x46, 0x12, 0x36, 0x67, 0x35, 0xbe, 0x24, 0x79, 0xb6, 0x3c, 0x9e, 0xfc, 0x7f, 0xf5), - // aad: vec!(0x1e, 0x0a, 0xcf, 0x40, 0x70, 0xe8, 0xd6, 0x75, 0x8b, 0x60, 0xd8, 0x1b, 0x6d, 0x28, 0x9a, 0x4e, 0xcd, 0xc3, 0x0e, 0x3d, 0xe4, 0xf9, 0x09, 0x0c, 0x13, 0x69, 0x1d, 0x5b, 0x93, 0xd5, 0xbb, 0xce, 0xf9, 0x84, 0xf9, 0x09, 0x56, 0xde, 0x53, 0xc5, 0xcf, 0x44, 0xbe, 0x6c, 0x70, 0x44, 0x06, 0x61, 0xfa, 0x58, 0xe6, 0x5d, 0xec, 0x27, 0x34, 0xff, 0x51, 0xd6, 0xd0, 0x3f, 0x57, 0xbd, 0xdd, 0xa1, 0xf4, 0x78, 0x07, 0x24, 0x7e, 0x31, 0x94, 0xe2, 0xf7, 0xdd, 0xd5, 0xf3, 0xca, 0xfd, 0x25, 0x0f), - // cipher_text: vec!(0xd0, 0x07, 0x6c, 0x88, 0xad, 0x4b, 0xc1, 0x2d, 0x77, 0xeb, 0x8a, 0xe8, 0xd9, 0xb5, 0xbf, 0x3a, 0x2c, 0x58, 0x88, 0xa8, 0xd4, 0xc1, 0x52, 0x97, 0xb3, 0x8e, 0xce, 0x5d, 0x64, 0xf6, 0x73, 0x19, 0x1d, 0xc8, 0x15, 0x47, 0x24, 0x0a, 0x0c, 0xbe, 0x06, 0x6c, 0x9c, 0x56, 0x3f, 0x5c, 0x34, 0x24, 0x80, 0x99, 0x71, 0xb5, 0xa0, 0x7d, 0xcc, 0x70, 0xb1, 0x07, 0x30, 0x55, 0x61, 0xce, 0x85, 0xae, 0xcb, 0x0b, 0x0e, 0xa0, 0xe8, 0xb4, 0xff, 0x4d, 0x1e, 0x4f, 0x84, 0x83, 0x69, 0x55, 0xa9, 0x45), - // tag: vec!(0x75, 0xc9, 0x34, 0x74, 0x25, 0xb4, 0x59, 0xaf, 0x6d, 0x99, 0xb1, 0x73, 0x45, 0xc6, 0x1f, 0xf7) - // }, - // TestVector{ - // key: [0x12, 0xfc, 0x0b, 0xc9, 0x41, 0x04, 0xed, 0x81, 0x50, 0xbd, 0xe1, 0xe5, 0x68, 0x56, 0xce, 0x3c, 0x57, 0xcd, 0x1c, 0xf6, 0x33, 0x95, 0x4d, 0x22, 0x55, 0x21, 0x40, 0xe1, 0xf4, 0xe7, 0xc6, 0x5d], - // nonce: [0xd3, 0x87, 0x5d, 0x1b, 0x6c, 0x80, 0x83, 0x53], - // plain_text: vec!(0x24, 0x59, 0x20, 0x82, 0xd6, 0xe7, 0x3e, 0xb6, 0x5c, 0x40, 0x9b, 0x26, 0xce, 0xae, 0x03, 0x2e, 0x57, 0xf6, 0x87, 0x75, 0x14, 0x94, 0x7f, 0xc4, 0x5e, 0xb0, 0x07, 0xb8, 0xa6, 0x03, 0x44, 0x94, 0xdd, 0xe5, 0x56, 0x3a, 0xc5, 0x86, 0xea, 0x08, 0x1d, 0xc1, 0x2f, 0xa6, 0xcd, 0xa3, 0x22, 0x66, 0xbe, 0x85, 0x8e, 0x47, 0x48, 0xbe, 0x40, 0xbb, 0x20, 0xf7, 0x13, 0x20, 0x71, 0x1b, 0xf8, 0x4c, 0x3f, 0x0e, 0x27, 0x83, 0xa6, 0x3a, 0xd6, 0xe2, 0x5a, 0x63, 0xb4, 0x4c, 0x37, 0x3a, 0x99, 0xaf, 0x84, 0x5c, 0xdf, 0x45, 0x2c), - // aad: vec!(0xb8, 0xbe, 0x08, 0x46, 0x3e, 0x84, 0xa9, 0x09, 0xd0, 0x71, 0xf5, 0xff, 0x87, 0x21, 0x33, 0x91, 0xb7, 0xda, 0x88, 0x9d, 0xc5, 0x6f, 0xd2, 0xf1, 0xe3, 0xcf, 0x86, 0xa0, 0xa0, 0x3e, 0x2c, 0x8e, 0xaa, 0x2f, 0x53, 0x9b, 0xf7, 0x3f, 0x90, 0xf5, 0x29, 0x8c, 0x26, 0xf2, 0x7e, 0xf4, 0xa6, 0x73, 0xa1, 0x27, 0x84, 0x83, 0x3a, 0xcb, 0x4d, 0x08, 0x61, 0x56, 0x21, 0x42, 0xc9, 0x74, 0xee, 0x37, 0xb0, 0x9a, 0xe7, 0x70, 0x8a, 0x19, 0xf1, 0x4d, 0x1a, 0xd8, 0xc4, 0x02, 0xbd, 0x1e, 0xcf, 0x5e, 0xa2, 0x80, 0xfa, 0xb2, 0x80), - // cipher_text: vec!(0x9d, 0x9a, 0xe6, 0x32, 0x87, 0x11, 0xfb, 0x89, 0x7a, 0x88, 0x46, 0x2d, 0x20, 0xb8, 0xaa, 0x1b, 0x27, 0x81, 0x34, 0xcd, 0xf7, 0xb2, 0x3e, 0x1f, 0x1c, 0x80, 0x9f, 0xa4, 0x08, 0xb6, 0x8a, 0x7b, 0xfc, 0x2b, 0xe6, 0x1a, 0x79, 0x00, 0x08, 0xed, 0xaa, 0x98, 0x82, 0x33, 0x81, 0xf4, 0x5a, 0xe6, 0x5f, 0x71, 0x04, 0x26, 0x89, 0xd8, 0x8a, 0xcf, 0xa5, 0xf6, 0x33, 0x32, 0xf0, 0xfb, 0xa7, 0x37, 0xc4, 0x77, 0x2c, 0x97, 0x2e, 0xba, 0x26, 0x66, 0x40, 0x05, 0x64, 0x52, 0x90, 0x3d, 0x65, 0x22, 0xce, 0xfd, 0x3f, 0x26, 0x4e), - // tag: vec!(0xe9, 0xc9, 0x82, 0xd4, 0xad, 0xe7, 0x39, 0x7b, 0xcf, 0xaa, 0x1e, 0x4c, 0x5a, 0x6c, 0xd5, 0x78) - // }, - // TestVector{ - // key: [0x7b, 0x63, 0x00, 0xf7, 0xdc, 0x21, 0xc9, 0xfd, 0xde, 0xaa, 0x71, 0xf4, 0x39, 0xd5, 0x3b, 0x55, 0x3a, 0x7b, 0xf3, 0xe6, 0x9f, 0xf5, 0x15, 0xb5, 0xcb, 0x64, 0x95, 0xd6, 0x52, 0xa0, 0xf9, 0x9c], - // nonce: [0x40, 0xb3, 0x2e, 0x3f, 0xdc, 0x64, 0x64, 0x53], - // plain_text: vec!(0x57, 0x2f, 0x60, 0xd9, 0x8c, 0x8b, 0xec, 0xc8, 0xba, 0x80, 0xdd, 0x6b, 0x8d, 0x2d, 0x0f, 0x7b, 0x7b, 0xbf, 0xd7, 0xe4, 0xab, 0xc2, 0x35, 0xf3, 0x74, 0xab, 0xd4, 0x4d, 0x90, 0x35, 0xc7, 0x65, 0x0a, 0x79, 0xd1, 0xdd, 0x54, 0x5f, 0xa2, 0xf6, 0xfb, 0x0b, 0x5e, 0xba, 0x27, 0x17, 0x79, 0x91, 0x3e, 0x5c, 0x5e, 0xb4, 0x50, 0x52, 0x8e, 0x41, 0x28, 0x90, 0x9a, 0x96, 0xd1, 0x1a, 0x65, 0x2b, 0xf3, 0xf7, 0xae, 0x9d, 0x0d, 0x17, 0xad, 0xbf, 0x61, 0x2e, 0xc9, 0xca, 0x32, 0xe7, 0x3e, 0xf6, 0xe8, 0x7d, 0x7f, 0x4e, 0x21, 0xfe, 0x34, 0x12, 0xce, 0x14), - // aad: vec!(0x9f, 0xf3, 0x77, 0x54, 0x5a, 0x35, 0xcf, 0x1b, 0xfb, 0x77, 0xc7, 0x34, 0xad, 0x90, 0x0c, 0x70, 0x3a, 0xee, 0x6c, 0x31, 0x74, 0xfd, 0xb3, 0x73, 0x66, 0x64, 0x86, 0x30, 0x36, 0xa3, 0xa9, 0xd0, 0x91, 0x63, 0xc2, 0x99, 0x2f, 0x09, 0x3e, 0x24, 0x08, 0x91, 0x1b, 0x87, 0x51, 0xf0, 0x01, 0xe4, 0x93, 0xde, 0xcc, 0x41, 0xe4, 0xee, 0xee, 0xd0, 0x4f, 0x69, 0x8b, 0x6d, 0xae, 0xd4, 0x84, 0x52, 0xa7, 0xe1, 0xa7, 0x4e, 0xc3, 0xb4, 0xf3, 0xdc, 0xf2, 0x15, 0x1c, 0xa2, 0x49, 0xfa, 0x56, 0x8a, 0xa0, 0x84, 0xc8, 0x42, 0x8a, 0x41, 0xf2, 0x0b, 0xe5, 0xfd), - // cipher_text: vec!(0x22, 0x9d, 0xa7, 0x68, 0x44, 0x42, 0x66, 0x39, 0xe2, 0xfd, 0x3e, 0xf2, 0x53, 0xa1, 0x95, 0xe0, 0xa9, 0x3f, 0x08, 0x45, 0x2b, 0xa3, 0x72, 0x19, 0xb6, 0x77, 0x3f, 0x10, 0x31, 0x34, 0xf3, 0xf8, 0x7b, 0x13, 0x45, 0xf9, 0xb4, 0xbf, 0x8c, 0xfc, 0x11, 0x27, 0x7c, 0x31, 0x17, 0x80, 0xa2, 0xb6, 0xe1, 0x9a, 0x36, 0x3b, 0x6a, 0xc2, 0xef, 0xe6, 0xc4, 0xcc, 0x54, 0xa3, 0x9b, 0x14, 0x4e, 0x29, 0xc9, 0x4b, 0x9e, 0xbb, 0xde, 0x6f, 0xd0, 0x94, 0xc3, 0x0f, 0x59, 0xd1, 0xb7, 0x70, 0xeb, 0xf9, 0xfc, 0xad, 0x2a, 0x5c, 0x69, 0x5d, 0xc0, 0x03, 0xbf, 0x51), - // tag: vec!(0xb7, 0x2a, 0xca, 0xb5, 0x01, 0x31, 0xa2, 0x95, 0x58, 0xd5, 0x6a, 0xe7, 0xb9, 0xd4, 0x8e, 0x4e) - // }, - // TestVector{ - // key: [0x4a, 0xeb, 0x62, 0xf0, 0x24, 0xe1, 0x87, 0x60, 0x6e, 0xe7, 0xcc, 0x9f, 0x58, 0x65, 0xc3, 0x91, 0xc4, 0x3d, 0xf1, 0x96, 0x3f, 0x45, 0x9c, 0x87, 0xba, 0x00, 0xe4, 0x4b, 0xb1, 0x63, 0xa8, 0x66], - // nonce: [0x95, 0x59, 0xbd, 0x08, 0x71, 0x8b, 0x75, 0xaf], - // plain_text: vec!(0xc5, 0xd5, 0x86, 0xce, 0xec, 0xe6, 0xf4, 0x18, 0x12, 0xc9, 0x69, 0xbc, 0xf1, 0xe7, 0x27, 0xfe, 0x6f, 0xf8, 0xd1, 0xae, 0x8c, 0x8c, 0x52, 0x36, 0x7c, 0x61, 0x2c, 0xaa, 0x7c, 0xdf, 0x50, 0xe0, 0x66, 0x2f, 0x5d, 0xff, 0xc5, 0xea, 0x7d, 0x3c, 0xc3, 0x94, 0x00, 0xdf, 0xe3, 0xdc, 0x18, 0x97, 0x90, 0x5f, 0x64, 0x90, 0xfd, 0x77, 0x47, 0xb5, 0xf5, 0xf9, 0x84, 0x27, 0x39, 0xc6, 0x7d, 0x07, 0xce, 0x7c, 0x33, 0x9a, 0x5b, 0x39, 0x97, 0xa7, 0xfb, 0x4c, 0xd0, 0xd8, 0xe4, 0x81, 0x7f, 0xf8, 0x91, 0x6b, 0x25, 0x1c, 0x11, 0xef, 0x91, 0x91, 0x67, 0xf8, 0x58, 0xe4, 0x15, 0x04, 0xb9), - // aad: vec!(0x51, 0xf5, 0xb5, 0x03, 0xb7, 0x3a, 0x5d, 0xe8, 0xb9, 0x65, 0x34, 0xc2, 0xa3, 0xf2, 0xd8, 0x59, 0xec, 0xe0, 0xbd, 0x06, 0x3e, 0xa6, 0xdf, 0xa4, 0x86, 0xa7, 0xee, 0xc9, 0x9f, 0x6c, 0x02, 0x09, 0x83, 0xf7, 0x14, 0x8c, 0xcc, 0xb8, 0x62, 0x02, 0xcf, 0x96, 0x85, 0xcc, 0x1c, 0xc2, 0x66, 0x93, 0x0f, 0x04, 0xe5, 0x36, 0xad, 0x8b, 0xc2, 0x60, 0x94, 0x25, 0x2b, 0xaa, 0x46, 0x06, 0xd8, 0x83, 0xbd, 0x2a, 0xee, 0xd6, 0xb4, 0x30, 0x15, 0x22, 0x02, 0xe9, 0xb6, 0xcc, 0x79, 0x7f, 0xf2, 0x4f, 0xc3, 0x65, 0x31, 0x5e, 0xd6, 0x73, 0x91, 0x37, 0x4c, 0x13, 0x57, 0xc9, 0xa8, 0x45, 0xf2), - // cipher_text: vec!(0x25, 0x2e, 0xa4, 0x2b, 0x6e, 0x57, 0x40, 0x30, 0x68, 0x16, 0x97, 0x4a, 0x4f, 0xe6, 0x7b, 0x66, 0xe7, 0x93, 0xeb, 0xe0, 0x91, 0x47, 0x78, 0xef, 0x48, 0x5d, 0x55, 0x28, 0x8e, 0xb6, 0xc9, 0xc4, 0x5f, 0xa3, 0x4a, 0xc8, 0x53, 0xdc, 0x7a, 0x39, 0x25, 0x25, 0x20, 0x51, 0x4c, 0x3c, 0xb3, 0x4c, 0x72, 0xb9, 0x73, 0xb1, 0x4b, 0x32, 0xbc, 0x25, 0x76, 0x87, 0xd3, 0x98, 0xf3, 0x6f, 0x64, 0xcc, 0x2a, 0x66, 0x8f, 0xaf, 0xfa, 0x73, 0x05, 0xab, 0x24, 0x01, 0x71, 0x34, 0x3b, 0x5f, 0x9f, 0x49, 0xb6, 0xc2, 0x19, 0x7e, 0x4f, 0xbe, 0x18, 0x7b, 0x10, 0x54, 0x0d, 0x7c, 0xdc, 0xfa, 0x37), - // tag: vec!(0x71, 0x1f, 0xf3, 0x3e, 0xf8, 0xd2, 0xb0, 0x67, 0xa1, 0xb8, 0x5c, 0x64, 0xf3, 0x2f, 0x18, 0x14) - // }, - // TestVector{ - // key: [0x9a, 0x19, 0xe7, 0x2f, 0x00, 0x5c, 0xae, 0x1a, 0xe7, 0x8b, 0x8e, 0x35, 0x0d, 0x7a, 0xab, 0xe5, 0x9f, 0xc8, 0x84, 0x59, 0x99, 0xe8, 0xc5, 0x2f, 0xad, 0x54, 0x5b, 0x94, 0x2c, 0x22, 0x5e, 0xaf], - // nonce: [0xd9, 0xda, 0xe2, 0xea, 0x8d, 0x2f, 0xfc, 0x31], - // plain_text: vec!(0x21, 0x10, 0x37, 0x8d, 0x85, 0x6d, 0xed, 0x07, 0xeb, 0x2b, 0xe8, 0xe8, 0xf4, 0x33, 0x08, 0xe0, 0xc7, 0x5b, 0xc8, 0xa3, 0xfc, 0xc7, 0xb1, 0x77, 0x3b, 0x07, 0x25, 0xb7, 0xde, 0x49, 0xf6, 0xa1, 0x66, 0xc4, 0x52, 0x8e, 0x64, 0x12, 0x0b, 0xdf, 0x7c, 0x97, 0x76, 0x61, 0x5d, 0x3c, 0xe6, 0xfe, 0xeb, 0x03, 0xde, 0x96, 0x4a, 0x7b, 0x91, 0x92, 0x06, 0xa7, 0x73, 0x92, 0xf8, 0x04, 0x37, 0xfa, 0xce, 0xb6, 0x74, 0x58, 0x45, 0xca, 0xfc, 0x16, 0x6e, 0x1c, 0x13, 0xb6, 0x8e, 0x70, 0xca, 0x2a, 0x1d, 0x00, 0xc7, 0x17, 0x37, 0xb8, 0xfc, 0xbb, 0xbd, 0x50, 0x90, 0x25, 0x65, 0xc3, 0x21, 0x59, 0xe0, 0x5f, 0xcd, 0x23), - // aad: vec!(0x1c, 0xd7, 0x3b, 0x72, 0xc4, 0xe1, 0x03, 0xaf, 0xbe, 0xfd, 0x7c, 0x77, 0x7e, 0x04, 0x80, 0xf3, 0xf5, 0xe6, 0x8c, 0x60, 0xb8, 0x5b, 0xd2, 0xe7, 0x1e, 0xf5, 0xca, 0xeb, 0xb1, 0x75, 0xd7, 0xfc, 0x65, 0x35, 0xd3, 0x9f, 0x38, 0xf9, 0x2c, 0x24, 0xf2, 0xeb, 0x0f, 0xe9, 0x7d, 0x87, 0x8e, 0xd3, 0xd5, 0x96, 0x7c, 0x0b, 0xb4, 0x39, 0x4a, 0x5d, 0x41, 0xf7, 0xd3, 0x4c, 0xda, 0x6e, 0x15, 0x23, 0xd3, 0x84, 0x8f, 0x04, 0x9c, 0xde, 0x55, 0x4a, 0x7d, 0x31, 0xe1, 0xaf, 0xea, 0xb5, 0xd3, 0xe6, 0x15, 0x0f, 0x85, 0x85, 0x83, 0x35, 0xcb, 0xd2, 0x8c, 0x8a, 0x7f, 0x87, 0xd5, 0x28, 0x05, 0x8d, 0xf5, 0x0e, 0xea, 0x06), - // cipher_text: vec!(0x5f, 0x00, 0x9f, 0xbc, 0xe4, 0xec, 0x8e, 0x4c, 0xa9, 0xd8, 0xd4, 0x22, 0x58, 0xb1, 0xa3, 0xe4, 0xe9, 0x20, 0xb2, 0xfb, 0xad, 0x33, 0xd5, 0xe9, 0xf0, 0x75, 0x57, 0xd9, 0x59, 0x5e, 0x84, 0x10, 0x25, 0x19, 0x3b, 0x52, 0x1b, 0xa4, 0x40, 0x11, 0x0d, 0xd8, 0x39, 0x58, 0xe8, 0xee, 0x30, 0x21, 0x9d, 0x95, 0x2b, 0x41, 0x8e, 0x98, 0xa6, 0xc6, 0x24, 0x89, 0x4a, 0xa2, 0x48, 0xae, 0xdc, 0x06, 0x78, 0xf2, 0xd2, 0x63, 0xe7, 0xbf, 0xaf, 0x54, 0xca, 0x37, 0x9f, 0xef, 0x6c, 0x5d, 0x2f, 0x7a, 0xc4, 0x22, 0xea, 0x4b, 0x43, 0x69, 0x40, 0x8b, 0x82, 0xd6, 0x22, 0x5a, 0x7a, 0x2c, 0xf9, 0xa9, 0xf4, 0x6f, 0xd4, 0xef), - // tag: vec!(0xaa, 0x0a, 0x5f, 0xa7, 0xd3, 0xcf, 0x71, 0x7a, 0x47, 0x04, 0xa5, 0x99, 0x73, 0xb1, 0xcd, 0x15) - // }, - // TestVector{ - // key: [0xba, 0x1d, 0x0b, 0x33, 0x29, 0xec, 0xc0, 0x09, 0xf1, 0xda, 0x0f, 0xab, 0x4c, 0x85, 0x4b, 0x00, 0xad, 0x94, 0x48, 0x70, 0xfd, 0xca, 0x56, 0x18, 0x38, 0xe3, 0x8b, 0xad, 0x36, 0x4d, 0xa5, 0x07], - // nonce: [0x8a, 0x81, 0xc9, 0x2b, 0x37, 0x22, 0x1f, 0x2f], - // plain_text: vec!(0x62, 0x89, 0x94, 0x4f, 0xfa, 0x3c, 0xce, 0xa4, 0xbf, 0x25, 0xcd, 0x60, 0x1b, 0x27, 0x1f, 0x64, 0xe6, 0xde, 0xb0, 0xeb, 0xa7, 0x7d, 0x65, 0xef, 0xb4, 0xd6, 0x9c, 0xa9, 0x3e, 0x01, 0x99, 0x6e, 0x47, 0x27, 0x16, 0x8b, 0x6f, 0x74, 0xf3, 0xcc, 0xf1, 0x7b, 0xd4, 0x47, 0x15, 0xf2, 0x3c, 0xeb, 0x8f, 0xc0, 0x30, 0xc0, 0xe0, 0x35, 0xe7, 0x7f, 0x53, 0x26, 0x3d, 0xb0, 0x25, 0x02, 0x1f, 0xd2, 0xd0, 0x4b, 0x87, 0xa1, 0xb5, 0x4b, 0x12, 0x22, 0x9c, 0x5e, 0x86, 0x04, 0x81, 0x45, 0x2a, 0x80, 0xa1, 0x25, 0xcb, 0x06, 0x93, 0xa2, 0xba, 0x1b, 0x47, 0xe2, 0x8e, 0xe7, 0xcb, 0xaf, 0x9e, 0x68, 0x3c, 0x17, 0x82, 0x32, 0xc7, 0xf6, 0xd3, 0x4f, 0x97), - // aad: vec!(0xe5, 0x78, 0x83, 0x96, 0x1b, 0x8d, 0x04, 0x1d, 0x9b, 0x9e, 0xea, 0xdd, 0xcf, 0xd6, 0x1f, 0xa9, 0xf5, 0x92, 0x13, 0xf6, 0x65, 0x71, 0xfa, 0xdf, 0xff, 0xfd, 0xd1, 0x49, 0x8b, 0x9b, 0x01, 0x4f, 0x1e, 0xf2, 0xe7, 0xe5, 0x6c, 0x30, 0x44, 0xd7, 0xf9, 0xfa, 0x7a, 0x14, 0x03, 0xa1, 0x16, 0x9e, 0x86, 0x43, 0x0a, 0x2a, 0x78, 0x21, 0x37, 0x09, 0x3f, 0x54, 0x56, 0xe1, 0x42, 0xaa, 0xd0, 0x3a, 0x5f, 0x7a, 0x66, 0xd3, 0x80, 0x09, 0xdd, 0x01, 0xb7, 0xfc, 0x02, 0xc9, 0xcf, 0x61, 0x64, 0x2d, 0xed, 0xaf, 0x7c, 0xc8, 0xd4, 0x60, 0x66, 0xc2, 0x81, 0xee, 0x17, 0x78, 0x06, 0x74, 0xc3, 0xa3, 0x6e, 0xae, 0x66, 0xc5, 0x8d, 0x2d, 0x76, 0x50, 0x75), - // cipher_text: vec!(0x9c, 0x44, 0xd9, 0x13, 0x5d, 0xb0, 0xdb, 0xf8, 0x1c, 0x86, 0x2c, 0x1f, 0x69, 0xbe, 0xc5, 0x5a, 0x27, 0x97, 0x94, 0xcd, 0xd2, 0x9a, 0x58, 0xe6, 0x19, 0x09, 0xaa, 0x29, 0xec, 0x4c, 0x12, 0x0c, 0x9c, 0x5a, 0x50, 0x8d, 0x85, 0x6b, 0x9e, 0x56, 0x13, 0x80, 0x95, 0x71, 0x4a, 0x4b, 0xb5, 0x84, 0x02, 0xa1, 0xad, 0x06, 0x77, 0x4c, 0xf4, 0xec, 0xdf, 0x22, 0x73, 0x83, 0x9c, 0x00, 0x07, 0xcb, 0x88, 0xb5, 0x44, 0x4b, 0x25, 0xc7, 0x6f, 0x6d, 0x24, 0x24, 0x28, 0x11, 0x01, 0xd0, 0x43, 0xfc, 0x63, 0x69, 0xeb, 0xb3, 0xb2, 0xff, 0x63, 0xcd, 0xb0, 0xf1, 0x1a, 0x6e, 0xa1, 0xb8, 0xa7, 0xda, 0xfc, 0x80, 0xcd, 0xae, 0xf2, 0x81, 0x3f, 0xa6, 0x61), - // tag: vec!(0x65, 0xc7, 0x46, 0xf6, 0x59, 0xbc, 0xbd, 0xcd, 0x05, 0x4e, 0x76, 0x8c, 0x57, 0xc8, 0x48, 0xc9) - // }, - // TestVector{ - // key: [0x0c, 0xf8, 0xc7, 0x3a, 0x6c, 0xff, 0xc1, 0xb8, 0xb2, 0xf5, 0xd3, 0x20, 0xda, 0x1d, 0x85, 0x9d, 0x31, 0x43, 0x74, 0xe4, 0xa9, 0x46, 0x8d, 0xb7, 0xfd, 0x42, 0xc8, 0xd2, 0x70, 0xb7, 0x61, 0x3a], - // nonce: [0x3c, 0x4c, 0x6f, 0x02, 0x81, 0x84, 0x1a, 0xff], - // plain_text: vec!(0x44, 0x34, 0x72, 0x8d, 0x23, 0x46, 0x03, 0xc9, 0x16, 0xe2, 0xfa, 0xa0, 0x6b, 0x25, 0xd8, 0x3b, 0xad, 0x33, 0x48, 0x99, 0x0e, 0xcd, 0xe2, 0x34, 0x43, 0x68, 0xd1, 0xa7, 0xaf, 0x13, 0x09, 0xbd, 0x04, 0x25, 0x1b, 0xb2, 0xe0, 0xb7, 0x20, 0x44, 0x94, 0x8f, 0x8d, 0xea, 0x33, 0xcc, 0xe2, 0x61, 0x82, 0x83, 0xb6, 0xaf, 0x74, 0x20, 0x73, 0xa9, 0x58, 0x6b, 0x26, 0xc1, 0x08, 0x93, 0x35, 0xfe, 0x73, 0x51, 0x41, 0xe0, 0x99, 0x78, 0x5a, 0x12, 0x35, 0x81, 0x0a, 0x3a, 0x67, 0xff, 0x30, 0x9e, 0x2f, 0x0c, 0xe6, 0x82, 0x20, 0xba, 0x00, 0x77, 0xad, 0x1a, 0x5d, 0xc1, 0xa4, 0xae, 0xf8, 0x98, 0xa3, 0xb9, 0xff, 0x8f, 0x5a, 0xd7, 0xfe, 0x60, 0x14, 0x9b, 0xd0, 0xbd, 0x6d, 0x83), - // aad: vec!(0xa3, 0x8d, 0x09, 0xa4, 0xf1, 0xc9, 0x24, 0x16, 0x23, 0xc6, 0x39, 0xb7, 0x68, 0x8d, 0x8d, 0x35, 0x34, 0x5e, 0xa5, 0x82, 0x40, 0x80, 0xc9, 0xd7, 0x4e, 0x43, 0x52, 0x91, 0x9d, 0xb6, 0x3c, 0x74, 0xd3, 0x18, 0xf1, 0x9e, 0x1c, 0xbb, 0x9b, 0x14, 0xee, 0xbd, 0x7c, 0x74, 0xb0, 0xad, 0x01, 0x19, 0x24, 0x76, 0x51, 0x91, 0x1f, 0x35, 0x51, 0x58, 0x3e, 0x74, 0x9e, 0xa5, 0x0f, 0xf6, 0x48, 0x85, 0x8d, 0xca, 0xaa, 0x78, 0x9b, 0x74, 0x19, 0xd9, 0xe9, 0x3a, 0x5b, 0xf6, 0xc8, 0x16, 0x71, 0x88, 0xdb, 0xac, 0x2f, 0x36, 0x80, 0x43, 0x80, 0xdb, 0x32, 0x52, 0x01, 0x98, 0x2b, 0x8b, 0x06, 0x59, 0x7e, 0xfe, 0xb7, 0x68, 0x45, 0x46, 0xb2, 0x72, 0x64, 0x29, 0x41, 0x59, 0x1e, 0x92), - // cipher_text: vec!(0xbd, 0xfb, 0xfe, 0xa2, 0x61, 0xb1, 0xf4, 0xc1, 0x34, 0x44, 0x53, 0x21, 0xdb, 0x9e, 0x6e, 0x40, 0x47, 0x6e, 0x2d, 0xd2, 0xf4, 0xe4, 0xdb, 0xe8, 0x6e, 0x31, 0xd6, 0xa1, 0x16, 0xd2, 0x58, 0x30, 0x76, 0x2e, 0x06, 0x5b, 0x07, 0xb1, 0x1a, 0x37, 0x99, 0xaa, 0xb9, 0x3a, 0x94, 0xb4, 0xf9, 0x8c, 0x31, 0xc0, 0xfa, 0xeb, 0x77, 0xec, 0x52, 0xc0, 0x20, 0x48, 0xe9, 0x57, 0x92, 0x57, 0xe6, 0x7f, 0x5a, 0x6b, 0xae, 0x9b, 0xc6, 0x52, 0x10, 0xc2, 0x5b, 0x37, 0xfc, 0x16, 0xee, 0x93, 0xbd, 0xa8, 0x8f, 0xd5, 0xf3, 0x0a, 0x53, 0x3e, 0x47, 0x0b, 0x61, 0x88, 0xc6, 0xce, 0x57, 0x39, 0xfa, 0x3e, 0x90, 0xf7, 0x71, 0x20, 0xb4, 0x90, 0xfc, 0x10, 0x27, 0x96, 0x4f, 0x27, 0x7f, 0x40), - // tag: vec!(0x49, 0x93, 0xee, 0x95, 0x82, 0xf5, 0x8e, 0xab, 0xdb, 0x26, 0xb9, 0x8c, 0x4d, 0x56, 0xa2, 0x44) - // }, - // TestVector{ - // key: [0x69, 0xf4, 0xe5, 0x78, 0x8d, 0x48, 0x6a, 0x75, 0xad, 0xf9, 0x20, 0x7d, 0xf1, 0xbd, 0x26, 0x2d, 0xd2, 0xfe, 0x3d, 0xd3, 0xa0, 0x23, 0x64, 0x20, 0x39, 0x0d, 0x16, 0xe2, 0xa3, 0x04, 0x04, 0x66], - // nonce: [0x62, 0x55, 0xbf, 0x5c, 0x71, 0xbb, 0x27, 0xd1], - // plain_text: vec!(0xc1, 0x50, 0x48, 0xca, 0x29, 0x41, 0xef, 0x96, 0x00, 0xe7, 0x67, 0xa5, 0x04, 0x5a, 0xa9, 0x8a, 0xc6, 0x15, 0x22, 0x5b, 0x80, 0x5a, 0x9f, 0xbd, 0xa3, 0xac, 0x63, 0x01, 0xcd, 0x5a, 0x66, 0xae, 0xf6, 0x11, 0x40, 0x0f, 0xa3, 0xbc, 0x04, 0x83, 0x8e, 0xad, 0x99, 0x24, 0xd3, 0x82, 0xbe, 0xf8, 0x25, 0x1a, 0x47, 0xf1, 0xe4, 0x87, 0xd2, 0xf3, 0xca, 0x4b, 0xcc, 0xd3, 0x47, 0x6a, 0x6c, 0xa7, 0xf1, 0x3e, 0x94, 0xfd, 0x63, 0x9a, 0x25, 0x9e, 0xf2, 0x3c, 0xc2, 0xf8, 0xb8, 0xd2, 0x48, 0xa4, 0x71, 0xd3, 0x0a, 0xc9, 0x21, 0x96, 0x31, 0xc3, 0xe6, 0x98, 0x51, 0x00, 0xdc, 0x45, 0xe0, 0xb5, 0x9b, 0x8f, 0xc6, 0x20, 0x46, 0x30, 0x91, 0x65, 0xdd, 0xb6, 0xf0, 0x92, 0xda, 0x3a, 0x4f, 0x06, 0x7c, 0x8a, 0x44), - // aad: vec!(0x0c, 0x83, 0x03, 0x95, 0x04, 0xc8, 0x46, 0x4b, 0x49, 0xd6, 0x3b, 0x7f, 0x94, 0x48, 0x02, 0xf0, 0xd3, 0x9c, 0x85, 0xe9, 0xf3, 0x74, 0x5e, 0x25, 0x0f, 0x10, 0x11, 0x9f, 0xa2, 0xc9, 0x60, 0x49, 0x0f, 0x75, 0xae, 0x4d, 0xce, 0xd8, 0x50, 0x3b, 0x15, 0x6d, 0x07, 0x2a, 0x69, 0xf2, 0x04, 0x00, 0xe9, 0x49, 0x4a, 0xb2, 0xfa, 0x58, 0x44, 0x6c, 0x25, 0x5d, 0x82, 0xff, 0x0b, 0xe4, 0xb7, 0xe4, 0x30, 0x46, 0x58, 0x0b, 0xc1, 0xcf, 0x34, 0x06, 0x0c, 0x6f, 0x07, 0x6c, 0x72, 0xea, 0x45, 0x5c, 0x36, 0x87, 0x38, 0x1a, 0x3b, 0x90, 0x8e, 0x15, 0x2b, 0x10, 0xc9, 0x5c, 0x7b, 0x94, 0x15, 0x5b, 0x0b, 0x4b, 0x30, 0x3b, 0x77, 0x64, 0xa8, 0xa2, 0x7d, 0x1d, 0xb0, 0xa8, 0x85, 0xf1, 0x04, 0x0d, 0x5d, 0xbc, 0xc3), - // cipher_text: vec!(0xf0, 0xbb, 0x2b, 0x73, 0xd9, 0x4f, 0x2a, 0x7c, 0xef, 0x70, 0xfe, 0x77, 0xe0, 0x54, 0xf2, 0x06, 0x99, 0x8e, 0xac, 0xf2, 0xb8, 0x6c, 0x05, 0xc4, 0xfa, 0x3f, 0x40, 0xf2, 0xb8, 0xce, 0xbf, 0x03, 0x4f, 0xe1, 0x7b, 0xcb, 0xee, 0x4d, 0xea, 0x82, 0x1f, 0x51, 0xc1, 0x8c, 0x0a, 0xa8, 0x5b, 0x16, 0x0f, 0x85, 0x08, 0xbd, 0x1d, 0xc4, 0x55, 0xcc, 0x7f, 0x49, 0x66, 0x8b, 0x1f, 0xb2, 0x55, 0x57, 0xcd, 0xae, 0x14, 0x7b, 0xf2, 0x39, 0x9e, 0x07, 0xfc, 0xac, 0xac, 0xa1, 0x8e, 0xcc, 0xde, 0xd7, 0x41, 0xe0, 0x26, 0xef, 0x25, 0x36, 0x5a, 0x6b, 0x0f, 0x44, 0xa6, 0xb3, 0xdd, 0x97, 0x5e, 0xe6, 0xbb, 0x58, 0x0f, 0x5f, 0xcc, 0xd0, 0x40, 0xb7, 0x3c, 0x18, 0xb0, 0xfb, 0xf8, 0xf6, 0x31, 0x99, 0xba, 0x10, 0xfe), - // tag: vec!(0x42, 0x36, 0xa8, 0x75, 0x0f, 0x0c, 0xaf, 0xee, 0x3c, 0x4a, 0x06, 0xa5, 0x77, 0xa8, 0x5c, 0xb3) - // }, - // TestVector{ - // key: [0xad, 0x7b, 0x94, 0x09, 0x14, 0x7a, 0x89, 0x66, 0x48, 0xa2, 0xa2, 0xfe, 0x21, 0x28, 0xf7, 0x90, 0x22, 0xa7, 0x0d, 0x96, 0xdc, 0x48, 0x27, 0x30, 0xcd, 0x85, 0xc7, 0x0d, 0xb4, 0x92, 0xb6, 0x38], - // nonce: [0xa2, 0x8a, 0x6d, 0xed, 0xf3, 0xf2, 0xb0, 0x1a], - // plain_text: vec!(0x79, 0x1d, 0x29, 0x3f, 0xf0, 0xa3, 0xb8, 0x51, 0x0b, 0x4d, 0x49, 0x4b, 0x30, 0xf5, 0x0b, 0x38, 0xa0, 0x16, 0x38, 0xbf, 0x13, 0x0e, 0x58, 0xc7, 0x60, 0x19, 0x04, 0xf1, 0x2c, 0xb8, 0x90, 0x08, 0x71, 0xe8, 0xcf, 0x3d, 0x50, 0xab, 0xd4, 0xd3, 0x4f, 0xda, 0x12, 0x2c, 0x76, 0xdf, 0xee, 0x5b, 0x7f, 0x82, 0xcd, 0x6e, 0x85, 0x90, 0x64, 0x75, 0x35, 0xc9, 0x15, 0xae, 0x08, 0x71, 0x4e, 0x42, 0x7d, 0xa5, 0x2f, 0x80, 0xae, 0xf0, 0x9f, 0x40, 0x04, 0x00, 0x36, 0x03, 0x4c, 0xa5, 0x27, 0x18, 0xea, 0x68, 0x31, 0x3c, 0x53, 0x4e, 0x7a, 0x04, 0x5c, 0xd5, 0x17, 0x45, 0xec, 0x52, 0xf2, 0xe1, 0xb5, 0x94, 0x63, 0xdb, 0x07, 0xde, 0x7c, 0xa4, 0x01, 0xc6, 0xf6, 0x45, 0x38, 0x41, 0xd2, 0x47, 0xf3, 0x70, 0x34, 0x1b, 0x2d, 0xbc, 0x12, 0x12), - // aad: vec!(0x9a, 0x6d, 0xef, 0xdd, 0xb9, 0xb8, 0xd5, 0xc2, 0x4a, 0x26, 0xdd, 0x80, 0x96, 0xf5, 0xb8, 0xc3, 0xaf, 0x7a, 0x89, 0xe1, 0xf7, 0xd8, 0x86, 0xf5, 0x60, 0xfa, 0xbb, 0xe6, 0x4f, 0x14, 0xdb, 0x83, 0x8d, 0x6e, 0xb9, 0xd6, 0x87, 0x9f, 0x4f, 0x0b, 0x76, 0x9f, 0xe1, 0xf9, 0xee, 0xbf, 0x67, 0xfc, 0xd4, 0x7b, 0x6f, 0x9c, 0xeb, 0x48, 0x40, 0xb2, 0xdb, 0xa7, 0x58, 0x7e, 0x98, 0xdc, 0x5c, 0xae, 0x18, 0x6e, 0xf2, 0xa0, 0xf8, 0x60, 0x10, 0x60, 0xe8, 0x05, 0x8d, 0x9d, 0xda, 0x81, 0x2d, 0x91, 0x38, 0x7c, 0x58, 0x3d, 0xa7, 0x01, 0xd2, 0xba, 0x33, 0x47, 0xf2, 0x85, 0xc5, 0xd4, 0x43, 0x85, 0xa2, 0xb0, 0xbf, 0x07, 0x15, 0x0c, 0xbc, 0x95, 0xe7, 0xfc, 0xfa, 0x8a, 0xe0, 0x71, 0x32, 0x84, 0x9a, 0x02, 0x3c, 0x98, 0x81, 0x7c, 0x03, 0xd2), - // cipher_text: vec!(0xc2, 0xf1, 0x09, 0xd6, 0xd9, 0x4f, 0x77, 0xa7, 0x28, 0x9c, 0x8a, 0x2a, 0xb3, 0x3b, 0xc6, 0xa9, 0x8d, 0x97, 0x65, 0x54, 0x72, 0x1b, 0x0c, 0x72, 0x6c, 0xbf, 0x41, 0x21, 0x06, 0x94, 0x73, 0xe6, 0x2b, 0xa3, 0x6e, 0x70, 0x90, 0xe0, 0x24, 0x14, 0xf3, 0xed, 0xc2, 0x5c, 0x5d, 0x83, 0xac, 0x80, 0xb4, 0x9a, 0xd5, 0x28, 0xcd, 0xa1, 0xe3, 0xad, 0x81, 0x5b, 0x5a, 0x8c, 0x8a, 0xe9, 0xad, 0x07, 0x53, 0xde, 0x72, 0x53, 0x19, 0xdf, 0x23, 0x69, 0x83, 0xab, 0xd3, 0xf6, 0x9a, 0xb4, 0x46, 0x5d, 0x9b, 0x80, 0x6c, 0x07, 0x5b, 0x18, 0x96, 0xd4, 0x0b, 0xdb, 0xa7, 0x2d, 0x73, 0xba, 0x84, 0xc4, 0xa5, 0x30, 0x89, 0x6e, 0xb9, 0x4f, 0xfc, 0xcf, 0x5f, 0xb6, 0x7e, 0xb5, 0x91, 0x19, 0xe6, 0x6a, 0x18, 0x61, 0x87, 0x22, 0x18, 0xf9, 0x28, 0xcf), - // tag: vec!(0xe4, 0x8d, 0xc0, 0x15, 0x3d, 0x5b, 0x0f, 0x7e, 0xdb, 0x76, 0xfc, 0x97, 0xa0, 0x22, 0x49, 0x87) - // }, - // TestVector{ - // key: [0x48, 0x47, 0x0d, 0xa9, 0x82, 0x28, 0xc9, 0xb5, 0x3f, 0x58, 0x74, 0x76, 0x73, 0x50, 0x4f, 0x74, 0xca, 0x17, 0x37, 0xd7, 0xd4, 0xbb, 0x6d, 0xbf, 0x7c, 0x0c, 0xba, 0x6c, 0xa4, 0x2f, 0x80, 0xb9], - // nonce: [0x56, 0xfb, 0x49, 0x23, 0xa9, 0x7e, 0x93, 0x20], - // plain_text: vec!(0xbc, 0x66, 0x26, 0xd6, 0x51, 0xe2, 0xb2, 0x37, 0xf2, 0x2e, 0xe5, 0x16, 0x08, 0xdd, 0xcf, 0xfe, 0xba, 0x5f, 0x31, 0xc2, 0x6d, 0xf7, 0x2f, 0x44, 0x3f, 0x70, 0x1f, 0x2b, 0x08, 0x5d, 0x6f, 0x34, 0xf8, 0x06, 0xe2, 0x96, 0x73, 0x58, 0x4c, 0xb2, 0x15, 0x22, 0x17, 0x9e, 0xdb, 0x62, 0xa8, 0x24, 0x27, 0xd9, 0x46, 0xac, 0xab, 0xce, 0x06, 0x5b, 0x88, 0xb2, 0x87, 0x8e, 0x9e, 0xb8, 0x7e, 0xd1, 0x00, 0x4e, 0x55, 0xef, 0x58, 0xf5, 0x1e, 0xc4, 0x63, 0x75, 0xac, 0x54, 0x2c, 0x57, 0x82, 0x72, 0x5f, 0xf0, 0x13, 0x13, 0x6c, 0xb5, 0x06, 0xfc, 0xf9, 0x94, 0x96, 0xe1, 0x3f, 0xcd, 0x22, 0x4b, 0x8a, 0x74, 0xa9, 0x71, 0xcc, 0x8d, 0xdb, 0x8b, 0x39, 0x3c, 0xcc, 0x6a, 0xc9, 0x10, 0xbd, 0x19, 0x06, 0xea, 0x9f, 0x2e, 0xd8, 0xa5, 0xd0, 0x66, 0xdc, 0x63, 0x9c, 0x20, 0xcd), - // aad: vec!(0xdf, 0x8a, 0xb6, 0x34, 0xd3, 0xdc, 0xa1, 0x4e, 0x2e, 0x09, 0x1b, 0x15, 0xec, 0xc7, 0x8f, 0x91, 0xe2, 0x29, 0xa1, 0xa1, 0x3c, 0xba, 0x5e, 0xdd, 0x65, 0x26, 0xd1, 0x82, 0x52, 0x5e, 0xc5, 0x75, 0xaa, 0x45, 0xbc, 0x70, 0xfb, 0x61, 0x93, 0xff, 0xcd, 0x59, 0xba, 0xd3, 0xc3, 0x47, 0x15, 0x90, 0x99, 0xc4, 0xf1, 0x39, 0xc3, 0x23, 0xc3, 0x0a, 0x23, 0x07, 0x53, 0xd0, 0x70, 0x01, 0x87, 0x86, 0xb2, 0xe5, 0x9b, 0x75, 0x8d, 0xd4, 0xa9, 0x7d, 0x1a, 0x88, 0xe8, 0xf6, 0x72, 0x09, 0x2b, 0xef, 0x78, 0x0b, 0x45, 0x1f, 0xd6, 0x6b, 0xa7, 0x43, 0x1c, 0xbb, 0x56, 0x60, 0xea, 0x78, 0x16, 0xcd, 0xf2, 0x6e, 0x19, 0xa6, 0xeb, 0xb9, 0xaa, 0xdc, 0x30, 0x88, 0xe6, 0x92, 0x3f, 0x29, 0xf5, 0x3f, 0x87, 0x7a, 0x67, 0x58, 0x06, 0x8f, 0x79, 0xa6, 0xf2, 0xa1, 0x82, 0xb4, 0xbf), - // cipher_text: vec!(0xa6, 0x2e, 0x31, 0x3e, 0xcf, 0x25, 0x8c, 0xc9, 0x08, 0x7c, 0xbb, 0x94, 0xfc, 0xc1, 0x26, 0x43, 0xeb, 0x72, 0x2d, 0x25, 0x5c, 0x3f, 0x98, 0xc3, 0x9f, 0x13, 0x0e, 0x10, 0x05, 0x8a, 0x37, 0x5f, 0x08, 0x09, 0x66, 0x24, 0x42, 0xc7, 0xb1, 0x80, 0x44, 0xfe, 0xb1, 0x60, 0x2d, 0x89, 0xbe, 0x40, 0xfa, 0xca, 0xe8, 0xe8, 0x9c, 0xa9, 0x67, 0x01, 0x5f, 0x0b, 0x7f, 0x8c, 0x2e, 0x4e, 0x4a, 0x38, 0x55, 0xdb, 0xb4, 0x6a, 0x06, 0x6e, 0x49, 0xab, 0xf9, 0xce, 0xf6, 0x7e, 0x60, 0x36, 0x40, 0x0c, 0x8f, 0xf4, 0x6b, 0x24, 0x1f, 0xc9, 0x9b, 0xa1, 0x97, 0x4b, 0xa3, 0xba, 0x6e, 0xa2, 0x0d, 0xc5, 0x2e, 0xc6, 0x75, 0x3f, 0x6f, 0xc7, 0x69, 0x7a, 0xdb, 0xcc, 0xd0, 0x2b, 0x0b, 0xbe, 0xa1, 0xdf, 0x83, 0x52, 0x62, 0x9b, 0x03, 0xb4, 0x3c, 0xc3, 0xd6, 0x32, 0x57, 0x67, 0x87), - // tag: vec!(0x67, 0x52, 0x87, 0xf8, 0x14, 0x3b, 0x9b, 0x97, 0x6e, 0x50, 0xa8, 0x0f, 0x85, 0x31, 0xbd, 0x39) - // }, - // TestVector{ - // key: [0xb6, 0x2f, 0xb8, 0x5c, 0x1d, 0xec, 0xd0, 0xfa, 0xf2, 0x42, 0xce, 0x66, 0x21, 0x40, 0xad, 0x1b, 0x82, 0x97, 0x5e, 0x99, 0xa3, 0xfa, 0x01, 0x66, 0x6c, 0xac, 0x23, 0x85, 0xab, 0x91, 0xda, 0x54], - // nonce: [0x2f, 0x4a, 0x5c, 0xa0, 0x96, 0xa4, 0xfa, 0xf8], - // plain_text: vec!(0x03, 0xb1, 0x4f, 0x13, 0xc0, 0x06, 0x5e, 0x4a, 0x44, 0x21, 0xde, 0x62, 0xab, 0x1d, 0x84, 0x2b, 0xff, 0xb8, 0x0f, 0x3d, 0xa3, 0x0b, 0xf4, 0x7d, 0x11, 0x5c, 0x09, 0x85, 0x7f, 0x5b, 0xdd, 0x57, 0x56, 0xfd, 0x7c, 0x9a, 0xc3, 0xd9, 0xaf, 0x1c, 0x9f, 0xb9, 0x4f, 0x26, 0x40, 0xf7, 0xf4, 0x38, 0x6c, 0xfb, 0xa7, 0x4d, 0xb4, 0x68, 0xe5, 0x28, 0x8d, 0xbe, 0x4d, 0xd7, 0x8b, 0xfe, 0x4f, 0x69, 0xe4, 0x14, 0x80, 0xca, 0x61, 0x38, 0xe8, 0xbe, 0xac, 0xc6, 0xea, 0xa3, 0x37, 0x41, 0x57, 0xc7, 0x13, 0xcf, 0xa9, 0x00, 0xc0, 0x7d, 0xd8, 0x36, 0xea, 0xec, 0xc8, 0x82, 0x7f, 0xa3, 0xe7, 0x0e, 0x05, 0x2a, 0xe0, 0x9e, 0x84, 0x73, 0xe2, 0xae, 0x1a, 0x10, 0xb1, 0xbb, 0x66, 0x9e, 0xf6, 0x0a, 0x8d, 0xd9, 0x57, 0xf6, 0x55, 0x3d, 0xaa, 0x81, 0x14, 0x91, 0x8e, 0x17, 0x37, 0x1f, 0x2a, 0xc3, 0x27, 0xbd), - // aad: vec!(0xcf, 0xe3, 0xb7, 0xab, 0x75, 0x50, 0xb0, 0xe8, 0xe2, 0xe8, 0x23, 0x5f, 0xa0, 0xdc, 0xef, 0x95, 0x64, 0x7c, 0xe6, 0x81, 0x4a, 0xbd, 0x3d, 0xc3, 0xf5, 0xa3, 0xbd, 0x7d, 0x6d, 0x28, 0x25, 0x04, 0x66, 0x0c, 0x34, 0xad, 0x83, 0x41, 0xe4, 0xd1, 0x14, 0x02, 0xc7, 0xd4, 0x6c, 0x83, 0xa4, 0x94, 0xd7, 0xdd, 0xb1, 0x05, 0xe1, 0x00, 0x29, 0x79, 0x02, 0x3e, 0x0e, 0x3d, 0xc2, 0x97, 0x8c, 0x9a, 0xe5, 0x3e, 0x10, 0xeb, 0x85, 0x67, 0xe7, 0xa0, 0x2b, 0x60, 0xe5, 0x1e, 0x94, 0x5c, 0x70, 0x40, 0xd8, 0x32, 0xca, 0x90, 0x0d, 0x13, 0x2b, 0x42, 0x05, 0xa3, 0x50, 0x34, 0xfe, 0xd9, 0x39, 0xa1, 0xb7, 0x96, 0x51, 0x83, 0xc2, 0x56, 0x54, 0x93, 0x1a, 0x9b, 0x74, 0x44, 0x01, 0xc4, 0x64, 0x9c, 0x94, 0x57, 0x10, 0xb0, 0xd9, 0x73, 0x3b, 0x87, 0x45, 0x13, 0x48, 0xb3, 0x2b, 0xa8, 0x1d, 0xe3, 0x0e, 0xa7), - // cipher_text: vec!(0x89, 0x65, 0xdb, 0x3d, 0x3a, 0xe4, 0xfb, 0x48, 0x32, 0x08, 0xf1, 0x47, 0x27, 0x6e, 0x7d, 0x81, 0xb7, 0x1a, 0x86, 0xe7, 0x20, 0x2f, 0xfc, 0x9b, 0x1e, 0xaa, 0xde, 0x00, 0x9b, 0xc0, 0x16, 0x83, 0x8d, 0xc0, 0x9c, 0xa4, 0xbc, 0xf3, 0x08, 0x87, 0xb2, 0xf4, 0x24, 0x3f, 0xbd, 0x65, 0x2c, 0xd9, 0x0e, 0xbe, 0xd1, 0xce, 0xef, 0x81, 0x51, 0xff, 0x17, 0xea, 0x70, 0x51, 0x8d, 0x03, 0xb0, 0xf2, 0xa2, 0x49, 0x60, 0xaa, 0x7d, 0xe9, 0xb3, 0x0f, 0xa6, 0x5c, 0x2e, 0x2d, 0x57, 0x36, 0x00, 0x61, 0xaa, 0xe6, 0xd9, 0x37, 0x6e, 0x98, 0x4e, 0x9f, 0xcd, 0x5e, 0x5d, 0xd0, 0x91, 0x1a, 0x4b, 0xc8, 0xde, 0xca, 0x83, 0x2f, 0xfb, 0x76, 0xf2, 0x52, 0xbd, 0x7d, 0xa5, 0x23, 0x07, 0x65, 0x93, 0xba, 0x6b, 0x17, 0x4f, 0x7d, 0x9f, 0xb0, 0x37, 0x7e, 0x06, 0x6e, 0xcb, 0xb6, 0x63, 0x80, 0x36, 0x24, 0x1e, 0x86), - // tag: vec!(0x3d, 0x0f, 0xc5, 0x3e, 0x90, 0x58, 0xc2, 0xbe, 0x32, 0xaa, 0x08, 0x50, 0xe0, 0xfa, 0xb5, 0xa6) - // }, - // TestVector{ - // key: [0xde, 0x9c, 0x65, 0x72, 0x58, 0x77, 0x4d, 0x4e, 0xbc, 0x09, 0xd1, 0x09, 0xa0, 0xfc, 0x79, 0xd6, 0x64, 0x93, 0xae, 0x57, 0x87, 0x97, 0xca, 0xc4, 0xeb, 0x88, 0x30, 0xa6, 0xa4, 0xb5, 0x47, 0xe0], - // nonce: [0xb5, 0xe3, 0x5f, 0xe3, 0x39, 0x8e, 0xfa, 0x34], - // plain_text: vec!(0x4d, 0x68, 0xfb, 0x68, 0x3a, 0xa4, 0xf4, 0xc7, 0xa1, 0x6b, 0xa1, 0x11, 0x4f, 0xc0, 0xb1, 0xb8, 0xd8, 0x89, 0x86, 0x10, 0xfa, 0x27, 0x63, 0xe4, 0x35, 0xde, 0xd8, 0x77, 0x1b, 0x36, 0x51, 0x07, 0x8b, 0xef, 0x73, 0xd4, 0xdf, 0xd1, 0x4e, 0x76, 0xa3, 0x4c, 0xd5, 0xeb, 0x9e, 0xf4, 0xdb, 0x4e, 0xad, 0x4d, 0xa9, 0xe8, 0x3f, 0x4c, 0xe5, 0x0f, 0xe0, 0x59, 0x97, 0x7b, 0x2d, 0x17, 0xd6, 0x87, 0xc2, 0x93, 0x35, 0xa0, 0x4d, 0x87, 0x38, 0x9d, 0x21, 0x1f, 0x82, 0x15, 0x44, 0x97, 0x49, 0x96, 0x9f, 0x76, 0x52, 0xdc, 0x19, 0x35, 0xa0, 0xf9, 0xa9, 0x45, 0x38, 0xdc, 0x81, 0xdc, 0x9a, 0x39, 0xaf, 0x63, 0x44, 0x6a, 0x65, 0x17, 0x60, 0x90, 0x76, 0x98, 0x79, 0x20, 0x54, 0x7d, 0x00, 0x98, 0xa9, 0xc6, 0x76, 0x6c, 0xf5, 0xe7, 0x04, 0x88, 0x3e, 0xa3, 0x2f, 0xea, 0xea, 0x18, 0x89, 0xb1, 0x55, 0x4b, 0x5e, 0xb0, 0xce, 0x5e, 0xcc), - // aad: vec!(0x43, 0x6e, 0xa5, 0xa5, 0xfe, 0xe8, 0x29, 0x3b, 0x93, 0xe4, 0xe8, 0x48, 0x81, 0x16, 0xc9, 0x4d, 0x32, 0x69, 0xc1, 0x9f, 0x1d, 0x50, 0x50, 0xde, 0xf2, 0x3d, 0x28, 0x05, 0x15, 0x45, 0x7b, 0x93, 0x1b, 0xbe, 0xd6, 0x4a, 0x54, 0x2b, 0x31, 0x7c, 0xc5, 0x02, 0x3d, 0x64, 0x83, 0x30, 0xa4, 0xb7, 0xad, 0xca, 0x14, 0xdd, 0x6f, 0x37, 0x83, 0x20, 0x7b, 0x94, 0xf8, 0x6c, 0xca, 0xa0, 0xa0, 0xac, 0x39, 0xb7, 0xdb, 0x00, 0xac, 0x87, 0xa9, 0x9e, 0x3c, 0xd8, 0xa7, 0x64, 0xed, 0x9c, 0x75, 0xda, 0x84, 0x54, 0x47, 0x96, 0x36, 0xab, 0x2b, 0x29, 0xe7, 0x70, 0xb1, 0x66, 0xa5, 0xb7, 0x5c, 0xac, 0xc4, 0x25, 0xc9, 0x19, 0xbf, 0x1c, 0xe9, 0xac, 0x34, 0xaf, 0xe6, 0xb4, 0x42, 0x5c, 0x3d, 0x9f, 0xd2, 0xe4, 0x8b, 0xc8, 0x1e, 0x7d, 0x15, 0x51, 0x6d, 0x60, 0xe5, 0x92, 0xbf, 0xcc, 0x2e, 0xbe, 0xfb, 0x66, 0x0f, 0x09, 0x95, 0xf2, 0xb5), - // cipher_text: vec!(0x97, 0xa9, 0x7b, 0x8f, 0x0f, 0x54, 0x20, 0x84, 0x5a, 0xe8, 0xd5, 0x75, 0x67, 0xf9, 0xbb, 0xa6, 0x93, 0xd3, 0x0e, 0x6d, 0xb9, 0x16, 0xfa, 0xd0, 0xb9, 0x71, 0xf5, 0x53, 0xad, 0x7d, 0x99, 0x3f, 0x80, 0x6f, 0x27, 0xab, 0x8b, 0x45, 0x8d, 0x80, 0x46, 0x06, 0x2c, 0xed, 0x47, 0x78, 0xc0, 0x04, 0xb4, 0xf9, 0x58, 0xa4, 0x43, 0x61, 0x41, 0x63, 0x7c, 0x60, 0x39, 0x96, 0x33, 0x08, 0xde, 0xa2, 0xf5, 0x40, 0x08, 0xb7, 0xfe, 0xab, 0x79, 0x65, 0x02, 0x95, 0xed, 0x41, 0xbf, 0x9e, 0x65, 0xe1, 0xa2, 0xd7, 0x5a, 0xb1, 0xc7, 0xb2, 0xa7, 0x0e, 0xbb, 0x9e, 0x9f, 0x38, 0xd0, 0x7a, 0x9a, 0x67, 0x2d, 0x3e, 0x95, 0xea, 0x78, 0xaf, 0xe9, 0xac, 0x02, 0xf2, 0x56, 0x6b, 0x48, 0xb0, 0x25, 0x1a, 0xef, 0x6e, 0xee, 0xca, 0x8b, 0xd1, 0x5b, 0xd8, 0xd4, 0x3b, 0x55, 0x94, 0x26, 0xaa, 0x9d, 0x15, 0xd9, 0x60, 0xee, 0x35, 0xcb, 0x3e, 0xdf), - // tag: vec!(0xe5, 0x5d, 0xbb, 0x21, 0x85, 0x1e, 0x8a, 0x5b, 0x36, 0x5f, 0x86, 0xd0, 0x25, 0x18, 0x33, 0x1c) - // }, - // TestVector{ - // key: [0x68, 0x85, 0xbd, 0x33, 0x3c, 0x33, 0x6c, 0x76, 0x72, 0xdb, 0x8e, 0xbd, 0xf2, 0x4c, 0x1a, 0x1b, 0x60, 0x5c, 0x5a, 0x4a, 0xe2, 0x79, 0xf0, 0xf6, 0x98, 0x16, 0x2f, 0x47, 0xe6, 0xc7, 0x34, 0x01], - // nonce: [0xf0, 0xc4, 0xa2, 0x13, 0xa6, 0x16, 0x8a, 0xab], - // plain_text: vec!(0xfa, 0x90, 0x5a, 0x2b, 0xfa, 0x5b, 0x5b, 0xad, 0x76, 0x72, 0x39, 0xfb, 0x07, 0x0a, 0x7b, 0xc0, 0xb3, 0x03, 0xd1, 0x50, 0x3e, 0xcd, 0x2b, 0x42, 0x94, 0x18, 0xcc, 0x8f, 0xeb, 0xa8, 0x43, 0xe5, 0x44, 0x4e, 0xd8, 0x90, 0x22, 0xfd, 0xb3, 0x79, 0xc3, 0xb1, 0x55, 0xa0, 0xf9, 0xce, 0xab, 0x29, 0x79, 0x00, 0x0a, 0x0f, 0x60, 0x29, 0x2a, 0x63, 0x17, 0x71, 0xf2, 0xfd, 0xe4, 0xef, 0x06, 0x5a, 0xa7, 0x46, 0x42, 0x66, 0x09, 0x08, 0x29, 0x69, 0x53, 0x0a, 0x9c, 0x70, 0xad, 0x14, 0x53, 0x08, 0xc3, 0x0b, 0xa3, 0x89, 0xea, 0x12, 0x2f, 0xd7, 0x66, 0x08, 0x15, 0x11, 0xa0, 0x31, 0xce, 0x3a, 0x0b, 0xd9, 0xf9, 0xf5, 0x83, 0xc7, 0x00, 0x0b, 0x33, 0x3b, 0x79, 0xac, 0x00, 0x4f, 0xbd, 0xe6, 0xec, 0x3e, 0xb2, 0xd9, 0x05, 0x97, 0x7f, 0xf9, 0x5d, 0xcf, 0xf7, 0x78, 0x58, 0xe3, 0xc4, 0x24, 0xfe, 0x89, 0x32, 0xa6, 0xa1, 0x21, 0x39, 0xe6, 0xec, 0x8d, 0x5e, 0x98), - // aad: vec!(0x8d, 0xed, 0x36, 0x8f, 0x91, 0x9e, 0xfb, 0x52, 0x2b, 0xb6, 0xa9, 0xad, 0x00, 0x9e, 0x02, 0xff, 0xbc, 0x6a, 0x16, 0x53, 0x6e, 0x34, 0xd9, 0x5c, 0xdb, 0x34, 0xf1, 0x15, 0x3d, 0x7c, 0xb7, 0xb0, 0xf3, 0xc2, 0xb1, 0x3d, 0xd0, 0x5c, 0xed, 0xae, 0x27, 0xcf, 0xe6, 0x8e, 0xc3, 0xac, 0xa8, 0x04, 0x7e, 0x09, 0x30, 0xa2, 0x9c, 0x9d, 0x07, 0x70, 0xc1, 0xb8, 0x3c, 0x23, 0x4d, 0xcb, 0x03, 0x85, 0xde, 0xae, 0x7a, 0xe8, 0x5d, 0xa7, 0x3a, 0x5f, 0x8d, 0xe3, 0xdf, 0xb2, 0x86, 0x12, 0xa0, 0x01, 0xf4, 0xe5, 0x52, 0xc4, 0xf6, 0x7a, 0xe0, 0xe2, 0xec, 0x53, 0x85, 0x32, 0x89, 0xb7, 0x01, 0x7a, 0x58, 0x59, 0x1f, 0xd6, 0xf7, 0x0b, 0x0e, 0x95, 0x48, 0x76, 0xbb, 0x2f, 0x7e, 0xc3, 0x30, 0x01, 0xe2, 0x98, 0x85, 0x6a, 0x64, 0xbb, 0x16, 0x18, 0x10, 0x17, 0xba, 0x92, 0x46, 0x48, 0xc0, 0x9f, 0xc6, 0x3c, 0x62, 0xef, 0xf2, 0x62, 0xc8, 0x0d, 0x61, 0x46, 0x79, 0xbd), - // cipher_text: vec!(0x0c, 0xb3, 0xd6, 0xc3, 0x1e, 0x0f, 0x40, 0x29, 0xec, 0xa5, 0x52, 0x4f, 0x95, 0x12, 0x44, 0xdf, 0x04, 0x2f, 0xc6, 0x37, 0xc4, 0x16, 0x25, 0x11, 0xfe, 0xa5, 0x12, 0xa5, 0x2d, 0x3f, 0x75, 0x81, 0xaf, 0x09, 0x7e, 0xb6, 0x42, 0xe7, 0x9e, 0x48, 0x66, 0x6c, 0xb1, 0x08, 0x6e, 0xdb, 0xd3, 0x8c, 0x47, 0x77, 0xc5, 0x35, 0xa2, 0x09, 0x45, 0xfa, 0xbc, 0x23, 0xe7, 0xc9, 0x27, 0x7e, 0x2b, 0x96, 0x0a, 0xac, 0x46, 0x86, 0x5f, 0x10, 0x26, 0xeb, 0x6d, 0xa8, 0x27, 0x59, 0x10, 0x8b, 0x9b, 0xae, 0xce, 0x5d, 0xa9, 0x30, 0xcc, 0xfc, 0x10, 0x52, 0xb1, 0x65, 0x6b, 0x0e, 0xad, 0xaa, 0x12, 0x0e, 0xd0, 0xc4, 0x5a, 0xd0, 0x4b, 0x24, 0xae, 0x8c, 0xdb, 0x22, 0xce, 0xab, 0x76, 0xc5, 0xf1, 0x80, 0xb4, 0x6a, 0x39, 0x2a, 0xb4, 0x5b, 0x1b, 0x99, 0xc6, 0x12, 0x54, 0x6e, 0x6b, 0x94, 0x7f, 0x4d, 0x5c, 0x06, 0xad, 0x5a, 0xbe, 0xe9, 0x2f, 0xf9, 0x63, 0x45, 0xad, 0x43), - // tag: vec!(0xd3, 0xb5, 0x41, 0xac, 0x44, 0x6c, 0x84, 0x62, 0x6d, 0xaf, 0x80, 0x0c, 0x01, 0x72, 0xee, 0xc6) - // }, - // TestVector{ - // key: [0xfb, 0xc9, 0x78, 0xab, 0xb1, 0x24, 0x0a, 0x69, 0x37, 0xcc, 0xc1, 0x67, 0x35, 0xb8, 0xd6, 0xed, 0x54, 0x11, 0xcd, 0xbc, 0x18, 0x97, 0x21, 0x41, 0x65, 0xa1, 0x74, 0xe1, 0x6f, 0x4e, 0x69, 0x9b], - // nonce: [0x79, 0x68, 0x37, 0x9a, 0x8c, 0xe8, 0x81, 0x17], - // plain_text: vec!(0x1a, 0x81, 0x96, 0xcd, 0x4a, 0x13, 0x89, 0xec, 0x91, 0x6e, 0xf8, 0xb7, 0xda, 0x50, 0x78, 0xa2, 0xaf, 0xa8, 0xe9, 0xf1, 0x08, 0x12, 0x23, 0xfa, 0x72, 0xf6, 0x52, 0x4a, 0xc0, 0xa1, 0xa8, 0x01, 0x9e, 0x44, 0xa0, 0x95, 0x63, 0xa9, 0x53, 0x61, 0x55, 0x87, 0x42, 0x92, 0x95, 0x05, 0x2c, 0xc9, 0x04, 0xb8, 0x9f, 0x77, 0x8e, 0xf4, 0x46, 0xed, 0x34, 0x14, 0x30, 0xd7, 0xd8, 0xf7, 0x47, 0xcf, 0x2d, 0xb4, 0x30, 0x84, 0x78, 0x52, 0x46, 0x39, 0xf4, 0x44, 0x57, 0x25, 0x3a, 0xe5, 0xa4, 0x45, 0x1c, 0x7e, 0xfc, 0xa8, 0xae, 0x0b, 0x6c, 0x5c, 0x05, 0x1a, 0xaa, 0x78, 0x1e, 0x9c, 0x50, 0x54, 0x89, 0xb3, 0x81, 0xa6, 0xdc, 0xba, 0x87, 0xb1, 0x57, 0xed, 0xc7, 0xf8, 0x20, 0xa8, 0xfb, 0xaf, 0x2a, 0x52, 0xe4, 0x84, 0xdc, 0x12, 0x1f, 0x33, 0xd9, 0xd8, 0xb9, 0xac, 0x59, 0xd4, 0x90, 0x1d, 0x6e, 0xd8, 0x99, 0x6e, 0xd4, 0xf6, 0x2d, 0x9d, 0x4d, 0x82, 0x27, 0x4c, 0x44, 0x9c, 0xd7, 0x4e, 0xfa), - // aad: vec!(0x39, 0x13, 0xcd, 0x01, 0x29, 0x9b, 0x8a, 0x4e, 0x50, 0x7f, 0x06, 0x7d, 0x88, 0x7d, 0x7e, 0x9a, 0x6d, 0xed, 0x16, 0xdd, 0x9f, 0x9b, 0xb3, 0x11, 0x5c, 0x57, 0x79, 0xaa, 0x14, 0x23, 0x9f, 0xd3, 0x3e, 0xe9, 0xf2, 0x57, 0x56, 0xd4, 0x52, 0x62, 0xdc, 0x30, 0x11, 0x06, 0x93, 0x56, 0x42, 0x5b, 0x5c, 0x81, 0xa4, 0x72, 0x95, 0x94, 0xe1, 0x7c, 0x97, 0x47, 0x11, 0x9f, 0x81, 0x46, 0x3e, 0x85, 0x62, 0x5d, 0x56, 0x03, 0xd0, 0x5e, 0x00, 0xf5, 0x68, 0xb0, 0xc8, 0x00, 0xbb, 0x18, 0x1e, 0xb7, 0x17, 0xbe, 0x8d, 0x7a, 0x93, 0x16, 0x6a, 0x50, 0x4c, 0xe1, 0xbc, 0x81, 0x7e, 0x15, 0x53, 0x0c, 0x5b, 0xd2, 0xb3, 0xdf, 0x1d, 0x42, 0x22, 0x24, 0x5e, 0xa7, 0x8a, 0x38, 0xbc, 0x10, 0xf6, 0x6c, 0x5c, 0xf6, 0x8d, 0x66, 0x15, 0x03, 0x13, 0x1f, 0x11, 0xaf, 0x88, 0x5c, 0x8a, 0x91, 0x0b, 0x6d, 0xce, 0x70, 0xbc, 0x3a, 0x74, 0x48, 0xdf, 0xae, 0x00, 0x59, 0x5b, 0xeb, 0x70, 0x7f, 0xe0, 0x54, 0xd3), - // cipher_text: vec!(0xd1, 0x52, 0xbc, 0xb4, 0xc2, 0x4c, 0x37, 0x11, 0xb0, 0xfa, 0xd2, 0x85, 0x48, 0xdc, 0x4d, 0xb6, 0x05, 0xbb, 0xc8, 0x92, 0x37, 0xcd, 0xbe, 0xa7, 0xdb, 0xf9, 0x56, 0xb8, 0x85, 0x5d, 0x11, 0x61, 0xa0, 0x78, 0x1f, 0x27, 0xbd, 0x56, 0xd7, 0x98, 0x14, 0x1e, 0x2a, 0xce, 0x33, 0x99, 0x55, 0xef, 0xb9, 0x8f, 0xe0, 0x5d, 0x9b, 0x44, 0xcd, 0x01, 0x1e, 0x64, 0x51, 0x06, 0xbf, 0x47, 0x72, 0x61, 0x83, 0x95, 0x8c, 0xb6, 0xdf, 0x34, 0xce, 0x57, 0x66, 0x69, 0x5f, 0x60, 0xbc, 0x70, 0xb6, 0xfe, 0x0f, 0xab, 0xb9, 0xaf, 0xa0, 0x09, 0xa8, 0xef, 0x04, 0x3d, 0xbf, 0x75, 0xf8, 0x61, 0x88, 0x13, 0x68, 0xfa, 0x07, 0x72, 0x66, 0x25, 0x44, 0x8f, 0xe6, 0x08, 0xd5, 0x78, 0xcd, 0xc4, 0x82, 0x77, 0xf2, 0xdc, 0x53, 0xea, 0xaf, 0x1b, 0xdc, 0x07, 0x52, 0x69, 0xa4, 0x2f, 0x93, 0x02, 0xa5, 0x7c, 0xad, 0x38, 0x7a, 0x82, 0xc6, 0x96, 0x96, 0x08, 0xac, 0xac, 0xda, 0x20, 0xe1, 0xca, 0xc4, 0x59, 0x6c), - // tag: vec!(0x94, 0x5d, 0xca, 0x73, 0xcf, 0x2f, 0x00, 0x7a, 0xe2, 0x43, 0x99, 0x1c, 0x4f, 0xbe, 0x04, 0x79) - // }, - // TestVector{ - // key: [0x77, 0xd1, 0xa8, 0x57, 0xfb, 0xad, 0xfe, 0x01, 0xab, 0xa7, 0x97, 0x4e, 0xea, 0x2d, 0xfb, 0x3d, 0xc7, 0xbf, 0x41, 0xde, 0x73, 0x68, 0x6a, 0xec, 0xe4, 0x03, 0x99, 0x3e, 0x50, 0x16, 0xc7, 0x14], - // nonce: [0xfd, 0xd9, 0x13, 0xa3, 0x21, 0xc4, 0x0e, 0xb0], - // plain_text: vec!(0xdb, 0x89, 0x15, 0xbf, 0xe6, 0x51, 0xe2, 0xec, 0xb3, 0xce, 0x0b, 0x27, 0xd9, 0x9a, 0x6b, 0xfa, 0x7a, 0x7c, 0x50, 0x7c, 0xfc, 0xb2, 0x98, 0x72, 0x93, 0x01, 0x86, 0x36, 0xc3, 0x65, 0xa4, 0x59, 0xc6, 0xa1, 0x38, 0xb4, 0x42, 0x8b, 0xe5, 0x38, 0x41, 0x3d, 0xb1, 0x5b, 0xda, 0x69, 0xe6, 0x97, 0xcb, 0xb9, 0x2b, 0x15, 0x4b, 0x7f, 0x4d, 0x2c, 0xbb, 0x07, 0x96, 0x52, 0x25, 0xaa, 0x68, 0x65, 0xd7, 0xdc, 0xd1, 0xba, 0x2c, 0x17, 0xc4, 0x84, 0xb0, 0x0b, 0x19, 0x86, 0xfe, 0xd6, 0x3e, 0x88, 0x9f, 0x25, 0xa4, 0x96, 0x6d, 0xc3, 0xed, 0x42, 0x73, 0xf1, 0x57, 0x77, 0x68, 0xf6, 0x65, 0x36, 0x2d, 0x7d, 0x3e, 0x82, 0x44, 0x84, 0xf0, 0xdd, 0xed, 0x7f, 0x82, 0xb8, 0xbe, 0x87, 0x97, 0xad, 0x95, 0x17, 0x19, 0x71, 0x93, 0x65, 0xe4, 0x5a, 0xbb, 0xf7, 0x63, 0x24, 0xbc, 0x7d, 0x65, 0x77, 0x99, 0xd4, 0xd4, 0xf4, 0xbb, 0x1d, 0xba, 0x67, 0xd9, 0x6a, 0xb1, 0xc8, 0x85, 0x19, 0xa5, 0xbe, 0xe7, 0x04, 0xf7, 0x21, 0x48, 0x14), - // aad: vec!(0x3c, 0xb2, 0xc0, 0x6c, 0x20, 0xcb, 0x08, 0x32, 0xbb, 0xac, 0xeb, 0xfc, 0x20, 0x5d, 0x77, 0x39, 0x3c, 0xa1, 0x81, 0x63, 0x46, 0xea, 0x26, 0x81, 0xde, 0x4d, 0x3a, 0xb1, 0xfa, 0xdb, 0x77, 0x4a, 0xd2, 0x73, 0xe4, 0x71, 0x32, 0x90, 0x45, 0x44, 0x96, 0xf5, 0x28, 0x1e, 0xbc, 0x65, 0xe0, 0x4c, 0xfe, 0x84, 0xed, 0x37, 0xcd, 0x0a, 0xed, 0xc4, 0xbb, 0xe3, 0xde, 0xcb, 0xd8, 0xd7, 0x9d, 0x04, 0xa4, 0xe4, 0x34, 0x87, 0x66, 0x50, 0xe0, 0xd6, 0x43, 0x09, 0xe3, 0x36, 0xbf, 0xb1, 0x0e, 0x92, 0x40, 0x66, 0xa6, 0x4a, 0xcb, 0x92, 0x26, 0x0b, 0x2d, 0xbd, 0x96, 0x73, 0x5d, 0x03, 0xaf, 0x03, 0x90, 0x9a, 0xa6, 0xa8, 0x0a, 0x6e, 0x89, 0xfd, 0xa8, 0x10, 0x37, 0x25, 0x7a, 0xec, 0x21, 0xfe, 0x9b, 0xe7, 0xe9, 0x1a, 0x64, 0xe8, 0x8e, 0x0a, 0x58, 0xfa, 0x38, 0xec, 0xba, 0x4c, 0x4c, 0x4c, 0xff, 0xb6, 0x19, 0x58, 0xf3, 0xc4, 0x86, 0xcb, 0xb0, 0xb1, 0xd0, 0xb0, 0x01, 0x4a, 0x2d, 0x1d, 0x3d, 0xf2, 0x48, 0xee, 0xc1, 0xca), - // cipher_text: vec!(0xac, 0xb8, 0x25, 0xe6, 0x02, 0x3b, 0x44, 0xb0, 0x3b, 0x2e, 0xfc, 0x26, 0x56, 0x03, 0xe8, 0x87, 0x95, 0x4e, 0x86, 0x12, 0xb2, 0xee, 0x13, 0x4b, 0xdc, 0xb6, 0x15, 0x01, 0xcf, 0xb9, 0x49, 0x29, 0x52, 0xbf, 0x67, 0xbe, 0x59, 0x7c, 0x3a, 0x00, 0x5b, 0x09, 0xaf, 0x74, 0xd9, 0xe4, 0x21, 0xa5, 0x76, 0xd2, 0xc6, 0x5e, 0x98, 0x10, 0x47, 0x80, 0xfe, 0xab, 0x83, 0x8d, 0x8c, 0xb1, 0xbd, 0x13, 0x54, 0x52, 0xea, 0x39, 0xdc, 0x89, 0x07, 0xa4, 0xc1, 0xa6, 0xa9, 0x16, 0x18, 0x05, 0xe4, 0xfa, 0x3e, 0x16, 0x98, 0x9e, 0x6a, 0x41, 0x8a, 0x7e, 0xea, 0x25, 0x82, 0xbf, 0x89, 0x5d, 0xa9, 0x67, 0x02, 0x8e, 0xab, 0x7c, 0x95, 0xd8, 0x46, 0xa6, 0xde, 0x4b, 0x99, 0x80, 0x78, 0x58, 0x14, 0xcf, 0x00, 0x48, 0x4b, 0xaa, 0x2f, 0x6d, 0xe6, 0x09, 0x91, 0x2f, 0xff, 0x68, 0x9b, 0xce, 0x6e, 0x85, 0x42, 0x61, 0xff, 0xe8, 0x66, 0xbd, 0x8e, 0x63, 0x27, 0x46, 0x05, 0xc7, 0xc5, 0xad, 0x67, 0x7b, 0xd7, 0x89, 0x7a, 0xde, 0x54, 0x3e), - // tag: vec!(0x93, 0x84, 0x78, 0xa4, 0x1a, 0x32, 0x23, 0xa2, 0x19, 0x9f, 0x92, 0x76, 0xd1, 0x16, 0x21, 0x0f) - // }, - // TestVector{ - // key: [0xb7, 0xe9, 0xb9, 0x0d, 0xc0, 0x2b, 0x5c, 0xd6, 0xdf, 0x5d, 0xf7, 0x28, 0x3e, 0xf2, 0x93, 0xed, 0x4d, 0xc0, 0x75, 0x13, 0xd9, 0xe6, 0x73, 0x31, 0xb6, 0x06, 0xf4, 0xd4, 0x2d, 0xec, 0x7d, 0x29], - // nonce: [0xa6, 0xc1, 0x91, 0xf6, 0xd1, 0x81, 0x8f, 0x8e], - // plain_text: vec!(0x2a, 0xda, 0x0e, 0x3c, 0x7c, 0xa6, 0xdb, 0x1f, 0x78, 0x0c, 0xe8, 0xc7, 0x94, 0x72, 0xaf, 0x4e, 0x8e, 0x95, 0x1d, 0xdc, 0x82, 0x8e, 0x0d, 0x6e, 0x8a, 0x67, 0xdf, 0x52, 0x06, 0x38, 0xff, 0x5f, 0x14, 0xa2, 0xf9, 0x5a, 0x5e, 0x59, 0x31, 0x74, 0x9a, 0xe2, 0xc4, 0xe9, 0x94, 0x6a, 0xe4, 0xd5, 0xeb, 0x5d, 0xe4, 0x2f, 0xb5, 0xb7, 0x7d, 0x22, 0x36, 0xe2, 0xe2, 0xbd, 0x81, 0x7d, 0xf5, 0x1b, 0xe4, 0x0b, 0x1b, 0x8a, 0x6c, 0x21, 0x01, 0x5a, 0x7c, 0x79, 0xfe, 0x06, 0xdb, 0xa4, 0xa0, 0x8b, 0x34, 0x01, 0x3d, 0xfa, 0x02, 0x74, 0x7b, 0x5f, 0x03, 0x93, 0x02, 0x68, 0x40, 0x4c, 0x45, 0x5d, 0xc5, 0x4a, 0x74, 0xd9, 0xc6, 0xe3, 0x54, 0x85, 0xe1, 0x00, 0x26, 0xda, 0x57, 0x3c, 0xb4, 0x1c, 0xd5, 0x0b, 0x64, 0xcf, 0xaf, 0xe4, 0xcf, 0xcd, 0xf3, 0xc9, 0x68, 0x4e, 0xf8, 0x77, 0xe4, 0x5d, 0x84, 0xe2, 0x2b, 0xd5, 0xe1, 0x5f, 0xa6, 0xc8, 0xfd, 0x5b, 0xe9, 0x21, 0x36, 0x6f, 0xf0, 0xdc, 0x6f, 0xe2, 0xdf, 0x45, 0xf7, 0x25, 0x29, 0x72, 0xc9, 0xb3, 0x03), - // aad: vec!(0x0f, 0x42, 0x69, 0xed, 0x5e, 0xf0, 0xbf, 0xff, 0x7b, 0xe3, 0x99, 0x46, 0xa4, 0xe8, 0x6e, 0x8b, 0xf7, 0x9f, 0x84, 0xb7, 0x0c, 0xd0, 0xb1, 0x4f, 0xec, 0xb7, 0xbe, 0x3c, 0x07, 0x13, 0x16, 0xce, 0x86, 0xde, 0x3d, 0x99, 0xd6, 0x87, 0x1e, 0x0b, 0xa5, 0x66, 0x7d, 0x9d, 0x7b, 0xba, 0x7d, 0xca, 0xba, 0x10, 0xcb, 0x2a, 0x36, 0x66, 0x8b, 0x6c, 0x3e, 0x2f, 0xb6, 0xc1, 0x02, 0x93, 0x8b, 0x75, 0x00, 0x8b, 0xb9, 0xc2, 0x13, 0xeb, 0xf9, 0xb8, 0x5b, 0x5e, 0x91, 0xa8, 0x02, 0xdf, 0x0d, 0x31, 0xd7, 0xf1, 0x1d, 0x76, 0x4b, 0x22, 0x89, 0xf6, 0x22, 0x52, 0x12, 0x69, 0x4a, 0xb6, 0xb7, 0xc0, 0xe3, 0xff, 0x36, 0xe8, 0x42, 0x45, 0xd9, 0xf4, 0xf4, 0x3f, 0xc5, 0xf9, 0x8e, 0x65, 0x4d, 0xea, 0x7b, 0xa9, 0xbd, 0x91, 0x86, 0x58, 0x87, 0x9c, 0x5b, 0xb4, 0xa1, 0x64, 0x2a, 0xf0, 0xd8, 0x31, 0x13, 0xe3, 0xcf, 0x93, 0x5d, 0x3c, 0x0d, 0x52, 0x08, 0x31, 0x8f, 0x66, 0xf6, 0x54, 0xeb, 0x17, 0xd8, 0xc2, 0x8a, 0x60, 0x25, 0x43, 0xe7, 0x7a, 0xd3, 0xe8, 0x15), - // cipher_text: vec!(0x22, 0x58, 0x6f, 0xe7, 0x33, 0x8e, 0x99, 0xcd, 0xaa, 0xd9, 0xf8, 0x5b, 0xd7, 0x24, 0xba, 0x4c, 0xfe, 0x62, 0x49, 0xb8, 0xa7, 0x13, 0x99, 0xf9, 0xa3, 0x70, 0x7b, 0x5c, 0x43, 0x23, 0xb8, 0xd9, 0x66, 0x79, 0x56, 0x8d, 0xfc, 0x8d, 0x23, 0x0a, 0xef, 0xb4, 0x53, 0xdf, 0x59, 0x6e, 0x13, 0xeb, 0x3e, 0x8a, 0x43, 0x92, 0x49, 0xbd, 0x64, 0xbc, 0x93, 0xa5, 0x8f, 0x95, 0x08, 0x9a, 0x62, 0xb9, 0x4f, 0x65, 0x62, 0xb8, 0x21, 0xc8, 0x3d, 0x91, 0xf5, 0x6c, 0x55, 0x14, 0x73, 0x81, 0xe9, 0xde, 0x4b, 0xeb, 0x4a, 0xe8, 0x1b, 0xd6, 0xfe, 0x7c, 0xae, 0xf7, 0xe7, 0xe9, 0xa2, 0x07, 0x8f, 0x2f, 0xba, 0x8f, 0x3e, 0x70, 0xd4, 0x91, 0x0d, 0xa9, 0xac, 0xcc, 0x92, 0xb8, 0xe8, 0x1a, 0x61, 0xb0, 0xfe, 0xfb, 0xec, 0xe4, 0xbd, 0x89, 0x44, 0x3e, 0x66, 0xe8, 0xdd, 0xda, 0x8e, 0x47, 0xa6, 0x6a, 0x62, 0xf1, 0x7f, 0xd0, 0xe7, 0xd0, 0xa4, 0x85, 0x2c, 0xe1, 0xa4, 0xd4, 0x3d, 0x72, 0xa0, 0xb5, 0xe8, 0x91, 0x4b, 0xbe, 0xc6, 0x98, 0xf0, 0x60, 0xf2, 0xb0, 0x92), - // tag: vec!(0xc0, 0x82, 0x47, 0x02, 0x97, 0xda, 0x8c, 0x5f, 0x68, 0x2a, 0x16, 0x9d, 0x28, 0xbc, 0x02, 0x39) - // }, - // TestVector{ - // key: [0x6b, 0x2c, 0xb2, 0x67, 0x8d, 0x11, 0x02, 0xf2, 0xfb, 0xbd, 0x02, 0x87, 0x94, 0xa7, 0x9f, 0x14, 0x58, 0x5c, 0x22, 0x3d, 0x40, 0x5e, 0x1a, 0xe9, 0x04, 0xc0, 0x36, 0x1e, 0x9b, 0x24, 0x1e, 0x99], - // nonce: [0x7b, 0x3a, 0xe3, 0x1f, 0x8f, 0x93, 0x82, 0x51], - // plain_text: vec!(0xb3, 0xcb, 0x74, 0x59, 0x30, 0xe0, 0x5f, 0x3a, 0xb8, 0xc9, 0x26, 0xc0, 0xa3, 0x43, 0xa6, 0xeb, 0x14, 0x80, 0x9f, 0xd2, 0x1b, 0x83, 0x90, 0xa6, 0xfc, 0xc5, 0x8a, 0xdb, 0x55, 0x79, 0xe5, 0x43, 0x20, 0x21, 0x76, 0x5b, 0x2d, 0x24, 0x9a, 0x0e, 0xcf, 0x6b, 0xa6, 0x78, 0x63, 0x4c, 0x4f, 0x53, 0xf7, 0x14, 0x95, 0x86, 0x5f, 0x03, 0x1e, 0xe9, 0x7a, 0xa1, 0x59, 0xf9, 0xea, 0xd3, 0xa3, 0xfc, 0xb8, 0x23, 0xee, 0x52, 0x38, 0xbd, 0xf1, 0x27, 0x06, 0xa9, 0xc6, 0x13, 0x7d, 0x23, 0x6e, 0x2e, 0x71, 0x10, 0xce, 0x65, 0x0c, 0x32, 0x1e, 0x41, 0xda, 0xf0, 0xaf, 0xd6, 0x2b, 0xab, 0x2a, 0x8f, 0xe5, 0x5d, 0x70, 0x18, 0xde, 0x49, 0xa1, 0x4e, 0xfe, 0x6d, 0x83, 0xa1, 0x5b, 0x2f, 0x25, 0x6d, 0x59, 0x5e, 0x99, 0x8d, 0x25, 0x30, 0x9f, 0x23, 0x63, 0x33, 0x60, 0xf5, 0x74, 0x5c, 0x50, 0xc4, 0xe5, 0xaf, 0x8c, 0xcc, 0x9a, 0x8a, 0x2c, 0xb4, 0x70, 0x64, 0x10, 0x5a, 0x02, 0x3e, 0x91, 0x9c, 0x77, 0x95, 0xd2, 0xdc, 0x33, 0x1d, 0x3f, 0x2a, 0xfb, 0x8c, 0x42, 0xe5, 0xc0, 0xbc, 0xc2, 0x6d), - // aad: vec!(0x1c, 0x32, 0xfd, 0x3d, 0xf2, 0x2b, 0x3e, 0x44, 0x0e, 0x2a, 0x3c, 0x7a, 0x76, 0x24, 0x99, 0x01, 0x94, 0xcb, 0x16, 0xa5, 0xf7, 0x4a, 0xf3, 0x6f, 0x87, 0xfd, 0x6c, 0xa7, 0xd4, 0x10, 0xce, 0x90, 0x64, 0x31, 0x6a, 0x2d, 0x09, 0x19, 0x45, 0xde, 0xef, 0x7d, 0x9b, 0x35, 0xce, 0xec, 0x83, 0x96, 0x06, 0x93, 0x07, 0xca, 0xce, 0xd2, 0xb8, 0x0a, 0xfd, 0x7d, 0x53, 0xec, 0x47, 0x9c, 0x35, 0xce, 0xdf, 0x2d, 0xfd, 0x4c, 0x95, 0xc3, 0xdd, 0x84, 0x00, 0xf7, 0x1a, 0xd3, 0x40, 0x28, 0xc6, 0xe4, 0xf8, 0x68, 0x1d, 0x93, 0xd0, 0x77, 0x40, 0x64, 0xba, 0x38, 0xf3, 0xfb, 0x9b, 0x0c, 0x1d, 0xfa, 0x1f, 0x5f, 0x0c, 0x7d, 0x20, 0x67, 0x6a, 0x59, 0x11, 0xd9, 0x99, 0xfb, 0x6a, 0x1d, 0x41, 0x36, 0x7a, 0x8e, 0x99, 0xd8, 0x52, 0xbf, 0x3d, 0x3b, 0x7b, 0x3f, 0x4c, 0x23, 0x32, 0x49, 0xed, 0x1c, 0xa1, 0x35, 0x38, 0x9a, 0x67, 0x4f, 0xf4, 0x82, 0x32, 0xde, 0xd3, 0xf6, 0x80, 0x0a, 0x97, 0xb6, 0xd4, 0x09, 0xc4, 0x0e, 0x6c, 0xd7, 0x0d, 0x09, 0xbf, 0x9d, 0x2a, 0xd2, 0x5d, 0x9b, 0x94, 0x85), - // cipher_text: vec!(0xef, 0x70, 0xc7, 0xde, 0x98, 0xab, 0x1d, 0x4a, 0xd8, 0x17, 0x02, 0x4a, 0x97, 0x0b, 0xe4, 0x63, 0x44, 0x36, 0x40, 0xeb, 0x0c, 0xd7, 0xff, 0x23, 0x4b, 0xdd, 0x00, 0xe6, 0x53, 0x07, 0x4a, 0x77, 0xa1, 0xd5, 0x74, 0x9e, 0x69, 0x8b, 0xd5, 0x26, 0xdc, 0x70, 0x9f, 0x82, 0xdf, 0x06, 0xf4, 0xc0, 0xe6, 0x40, 0x46, 0xb3, 0xdc, 0x5f, 0x3c, 0x70, 0x44, 0xae, 0xf5, 0x3a, 0xeb, 0xb8, 0x07, 0xd3, 0x22, 0x39, 0xd0, 0x65, 0x2d, 0xd9, 0x90, 0x36, 0x2c, 0x44, 0xec, 0x25, 0xbf, 0x5a, 0xea, 0xe6, 0x41, 0xe2, 0x7b, 0xf7, 0x16, 0xe0, 0xc4, 0xa1, 0xc9, 0xfb, 0xd3, 0x7b, 0xbf, 0x60, 0x2b, 0xb0, 0xd0, 0xc3, 0x5b, 0x06, 0x38, 0xbe, 0x20, 0xdd, 0x5d, 0x58, 0x91, 0xd4, 0x46, 0x13, 0x7e, 0x84, 0x2f, 0x92, 0xc0, 0xee, 0x07, 0x5c, 0x68, 0x22, 0x5e, 0x4d, 0xba, 0xcb, 0x63, 0xcc, 0x6f, 0xb3, 0x24, 0x42, 0xb4, 0xbc, 0xda, 0x5e, 0x62, 0xcb, 0x50, 0x0a, 0x4d, 0xf2, 0x74, 0x1a, 0x40, 0x59, 0x03, 0x4d, 0x2c, 0xcb, 0x71, 0xb0, 0xb8, 0xb0, 0x11, 0x2b, 0xf1, 0xc4, 0xca, 0x6e, 0xec, 0x74), - // tag: vec!(0x39, 0x3a, 0xe2, 0x33, 0x84, 0x80, 0x34, 0x24, 0x8c, 0x19, 0x1a, 0xc0, 0xe3, 0x6b, 0x61, 0x23) - // }, - // TestVector{ - // key: [0x4d, 0xbc, 0x80, 0xa4, 0x02, 0xc9, 0xfc, 0xea, 0xa7, 0x55, 0xe1, 0x10, 0x5d, 0xc4, 0x9e, 0xf6, 0x48, 0x90, 0x16, 0x77, 0x68, 0x83, 0xe0, 0x6f, 0xcf, 0x3a, 0xed, 0x93, 0xbf, 0x7f, 0x6a, 0xf7], - // nonce: [0x23, 0x58, 0xae, 0x0c, 0xe3, 0xfb, 0x8e, 0x9f], - // plain_text: vec!(0x19, 0x7c, 0x06, 0x40, 0x3e, 0xb8, 0x96, 0xd2, 0xfa, 0x64, 0x65, 0xe4, 0xd6, 0x44, 0x26, 0xd2, 0x4c, 0xc7, 0x47, 0x6a, 0xa1, 0xae, 0x41, 0x27, 0xcd, 0x2b, 0xd8, 0xa4, 0x8c, 0xe2, 0xc9, 0x9c, 0x16, 0xb1, 0xcb, 0xf3, 0x06, 0x48, 0x56, 0xe8, 0x40, 0x73, 0xb6, 0xcf, 0x12, 0xe7, 0x40, 0x66, 0x98, 0xef, 0x3d, 0xd1, 0x24, 0x0c, 0x02, 0x6c, 0xbd, 0x1a, 0xb0, 0x4e, 0xe6, 0x03, 0xe1, 0xe6, 0xe7, 0x35, 0xc9, 0xb7, 0x55, 0x1f, 0xd0, 0xd3, 0x55, 0x20, 0x2b, 0x4f, 0x64, 0xb4, 0x82, 0xdd, 0x4a, 0x7c, 0x7d, 0x82, 0xc4, 0xfe, 0x2e, 0xb4, 0x94, 0xd0, 0xd5, 0xe1, 0x77, 0x88, 0x98, 0x2d, 0x70, 0x4c, 0x13, 0x56, 0xc4, 0x1a, 0x94, 0x65, 0x55, 0x30, 0xde, 0xda, 0x23, 0x11, 0x8c, 0xba, 0x28, 0x1d, 0x0f, 0x71, 0x7e, 0x14, 0x9f, 0xbe, 0xb2, 0xc5, 0x9b, 0x22, 0xd0, 0xc0, 0x57, 0x4c, 0x1a, 0x2e, 0x64, 0x0a, 0xfa, 0xd1, 0xa6, 0xce, 0xb9, 0x2e, 0x1b, 0xf1, 0xdd, 0xe7, 0x17, 0x52, 0xa1, 0xc9, 0x91, 0xe9, 0xa5, 0x51, 0x7f, 0xe9, 0x86, 0x88, 0xa1, 0x6b, 0x07, 0x3d, 0xbf, 0x68, 0x84, 0xcf, 0xde, 0x61, 0xac), - // aad: vec!(0xcf, 0x6c, 0xe7, 0xb8, 0x99, 0xfb, 0x70, 0x0a, 0x90, 0xd2, 0xa5, 0x46, 0x6d, 0x54, 0xd3, 0x13, 0x58, 0xec, 0xf0, 0x56, 0x2e, 0x02, 0xb3, 0x30, 0xa2, 0x7b, 0xa0, 0x13, 0x80, 0x06, 0xb3, 0x42, 0xb7, 0xed, 0x63, 0x49, 0xd7, 0x3c, 0x4c, 0x5c, 0x6d, 0x29, 0xbd, 0xe7, 0x5a, 0x25, 0x08, 0x9b, 0x11, 0xda, 0xc5, 0xb2, 0x7a, 0xde, 0xa7, 0xe7, 0x64, 0x0c, 0xa1, 0xa7, 0xce, 0xb0, 0x50, 0xe3, 0xaa, 0xe8, 0x4a, 0x47, 0xe1, 0x16, 0x40, 0xa6, 0xe4, 0x85, 0xbd, 0x54, 0xae, 0x9f, 0xdb, 0x54, 0x7e, 0xdc, 0x73, 0x13, 0xd2, 0x4a, 0x03, 0x28, 0x42, 0x9f, 0xcf, 0xfd, 0x8b, 0x18, 0xf3, 0x98, 0x80, 0xed, 0xd6, 0x16, 0x44, 0x73, 0x44, 0xeb, 0xee, 0xc9, 0xea, 0xdb, 0x2d, 0xcb, 0x1f, 0xa7, 0xe6, 0x71, 0x79, 0xe7, 0xf9, 0x13, 0xc1, 0x94, 0xeb, 0xd8, 0xf5, 0xa5, 0x8a, 0xea, 0x73, 0xb0, 0xc5, 0xd1, 0x13, 0x35, 0x61, 0x24, 0x5b, 0x6d, 0x9c, 0x5c, 0xfd, 0x8b, 0xb0, 0xc2, 0x5b, 0x38, 0xff, 0xb3, 0x7d, 0xb5, 0xe2, 0xde, 0x5c, 0xdd, 0xed, 0x6b, 0x57, 0x35, 0x5e, 0x9d, 0x21, 0x5c, 0xb0, 0x95, 0xb8, 0x73, 0x1f), - // cipher_text: vec!(0xaa, 0x87, 0xf9, 0xa8, 0x30, 0x48, 0xb6, 0x91, 0x9c, 0x8f, 0x2b, 0x05, 0x03, 0x15, 0xdb, 0x4e, 0x2a, 0xda, 0xe4, 0xa9, 0xc2, 0xca, 0x01, 0x09, 0xb8, 0x19, 0x61, 0xb5, 0x20, 0xe6, 0x32, 0x99, 0xdc, 0xb0, 0x28, 0xce, 0xc0, 0xb9, 0xd3, 0x24, 0x9a, 0x94, 0x5e, 0xe6, 0x7d, 0xd0, 0x29, 0xb4, 0x0f, 0x36, 0x12, 0x45, 0xc7, 0x40, 0xf0, 0x04, 0xf8, 0xcf, 0x0d, 0x22, 0x14, 0xfc, 0xfa, 0x65, 0xe6, 0x12, 0x4a, 0x3e, 0x74, 0xb7, 0x8a, 0xa9, 0x43, 0x45, 0xc4, 0x6f, 0xdc, 0x15, 0x8d, 0x34, 0x82, 0x3e, 0xd2, 0x49, 0xee, 0x55, 0x04, 0x31, 0xea, 0xae, 0x92, 0x18, 0x36, 0x73, 0x21, 0xcd, 0xd6, 0xe6, 0xa4, 0x77, 0x65, 0x04, 0x69, 0xbb, 0x3c, 0xc1, 0x37, 0xa8, 0xf4, 0x8d, 0x9c, 0xf2, 0x79, 0x34, 0xb1, 0x67, 0x03, 0x60, 0x8b, 0x38, 0x3d, 0x21, 0x45, 0x65, 0x99, 0x22, 0xfb, 0x83, 0xbb, 0x2e, 0x7e, 0xe2, 0xef, 0x93, 0x8a, 0x90, 0xf2, 0xff, 0x84, 0x6a, 0x4a, 0x94, 0x91, 0x29, 0xb1, 0xfb, 0x74, 0xdd, 0xe5, 0x5c, 0x5a, 0xe0, 0x13, 0xc2, 0xf2, 0x85, 0xde, 0x84, 0xf7, 0xda, 0xc7, 0xd1, 0x66, 0x2f, 0x23), - // tag: vec!(0x06, 0xb4, 0x31, 0x8a, 0xc7, 0xf6, 0x5d, 0x55, 0x6f, 0x78, 0x14, 0x28, 0xa0, 0x51, 0x4f, 0xfe) - // }, - // TestVector{ - // key: [0x9e, 0x4a, 0x62, 0x01, 0x6d, 0xae, 0x4b, 0x32, 0x23, 0xfe, 0xd1, 0xd0, 0x1d, 0x07, 0x87, 0xe3, 0x1d, 0x30, 0x69, 0x4f, 0x79, 0xe8, 0x14, 0x22, 0x24, 0xfe, 0x4c, 0x47, 0x35, 0x24, 0x8a, 0x83], - // nonce: [0x26, 0x3a, 0x2f, 0xc0, 0x6a, 0x28, 0x72, 0xe7], - // plain_text: vec!(0x5a, 0x46, 0x94, 0x66, 0x01, 0xf9, 0x3a, 0x0c, 0xee, 0x59, 0x93, 0xc6, 0x95, 0x75, 0xe5, 0x99, 0xcc, 0x24, 0xf5, 0x1a, 0xaf, 0xa2, 0xd7, 0xc2, 0x8d, 0x81, 0x6a, 0x5b, 0x9b, 0x4d, 0xec, 0xda, 0x2e, 0x59, 0xc1, 0x11, 0x07, 0x5f, 0xb6, 0x0a, 0x90, 0x3d, 0x70, 0x1a, 0xd2, 0x68, 0x0b, 0xb1, 0x4a, 0xed, 0xa1, 0x4a, 0xf2, 0xae, 0x9c, 0x07, 0xa7, 0x59, 0xd8, 0x38, 0x8b, 0x30, 0x44, 0x6f, 0x28, 0xb8, 0x5f, 0x0a, 0x05, 0xcd, 0x15, 0x00, 0x50, 0xbd, 0x2e, 0x71, 0x5f, 0xf5, 0x50, 0xeb, 0xbd, 0x24, 0xda, 0x3e, 0xbb, 0x1e, 0xac, 0x15, 0xab, 0xa2, 0x3d, 0x44, 0x86, 0x59, 0xde, 0x34, 0xbe, 0x96, 0x2a, 0xb3, 0xab, 0x31, 0xcb, 0x17, 0x58, 0xdb, 0x76, 0xc4, 0x68, 0xb5, 0xbb, 0x8c, 0xe4, 0x4b, 0x06, 0xc4, 0xe4, 0xdb, 0x9b, 0xd2, 0xf0, 0x61, 0x5b, 0x1e, 0x72, 0x7f, 0x05, 0x3f, 0x6b, 0x4f, 0xfb, 0x63, 0x58, 0xd2, 0x48, 0xf0, 0x22, 0xbc, 0xad, 0x6c, 0xa9, 0x73, 0x04, 0x4b, 0xed, 0x23, 0xd3, 0x92, 0x09, 0x06, 0xa8, 0x9a, 0x9a, 0x9c, 0x5d, 0x80, 0x24, 0xec, 0x67, 0xd7, 0xf0, 0x61, 0xf6, 0x45, 0x29, 0xa9, 0x55, 0xce, 0x16, 0xb3), - // aad: vec!(0x4c, 0xd6, 0x5f, 0x68, 0xf9, 0xf8, 0x8c, 0x05, 0x16, 0x23, 0x1f, 0x2a, 0x42, 0x5c, 0x8f, 0x8a, 0x28, 0x7d, 0xe4, 0x7d, 0x40, 0x9d, 0x5e, 0xcd, 0xe3, 0xad, 0x15, 0x1e, 0x90, 0x6b, 0x38, 0x39, 0xfb, 0x01, 0xbb, 0x91, 0xa4, 0x56, 0xf2, 0x0e, 0xa9, 0xd3, 0x94, 0xd4, 0xb0, 0x66, 0x04, 0xab, 0x1f, 0x90, 0x09, 0xef, 0x29, 0x01, 0x9a, 0xf7, 0x96, 0x8d, 0x96, 0x5d, 0x16, 0x43, 0x16, 0x1a, 0xb3, 0x3a, 0x53, 0x54, 0xcd, 0xa2, 0xfd, 0xc9, 0xf1, 0xd2, 0x1e, 0xc9, 0xcb, 0x71, 0xc3, 0x25, 0xc6, 0x59, 0x64, 0xa1, 0x4f, 0x9b, 0x26, 0xeb, 0x16, 0x56, 0x0b, 0xeb, 0x97, 0x92, 0x07, 0x5a, 0x15, 0x97, 0x39, 0x40, 0x00, 0xfd, 0x5f, 0x33, 0x1b, 0xd8, 0xb7, 0xd2, 0x0d, 0x88, 0xe5, 0xf8, 0x9c, 0xf8, 0xd0, 0xb3, 0x3e, 0x4e, 0x78, 0xe4, 0x90, 0x4b, 0xb5, 0x9c, 0x9c, 0x8d, 0x5d, 0x31, 0xac, 0x86, 0xb8, 0x93, 0xe4, 0xa0, 0x66, 0x7a, 0xf1, 0xbe, 0x85, 0xfd, 0xb7, 0x7f, 0x7e, 0xc3, 0xe2, 0x59, 0x4a, 0x68, 0x04, 0x8d, 0x20, 0xc2, 0xfb, 0x94, 0x22, 0xf5, 0x87, 0x90, 0x78, 0x77, 0x2e, 0xe2, 0x6a, 0x1c, 0x56, 0x0c, 0xbc, 0xbb, 0x21, 0x13), - // cipher_text: vec!(0xe9, 0x44, 0xbb, 0x2a, 0xb0, 0x6d, 0x13, 0x8a, 0xd6, 0x33, 0xc1, 0x6c, 0xe8, 0x27, 0x06, 0xec, 0xf0, 0xef, 0x5d, 0x11, 0x9b, 0xe1, 0xf3, 0x46, 0x0c, 0x9c, 0xe1, 0x01, 0xd9, 0xc4, 0xe0, 0x4e, 0xf1, 0x67, 0x77, 0x07, 0xfc, 0xa4, 0x0d, 0x1f, 0x8c, 0xa1, 0x81, 0xe0, 0x72, 0x73, 0x70, 0x7b, 0x06, 0x62, 0x4d, 0x6d, 0x70, 0x63, 0xc3, 0xb7, 0xb0, 0xbb, 0x01, 0x51, 0xb7, 0x57, 0xb3, 0xe5, 0x23, 0x7f, 0xb8, 0x00, 0x4c, 0x16, 0x12, 0x33, 0xd8, 0xbc, 0x7e, 0x5f, 0x28, 0xea, 0x1c, 0x18, 0xda, 0x18, 0x74, 0xb3, 0xd5, 0x4c, 0x5a, 0xd6, 0xff, 0x08, 0x35, 0xee, 0xd3, 0x5c, 0x88, 0x53, 0x70, 0x45, 0x85, 0xcf, 0x83, 0x99, 0x6e, 0x5e, 0x7c, 0xec, 0x68, 0x18, 0x0a, 0xf4, 0x14, 0xe0, 0x4f, 0x08, 0x13, 0x4d, 0x3b, 0x03, 0x84, 0xeb, 0xdf, 0x03, 0x93, 0xc9, 0x31, 0x0b, 0x55, 0xd8, 0x69, 0x8f, 0xe1, 0x0c, 0xb3, 0x62, 0xde, 0xfc, 0x09, 0x95, 0xe9, 0xa1, 0x3b, 0x48, 0xb4, 0x2c, 0xff, 0x61, 0xff, 0xd9, 0xfe, 0x4c, 0x3c, 0x8c, 0x6d, 0xab, 0x35, 0x57, 0x13, 0xb8, 0x8f, 0x6e, 0x98, 0xa0, 0x2e, 0x72, 0x31, 0xa0, 0xc6, 0x64, 0x4e, 0xc4), - // tag: vec!(0x27, 0xde, 0x0d, 0x4c, 0xa7, 0x64, 0x8f, 0x63, 0x96, 0xd5, 0x41, 0x9a, 0x7b, 0x12, 0x43, 0xb7) - // }, - // TestVector{ - // key: [0x18, 0xca, 0x3e, 0xa3, 0xe8, 0xba, 0xee, 0xd1, 0xb3, 0x41, 0x18, 0x92, 0x97, 0xd3, 0x3c, 0xef, 0x7f, 0x4e, 0x0a, 0x2f, 0xab, 0x40, 0xec, 0x3b, 0x6b, 0xb6, 0x73, 0x85, 0xd0, 0x96, 0x9c, 0xfe], - // nonce: [0xb6, 0xae, 0xf3, 0x4c, 0x75, 0x81, 0x8e, 0x7c], - // plain_text: vec!(0xef, 0x6d, 0x1b, 0xb4, 0x09, 0x47, 0x82, 0xf6, 0x02, 0xfc, 0xf4, 0x15, 0x61, 0xcb, 0xa4, 0x97, 0x06, 0x79, 0x66, 0x1c, 0x63, 0xbe, 0xfe, 0x35, 0xff, 0x2c, 0xa7, 0xad, 0x1a, 0x28, 0x0b, 0xf6, 0xb1, 0xe7, 0xf1, 0x53, 0xfa, 0x84, 0x8e, 0xdf, 0xef, 0xfe, 0x25, 0x15, 0x3f, 0x54, 0x0b, 0x71, 0x25, 0x3e, 0x8b, 0xab, 0xa9, 0xae, 0xb7, 0x19, 0xa0, 0x27, 0x52, 0xcd, 0xa6, 0x0e, 0xa5, 0x93, 0x8a, 0xab, 0x33, 0x9e, 0xea, 0xd5, 0xaa, 0xbf, 0x81, 0xb1, 0x9b, 0x0f, 0xc5, 0xc1, 0xed, 0x55, 0x6b, 0xe6, 0xad, 0x89, 0x70, 0xea, 0x43, 0xc3, 0x03, 0xd3, 0x04, 0x62, 0x05, 0xb1, 0x2c, 0x41, 0x9d, 0xea, 0x71, 0xc4, 0x24, 0x5c, 0xfe, 0xdd, 0x0a, 0x31, 0xb0, 0xf4, 0x15, 0x0b, 0x5a, 0x9f, 0xe8, 0x00, 0x52, 0x79, 0x01, 0x88, 0x52, 0x9a, 0xb3, 0x2f, 0x5e, 0x61, 0xd8, 0xcc, 0xde, 0x59, 0x73, 0xed, 0x30, 0xbd, 0xf2, 0x90, 0xcb, 0xfb, 0xd5, 0xf0, 0x73, 0xc0, 0xc6, 0xa0, 0x20, 0xea, 0xc0, 0x33, 0x2f, 0xce, 0xd1, 0x7a, 0x9a, 0x08, 0xce, 0xf6, 0xf9, 0x21, 0x7b, 0xd6, 0xbe, 0xf6, 0x8c, 0x15, 0x05, 0xd6, 0xee, 0xd4, 0x09, 0x53, 0xe1, 0x55, 0x08, 0xd8, 0x7f, 0x08, 0xfc), - // aad: vec!(0xf4, 0x0f, 0x03, 0xbe, 0xaa, 0x02, 0x3d, 0xb6, 0x31, 0x1b, 0xad, 0x9b, 0x4d, 0x5d, 0x0d, 0x66, 0xa5, 0x8d, 0x97, 0x8e, 0x0b, 0xcb, 0xbf, 0x78, 0xac, 0xeb, 0xde, 0x1f, 0x4e, 0xb9, 0xa2, 0x84, 0x09, 0x56, 0x28, 0x95, 0x5a, 0x0b, 0x15, 0xaf, 0xc4, 0x54, 0x15, 0x2f, 0x96, 0x2e, 0xc3, 0xea, 0x2b, 0x9a, 0x3b, 0x08, 0x9b, 0x99, 0x65, 0x8e, 0x68, 0xed, 0xe4, 0xde, 0xe5, 0xac, 0xd5, 0x66, 0x72, 0x02, 0x5e, 0xb7, 0x32, 0x3b, 0xcb, 0xc6, 0xba, 0x5d, 0x91, 0xc9, 0x43, 0x10, 0xf1, 0x8c, 0x91, 0x8e, 0x39, 0x14, 0xbb, 0xbf, 0x86, 0x9e, 0x1b, 0x87, 0x21, 0x47, 0x6f, 0x9d, 0xef, 0x31, 0xb9, 0xd3, 0x2c, 0x47, 0x1a, 0x54, 0x13, 0x24, 0x81, 0xaa, 0x89, 0xf6, 0xc7, 0x35, 0xab, 0x19, 0x33, 0x69, 0x49, 0x6d, 0x8d, 0xbe, 0xb4, 0x9b, 0x13, 0x0d, 0x85, 0xfb, 0xff, 0x3f, 0x9c, 0xb7, 0xdc, 0xce, 0xa4, 0xc1, 0xda, 0x7a, 0x28, 0x46, 0xee, 0xf5, 0xe6, 0x92, 0x9d, 0x90, 0x09, 0xa9, 0x14, 0x9e, 0x39, 0xc6, 0xc8, 0xec, 0x15, 0x0c, 0x9a, 0xb4, 0x9a, 0x09, 0xc1, 0x8c, 0x47, 0x49, 0xa0, 0xa9, 0xfc, 0xba, 0x77, 0x05, 0x7c, 0xde, 0xa6, 0xef, 0xd4, 0xd1, 0x42, 0x25, 0x6c), - // cipher_text: vec!(0xc5, 0x31, 0x63, 0x3c, 0x0c, 0x98, 0x23, 0x0d, 0xcf, 0x05, 0x9c, 0x10, 0x81, 0xd1, 0xd6, 0x9c, 0x96, 0xba, 0xb7, 0x1c, 0x31, 0x43, 0xae, 0x60, 0xf9, 0xfc, 0x2b, 0x9c, 0xd1, 0x87, 0x62, 0x31, 0x44, 0x96, 0xab, 0x6e, 0x90, 0xbf, 0x67, 0x96, 0x25, 0x2c, 0xb9, 0xf6, 0x67, 0xa1, 0xf0, 0x8d, 0xa4, 0x7f, 0xc2, 0xb0, 0xee, 0xcd, 0xa8, 0x13, 0x22, 0x8c, 0xae, 0x00, 0xd4, 0xc0, 0xd7, 0x1f, 0x5e, 0x01, 0xb6, 0xce, 0x76, 0x2f, 0xa6, 0x36, 0xef, 0xff, 0xe5, 0x5d, 0x0e, 0x89, 0xfd, 0xc8, 0x9b, 0xa4, 0x25, 0x21, 0xcc, 0x01, 0x9a, 0xb9, 0xd4, 0x08, 0xfc, 0xd7, 0x9c, 0x14, 0x91, 0x4e, 0x8b, 0xbf, 0x0e, 0xa4, 0x4d, 0x8a, 0x1d, 0x35, 0x74, 0x3a, 0xd6, 0x28, 0x32, 0x7e, 0x43, 0x2f, 0xdc, 0xfe, 0xb0, 0xb6, 0x67, 0x9d, 0xdc, 0xa8, 0xc9, 0x2b, 0x99, 0x84, 0x73, 0x73, 0x2a, 0xbd, 0x55, 0xdb, 0xa5, 0x4e, 0xef, 0xff, 0x83, 0xc7, 0x84, 0x88, 0xee, 0xe5, 0xf9, 0x2b, 0x14, 0x5a, 0x74, 0xb6, 0x86, 0x65, 0x31, 0x47, 0x6f, 0xc4, 0x62, 0x79, 0xd4, 0xfd, 0xe2, 0x4d, 0x04, 0x9c, 0x1c, 0xe2, 0xb4, 0x23, 0x58, 0xff, 0x3a, 0xb2, 0xba, 0x3a, 0x88, 0x66, 0xe5, 0x47, 0xaf), - // tag: vec!(0xa0, 0xa5, 0x24, 0x27, 0x59, 0xa6, 0xd9, 0xb1, 0xaa, 0x5b, 0xaf, 0x9a, 0x4e, 0xf8, 0x95, 0xa2) - // }, - // TestVector{ - // key: [0x95, 0xfd, 0xd2, 0xd3, 0xd4, 0x29, 0x60, 0x69, 0x05, 0x5b, 0x6b, 0x79, 0xe5, 0xd1, 0x38, 0x76, 0x28, 0x25, 0x4a, 0x7b, 0xe6, 0x47, 0xba, 0xaf, 0xdf, 0x99, 0xdd, 0x8a, 0xf3, 0x54, 0xd8, 0x17], - // nonce: [0xcd, 0x7e, 0xd9, 0xe7, 0x0f, 0x60, 0x86, 0x13], - // plain_text: vec!(0x02, 0x48, 0x28, 0x4a, 0xcf, 0xfa, 0x4b, 0x2c, 0x46, 0x63, 0x6b, 0xdf, 0x8c, 0xc7, 0x00, 0x28, 0xdd, 0x15, 0x1a, 0x6d, 0x8e, 0x7a, 0x5a, 0x5b, 0xc2, 0xd3, 0x9a, 0xcc, 0x10, 0x20, 0xe7, 0x36, 0x88, 0x50, 0x31, 0xb2, 0x52, 0xbf, 0xe9, 0xf9, 0x64, 0x90, 0x92, 0x1f, 0x41, 0xd1, 0xe1, 0x74, 0xbf, 0x1a, 0xc0, 0x37, 0x07, 0xbc, 0x2a, 0xe5, 0x08, 0x8a, 0x12, 0x08, 0xa7, 0xc6, 0x64, 0x58, 0x38, 0x35, 0xe8, 0xbb, 0x93, 0xc7, 0x87, 0xb9, 0x6d, 0xea, 0x9f, 0xc4, 0xb8, 0x84, 0x93, 0x0c, 0x57, 0x79, 0x9e, 0x7b, 0x7a, 0x66, 0x49, 0xc6, 0x13, 0x40, 0x37, 0x6d, 0x04, 0x2b, 0x9f, 0x5f, 0xae, 0xe8, 0x95, 0x6c, 0x70, 0xa6, 0x3c, 0xf1, 0xcf, 0xf4, 0xfc, 0x2c, 0x7c, 0xb8, 0x53, 0x5c, 0x10, 0x21, 0x4e, 0x73, 0xce, 0xc6, 0xb7, 0x96, 0x69, 0xd8, 0x24, 0xf2, 0x3f, 0xf8, 0xc8, 0xa2, 0xca, 0x1c, 0x05, 0x97, 0x4d, 0xd6, 0x18, 0x9c, 0xfe, 0xe4, 0x84, 0xd0, 0x90, 0x6d, 0xf4, 0x87, 0xb6, 0xbd, 0x85, 0x67, 0x1c, 0xe2, 0xb2, 0x38, 0x25, 0x05, 0x2e, 0x44, 0xb8, 0x48, 0x03, 0xe2, 0x83, 0x9a, 0x96, 0x39, 0x1a, 0xbc, 0x25, 0x94, 0x5c, 0xb8, 0x67, 0xb5, 0x27, 0xcd, 0xd9, 0xb3, 0x73, 0xfb, 0xfb, 0x83), - // aad: vec!(0x24, 0xa4, 0x5a, 0x3a, 0x00, 0x76, 0xa5, 0xbc, 0xfd, 0x5a, 0xfe, 0x1c, 0x54, 0xf7, 0xb7, 0x74, 0x96, 0x11, 0x7d, 0x29, 0xf4, 0xc0, 0x90, 0x9f, 0x1e, 0x69, 0x40, 0xb8, 0x1d, 0xde, 0x3a, 0xba, 0xcb, 0x71, 0xec, 0x71, 0xf0, 0xf4, 0xdb, 0x8a, 0x7e, 0x54, 0x0b, 0xd4, 0xc2, 0xc6, 0x0f, 0xae, 0xe2, 0x1d, 0xd3, 0xce, 0x72, 0x96, 0x38, 0x55, 0xbe, 0x1b, 0x0c, 0xe5, 0x4f, 0xb2, 0x0a, 0xd8, 0x2d, 0xbc, 0x45, 0xbe, 0x20, 0xcd, 0x6c, 0x17, 0x1e, 0x2b, 0xeb, 0xb7, 0x9e, 0x65, 0xe7, 0xd0, 0x15, 0x67, 0xad, 0x0e, 0xeb, 0x86, 0x98, 0x83, 0xe4, 0xe8, 0x14, 0xc9, 0x36, 0x88, 0x60, 0x7a, 0x12, 0xb3, 0xb7, 0x32, 0xc1, 0x70, 0x3b, 0x09, 0x56, 0x6c, 0x30, 0x8d, 0x29, 0xce, 0x67, 0x6a, 0x5c, 0x76, 0x2a, 0x85, 0x70, 0x06, 0x39, 0xb7, 0x0d, 0x82, 0xaa, 0xef, 0x40, 0x8c, 0xf9, 0x88, 0x21, 0xa3, 0x72, 0xc6, 0xa0, 0x61, 0x4a, 0x73, 0xba, 0x99, 0x18, 0xa7, 0x95, 0x1e, 0xa8, 0xb2, 0xbb, 0x77, 0xcd, 0x98, 0x96, 0xd2, 0x69, 0x88, 0x08, 0x6d, 0x85, 0x86, 0xd7, 0x2e, 0xdc, 0x92, 0xaf, 0x20, 0x42, 0xff, 0x5e, 0x5f, 0x14, 0x29, 0xa2, 0x2f, 0x61, 0x06, 0x5e, 0x03, 0xcf, 0xcd, 0x7e, 0xdc, 0x2a, 0x93), - // cipher_text: vec!(0x40, 0xc6, 0x31, 0x8d, 0x9e, 0x38, 0x3e, 0x10, 0x7c, 0xdd, 0x3e, 0x1c, 0x89, 0x51, 0x56, 0x21, 0x93, 0xc3, 0xef, 0x64, 0xee, 0x44, 0x24, 0x32, 0xa6, 0x3e, 0x2e, 0xde, 0xfc, 0x78, 0xf3, 0x2a, 0xb0, 0x77, 0x72, 0xae, 0xac, 0x17, 0x2c, 0xb6, 0x7e, 0xcf, 0x4d, 0x21, 0xf8, 0xb4, 0x48, 0x42, 0x35, 0x27, 0xbb, 0xeb, 0x9d, 0x8d, 0xdd, 0x0b, 0x46, 0xbd, 0xb2, 0x7f, 0x74, 0x09, 0x6c, 0xeb, 0x24, 0xe4, 0x19, 0x63, 0xb4, 0xcd, 0xca, 0x17, 0x66, 0x76, 0xa7, 0x5b, 0xdb, 0xe3, 0xab, 0xc2, 0x70, 0xb3, 0x49, 0xac, 0x0c, 0x6c, 0xbd, 0x9c, 0x3a, 0x5c, 0xd5, 0xbc, 0xe2, 0x02, 0x02, 0xfc, 0x5c, 0xc0, 0xc1, 0xbd, 0xd4, 0xfd, 0x25, 0xe1, 0x21, 0xe0, 0xa2, 0x4b, 0xd7, 0xbb, 0xeb, 0x9b, 0x19, 0xb1, 0x91, 0x24, 0x67, 0xbf, 0x53, 0x38, 0xee, 0x2c, 0xe8, 0x8a, 0xa3, 0x83, 0xc0, 0x82, 0xb4, 0x2c, 0xc3, 0x99, 0xc9, 0x65, 0x4c, 0xa3, 0x25, 0xf3, 0x55, 0x23, 0xe8, 0x14, 0x38, 0xbe, 0xb3, 0xf8, 0x92, 0x6b, 0xe7, 0x9c, 0x37, 0x88, 0x22, 0xd7, 0xc8, 0xf7, 0x85, 0x61, 0x44, 0x08, 0xa5, 0xf7, 0xca, 0xc4, 0x9e, 0x45, 0x43, 0x18, 0x87, 0x25, 0x64, 0x3e, 0x6c, 0x1a, 0x70, 0xb4, 0x6d, 0x0e, 0xc4, 0x00), - // tag: vec!(0x58, 0x01, 0xe8, 0x41, 0x92, 0xc7, 0x26, 0x7f, 0x66, 0xb0, 0xe0, 0x46, 0x07, 0xa3, 0x9a, 0x3e) - // }, - // TestVector{ - // key: [0x6a, 0xe1, 0x10, 0x2f, 0x84, 0xed, 0x4d, 0xc1, 0x14, 0xbb, 0x9d, 0x63, 0xf4, 0xdc, 0x78, 0xd7, 0xdb, 0xb1, 0xab, 0x63, 0xf1, 0x65, 0x9d, 0xd9, 0x5f, 0x47, 0x94, 0x0a, 0x7b, 0x7a, 0x81, 0x1f], - // nonce: [0xc9, 0x65, 0xd5, 0x78, 0xba, 0x91, 0xd2, 0x27], - // plain_text: vec!(0xb8, 0x2a, 0x8a, 0x92, 0x09, 0x61, 0x8f, 0x1f, 0x5b, 0xe9, 0xc2, 0xc3, 0x2a, 0xba, 0x3d, 0xc4, 0x5b, 0x49, 0x47, 0x00, 0x7b, 0x14, 0xc8, 0x51, 0xcd, 0x69, 0x44, 0x56, 0xb3, 0x03, 0xad, 0x59, 0xa4, 0x65, 0x66, 0x28, 0x03, 0x00, 0x67, 0x05, 0x67, 0x3d, 0x6c, 0x3e, 0x29, 0xf1, 0xd3, 0x51, 0x0d, 0xfc, 0x04, 0x05, 0x46, 0x3c, 0x03, 0x41, 0x4e, 0x0e, 0x07, 0xe3, 0x59, 0xf1, 0xf1, 0x81, 0x6c, 0x68, 0xb2, 0x43, 0x4a, 0x19, 0xd3, 0xee, 0xe0, 0x46, 0x48, 0x73, 0xe2, 0x3c, 0x43, 0xf3, 0xab, 0x60, 0xa3, 0xf6, 0x06, 0xa0, 0xe5, 0xbe, 0x81, 0xe3, 0xab, 0x4a, 0xa2, 0x7f, 0xb7, 0x70, 0x7a, 0x57, 0xb9, 0x49, 0xf0, 0x0d, 0x6c, 0xd3, 0xa1, 0x1a, 0xe4, 0x82, 0x7d, 0x48, 0x89, 0xdd, 0x45, 0x5a, 0x0b, 0x6d, 0x39, 0xe9, 0x90, 0x12, 0xfd, 0x40, 0xdb, 0x23, 0xfb, 0x50, 0xe7, 0x9e, 0x11, 0xf8, 0xa6, 0x45, 0x16, 0x69, 0xbe, 0xb2, 0xfb, 0xd9, 0x13, 0xef, 0xfd, 0x49, 0xad, 0x1b, 0x43, 0x92, 0x63, 0x11, 0xf6, 0xe1, 0x3a, 0x6e, 0x7a, 0x09, 0xcf, 0x4b, 0xeb, 0xb1, 0xc0, 0xbf, 0x63, 0xce, 0x59, 0xcd, 0x5a, 0x08, 0xe4, 0xb8, 0xd8, 0xdb, 0xf9, 0xd0, 0x02, 0xe8, 0xa3, 0xd9, 0xe8, 0x0c, 0x79, 0x95, 0xbb, 0x0b, 0x48, 0x52, 0x80), - // aad: vec!(0xdf, 0xd4, 0xac, 0x3e, 0x80, 0xb2, 0x90, 0x46, 0x23, 0xff, 0x79, 0xea, 0x8e, 0xe8, 0x78, 0x62, 0x26, 0x89, 0x39, 0xde, 0xcf, 0x53, 0x06, 0xc0, 0x7a, 0x17, 0x5b, 0x6b, 0x9d, 0xa0, 0xeb, 0x13, 0xac, 0x20, 0x9b, 0x4d, 0x16, 0x47, 0x55, 0x92, 0x9e, 0x03, 0x24, 0x0a, 0x0f, 0xe2, 0x65, 0x99, 0xf1, 0x36, 0xfb, 0x2a, 0xfd, 0xff, 0xd1, 0x2b, 0xb2, 0x03, 0x54, 0xaa, 0x1d, 0x20, 0xe5, 0x79, 0x98, 0x39, 0xab, 0xb6, 0x8a, 0xe4, 0x6d, 0x50, 0xc8, 0x97, 0x4e, 0x13, 0xe3, 0x61, 0xd8, 0x7e, 0xf5, 0x50, 0xfe, 0x6d, 0x82, 0xe8, 0xb5, 0xb1, 0x72, 0xcf, 0x5c, 0xd0, 0x84, 0x82, 0xef, 0xde, 0xf7, 0x93, 0xed, 0xe3, 0x53, 0x0d, 0x24, 0x66, 0x7f, 0xaf, 0x3a, 0x1e, 0x96, 0x34, 0x88, 0x67, 0xc2, 0x94, 0x26, 0x41, 0xf4, 0xc0, 0x36, 0x98, 0x1b, 0x83, 0xf5, 0x02, 0x36, 0xb8, 0xe8, 0xa1, 0x0b, 0x83, 0xeb, 0xf6, 0x90, 0x9a, 0xad, 0x00, 0x76, 0x30, 0x2f, 0x10, 0x83, 0xf7, 0x2d, 0xe4, 0xcf, 0x4a, 0x1a, 0x31, 0x83, 0xfe, 0x6e, 0xc6, 0xbf, 0xe2, 0xe7, 0x3e, 0x2a, 0xf8, 0xe1, 0xe8, 0xc9, 0xd8, 0x50, 0x79, 0x08, 0x3f, 0xd1, 0x79, 0xcc, 0xc2, 0xee, 0x9f, 0xf0, 0x02, 0xf2, 0x13, 0xdb, 0xd7, 0x33, 0x30, 0x53, 0xa4, 0x6c, 0x5e, 0x43), - // cipher_text: vec!(0xa9, 0xae, 0xb8, 0xf0, 0xa2, 0xb3, 0xca, 0x14, 0x1a, 0xc7, 0x1a, 0x80, 0x8d, 0xcc, 0x0c, 0x97, 0x98, 0xac, 0x11, 0x7c, 0x5d, 0x2b, 0xd0, 0x9b, 0x3c, 0xfe, 0x62, 0x26, 0x93, 0xa9, 0xf8, 0xca, 0x62, 0xe8, 0x41, 0xb5, 0x8b, 0xdd, 0xb2, 0x04, 0x2f, 0x88, 0x8e, 0x30, 0x99, 0xb5, 0x36, 0x38, 0xb8, 0x8d, 0xfc, 0x93, 0x0b, 0x7a, 0x6e, 0xe4, 0x27, 0x2d, 0x77, 0xe4, 0xb1, 0xd7, 0xe4, 0x42, 0xba, 0xb6, 0xaf, 0xbd, 0xe9, 0x6a, 0xb0, 0xb4, 0x32, 0xf0, 0x09, 0x2d, 0x9c, 0xa5, 0x0e, 0xef, 0x42, 0xf6, 0x3c, 0x60, 0xc0, 0x9e, 0x7b, 0x8d, 0xe0, 0x19, 0xb3, 0x2e, 0xbe, 0x40, 0x30, 0xc3, 0x7b, 0x81, 0x83, 0xcc, 0x1e, 0x3b, 0x91, 0x3b, 0x0c, 0xe4, 0xee, 0x4d, 0x74, 0x43, 0x98, 0xfa, 0x03, 0xf9, 0xaf, 0x1c, 0x07, 0x0b, 0xed, 0x8c, 0xda, 0xfd, 0x65, 0xb3, 0xa8, 0x41, 0x40, 0xcb, 0x4d, 0xea, 0xdc, 0x70, 0x18, 0x4d, 0xe7, 0x57, 0x33, 0x2c, 0xe3, 0x78, 0x0a, 0xf8, 0x43, 0x53, 0xf5, 0x40, 0x75, 0x52, 0x27, 0xe8, 0x86, 0xa8, 0xd7, 0xad, 0x98, 0x0f, 0x3d, 0xd6, 0xfd, 0x68, 0x26, 0x3d, 0x82, 0xe9, 0x3f, 0x88, 0x33, 0x81, 0xde, 0xc8, 0x88, 0xbc, 0x9f, 0x4f, 0x48, 0x34, 0x9a, 0xa2, 0xb4, 0xc3, 0x42, 0xcb, 0x9f, 0x48, 0xc6), - // tag: vec!(0xf2, 0x6b, 0x3a, 0xf8, 0xa4, 0x5c, 0x41, 0x62, 0x91, 0xce, 0x66, 0x33, 0x07, 0x33, 0xb2, 0xf8) - // }, - // TestVector{ - // key: [0x40, 0x5b, 0xb7, 0xb9, 0x47, 0x15, 0xb8, 0x75, 0xdf, 0x06, 0x86, 0x55, 0xf0, 0x05, 0x13, 0xcb, 0x1a, 0xe2, 0x3f, 0xfa, 0xac, 0x97, 0x7c, 0xe2, 0x73, 0xe5, 0x7d, 0x3f, 0x83, 0xb4, 0x36, 0x63], - // nonce: [0x5c, 0x6d, 0xa1, 0x25, 0x94, 0x51, 0x11, 0x9a], - // plain_text: vec!(0xf9, 0xf1, 0x43, 0xc0, 0xc5, 0x2c, 0x94, 0xb4, 0xba, 0x7b, 0x06, 0x08, 0xb1, 0x44, 0x15, 0x6a, 0x49, 0xe7, 0xb5, 0xd2, 0x7c, 0x97, 0x31, 0x57, 0x43, 0xd1, 0x71, 0x91, 0x1e, 0x36, 0x45, 0xab, 0x79, 0x57, 0xc8, 0x09, 0x24, 0xe3, 0xc6, 0xb9, 0xc2, 0x2a, 0xb7, 0xa1, 0xca, 0xc4, 0xb7, 0xe9, 0xc0, 0xde, 0x84, 0xe4, 0x9f, 0xd5, 0xe4, 0xa2, 0xd1, 0xab, 0x51, 0xd7, 0x64, 0xfc, 0x56, 0x70, 0x31, 0x86, 0x88, 0xec, 0x94, 0x2f, 0x7a, 0xb3, 0x4c, 0x33, 0x1d, 0xce, 0x8f, 0x90, 0xfe, 0xa6, 0x97, 0x2e, 0x07, 0xf0, 0xda, 0xde, 0xc2, 0x9d, 0x8e, 0xb3, 0xb7, 0xb6, 0x52, 0x1d, 0xdd, 0x67, 0x8a, 0x65, 0x27, 0xa9, 0x62, 0xf4, 0xd8, 0xaf, 0x78, 0xc0, 0x77, 0xe2, 0x7f, 0x7a, 0x0b, 0x2e, 0xf7, 0xea, 0xbd, 0x19, 0xe9, 0x2b, 0x7f, 0x8c, 0x1e, 0x8f, 0xb1, 0x66, 0xd4, 0x76, 0x3c, 0xe9, 0xc4, 0x0c, 0x88, 0x8c, 0xf4, 0x9a, 0xa9, 0xcd, 0xfc, 0x3e, 0x99, 0x7c, 0x8f, 0xe1, 0xcc, 0xe3, 0xfe, 0x80, 0x24, 0x41, 0xbb, 0xd6, 0x98, 0xde, 0x26, 0x9f, 0xf3, 0x16, 0xf3, 0x1c, 0x19, 0x6e, 0x62, 0xd1, 0x2c, 0x6b, 0xb5, 0xcd, 0x93, 0xfb, 0x3c, 0x79, 0xca, 0x63, 0x69, 0xf8, 0xc1, 0xac, 0x91, 0x02, 0xda, 0xf8, 0x18, 0x97, 0x5e, 0xa7, 0xf5, 0x13, 0xbb, 0x38, 0x57, 0x6a), - // aad: vec!(0x6f, 0xe6, 0x44, 0x65, 0x05, 0x67, 0x7b, 0xf0, 0x8b, 0x38, 0x5e, 0x2f, 0x6d, 0x83, 0xef, 0x70, 0xe1, 0x54, 0x77, 0x12, 0x20, 0x8d, 0x9c, 0xeb, 0xc0, 0x10, 0xcb, 0xa8, 0xc1, 0x6e, 0xa4, 0xec, 0xe0, 0x58, 0xd7, 0x3c, 0x72, 0x27, 0x3e, 0xed, 0x65, 0x0a, 0xfd, 0xc9, 0xf9, 0x54, 0xf3, 0x5a, 0xa1, 0xbd, 0xf9, 0x0f, 0x11, 0x18, 0xb1, 0x17, 0x33, 0x68, 0xac, 0xbc, 0x8d, 0x38, 0xd9, 0x3e, 0xbf, 0x85, 0xbd, 0x30, 0xd6, 0xdc, 0x6d, 0x1b, 0x90, 0x91, 0x37, 0x90, 0xc3, 0xef, 0xa5, 0x5f, 0x34, 0xd3, 0x15, 0x31, 0xf7, 0x0c, 0x95, 0x87, 0x59, 0xb2, 0xba, 0x6f, 0x95, 0x6c, 0x6f, 0xcd, 0xd2, 0x89, 0xb5, 0x8c, 0xb4, 0xc2, 0x6e, 0x95, 0x15, 0xbf, 0x55, 0x0f, 0x0f, 0xd7, 0x1a, 0xb8, 0x52, 0x7f, 0x06, 0x2c, 0x95, 0x05, 0xcb, 0xb1, 0x6e, 0x8e, 0x03, 0x7d, 0x34, 0xde, 0x17, 0x56, 0xbe, 0xf0, 0x2a, 0x13, 0x3d, 0xbf, 0x4a, 0x9c, 0x00, 0xac, 0x03, 0xbe, 0xfc, 0x3f, 0xb7, 0xf1, 0x37, 0xaf, 0x04, 0xe1, 0x25, 0x95, 0xce, 0x95, 0x60, 0xf9, 0x8b, 0x61, 0x24, 0x80, 0xfc, 0xdb, 0xa3, 0xb8, 0xbe, 0x01, 0xdb, 0x56, 0xeb, 0xec, 0x40, 0xf9, 0xde, 0xae, 0x53, 0x2c, 0x3b, 0x03, 0x70, 0xb5, 0xc2, 0x3a, 0x2a, 0x6b, 0x02, 0xa4, 0xde, 0x69, 0xef, 0xa8, 0x90, 0x0c), - // cipher_text: vec!(0x1a, 0x4b, 0x07, 0x38, 0x81, 0x92, 0x2c, 0x63, 0x66, 0x68, 0x0c, 0xc9, 0xc2, 0xa1, 0x27, 0xb2, 0x6f, 0x26, 0x41, 0x48, 0x65, 0x1b, 0x29, 0xab, 0xb0, 0xc3, 0x88, 0xcf, 0x6c, 0x9b, 0x18, 0x65, 0xdb, 0xa5, 0xa9, 0x91, 0xe1, 0xf8, 0x30, 0x9e, 0xfb, 0xdb, 0x91, 0xbc, 0xe4, 0x4b, 0x27, 0x87, 0x72, 0xc5, 0x8f, 0xd4, 0x12, 0x73, 0x52, 0x6c, 0x33, 0xfe, 0xc8, 0x4b, 0xeb, 0x53, 0xd1, 0x68, 0x9b, 0x9d, 0xa8, 0x48, 0x3f, 0x71, 0xbe, 0x6d, 0xb7, 0x3a, 0x73, 0x41, 0x70, 0x69, 0xbb, 0x4c, 0xd3, 0xf1, 0x95, 0x23, 0x6e, 0x8d, 0x0a, 0x00, 0xd1, 0x24, 0xee, 0xd3, 0xa6, 0xb6, 0xf8, 0x94, 0x15, 0xb1, 0x9a, 0x27, 0xfb, 0xe3, 0x57, 0x74, 0xf6, 0xa1, 0xa6, 0xee, 0x4b, 0xd4, 0x35, 0x0b, 0x25, 0x2b, 0x97, 0x5f, 0x0d, 0xb2, 0xd2, 0xee, 0xa8, 0x2f, 0x48, 0x36, 0x35, 0x08, 0x50, 0xd6, 0x29, 0x09, 0x01, 0xe7, 0x26, 0xe8, 0xaf, 0x13, 0x64, 0x4e, 0x2d, 0x98, 0xbc, 0x1d, 0x56, 0x9c, 0x20, 0x80, 0x05, 0x21, 0xe6, 0xaf, 0xfe, 0x97, 0x6b, 0xd4, 0x07, 0x04, 0x9a, 0x2e, 0x6d, 0x9d, 0xd2, 0x3f, 0x88, 0xd5, 0x2e, 0x65, 0x13, 0x91, 0xec, 0xd2, 0xfc, 0x45, 0xb8, 0x64, 0x31, 0x08, 0x24, 0xaa, 0xad, 0xfa, 0x20, 0x37, 0x62, 0xa7, 0x7c, 0x1d, 0x64, 0x56, 0x2d, 0xae), - // tag: vec!(0x00, 0x60, 0x02, 0x6d, 0x3e, 0xfc, 0x12, 0x0f, 0x11, 0xc0, 0x73, 0x99, 0x59, 0xae, 0x00, 0x66) - // }, - // TestVector{ - // key: [0x8c, 0x60, 0x2b, 0xd9, 0x4c, 0x63, 0x0c, 0xd0, 0x0c, 0x7a, 0x9c, 0x50, 0x80, 0x67, 0xa5, 0xa9, 0xf1, 0x33, 0xd1, 0x2f, 0x06, 0xd9, 0xf6, 0xfe, 0x2a, 0x7b, 0x68, 0xdc, 0xe4, 0x78, 0x6d, 0x8a], - // nonce: [0x76, 0x0d, 0xe0, 0xf7, 0xb7, 0xcb, 0x67, 0xe2], - // plain_text: vec!(0xc3, 0xff, 0x55, 0x9c, 0xf1, 0xd6, 0xba, 0x6c, 0x0c, 0xc7, 0x93, 0xca, 0x09, 0xa0, 0xba, 0x57, 0x3a, 0x28, 0x35, 0x93, 0x86, 0xa6, 0xec, 0x93, 0xe1, 0xba, 0xcd, 0x8e, 0x63, 0x02, 0x09, 0xe0, 0xb4, 0x77, 0xa2, 0x0a, 0xed, 0xec, 0x3c, 0x9c, 0xbf, 0x51, 0x3e, 0xe6, 0xa1, 0xe3, 0x88, 0x71, 0x12, 0x21, 0x8d, 0x61, 0x55, 0xb9, 0x87, 0x5f, 0x7e, 0x6c, 0x4b, 0xbb, 0xa2, 0xc3, 0x19, 0x72, 0xe9, 0x05, 0xd1, 0x9f, 0x52, 0x9f, 0x4f, 0x0f, 0x95, 0x02, 0x99, 0x61, 0x99, 0xf9, 0x4f, 0x87, 0x28, 0xba, 0x8d, 0x64, 0x24, 0xbb, 0x15, 0xf8, 0x7f, 0xca, 0xcd, 0x88, 0xbb, 0x42, 0xc6, 0x3f, 0xcc, 0x51, 0x37, 0x59, 0x71, 0x2b, 0xd0, 0x17, 0x2b, 0x1e, 0x87, 0xc9, 0xda, 0x12, 0x2f, 0x19, 0x93, 0xff, 0xb7, 0xef, 0xd3, 0xa5, 0xc3, 0x4b, 0x24, 0x0d, 0xd3, 0xdb, 0x89, 0xdd, 0xde, 0xa3, 0x6d, 0xbe, 0xb2, 0x83, 0x6d, 0x9f, 0x86, 0x48, 0xf8, 0xe7, 0xcd, 0x42, 0x8c, 0x0f, 0x94, 0x80, 0x97, 0xaf, 0x75, 0x3b, 0x35, 0xf9, 0x87, 0x60, 0x59, 0xe7, 0x70, 0x20, 0x27, 0xbb, 0x00, 0xdc, 0x69, 0x07, 0x12, 0x06, 0xe7, 0x85, 0xf4, 0x8f, 0xcb, 0xf8, 0x1b, 0x39, 0xcc, 0x03, 0x43, 0x97, 0x4a, 0xc7, 0x07, 0x84, 0xa2, 0xe6, 0x0c, 0x0d, 0xf9, 0x3b, 0x40, 0x37, 0x9b, 0xea, 0x4a, 0xd8, 0xca, 0xc6, 0x25), - // aad: vec!(0x9e, 0x14, 0x90, 0x7c, 0x3a, 0x8e, 0x96, 0xc2, 0x63, 0x6d, 0xb1, 0xf3, 0xd7, 0x8e, 0xb1, 0xf6, 0x73, 0xd6, 0xef, 0x04, 0x3c, 0xbb, 0xb3, 0x49, 0x46, 0x7f, 0x1f, 0xe2, 0x9b, 0xf6, 0x0f, 0x23, 0xd5, 0xd5, 0xd1, 0xc3, 0xb1, 0x33, 0xa8, 0xad, 0x72, 0x06, 0x5d, 0x82, 0x23, 0x47, 0x54, 0x1c, 0x13, 0xd1, 0x57, 0x4b, 0xaf, 0x73, 0x7e, 0xb3, 0xcc, 0x33, 0x82, 0xfb, 0x47, 0x9e, 0x6d, 0x51, 0x93, 0xb9, 0xc8, 0xe7, 0xd2, 0x44, 0x4c, 0x66, 0x97, 0x1e, 0xf0, 0x99, 0xdc, 0x7f, 0x37, 0xf6, 0xcd, 0x97, 0xb9, 0xf7, 0x95, 0x9d, 0x46, 0xe2, 0xcf, 0x25, 0xe8, 0xa5, 0xb3, 0x11, 0x1b, 0x4d, 0x9e, 0x2e, 0xf9, 0x06, 0xd9, 0x05, 0xf0, 0xee, 0x2d, 0x17, 0x58, 0x7f, 0x70, 0x82, 0xd7, 0xc8, 0xe9, 0xa5, 0x15, 0x09, 0xbd, 0xe0, 0x3d, 0x3d, 0x64, 0x33, 0x8e, 0x18, 0x38, 0xd7, 0x17, 0x00, 0xf1, 0xb4, 0xfc, 0xb1, 0x00, 0xb5, 0xe0, 0x40, 0x29, 0x69, 0xda, 0x46, 0x2f, 0x26, 0xf9, 0x74, 0xb4, 0xf9, 0xe7, 0x66, 0x12, 0x1f, 0x8f, 0xd5, 0x4b, 0xe9, 0x9f, 0xc1, 0x0b, 0xeb, 0x9a, 0x60, 0x6e, 0x13, 0xfb, 0xb1, 0xf9, 0x60, 0x06, 0x28, 0x15, 0xd1, 0x9e, 0x67, 0xf8, 0x00, 0x93, 0x36, 0x03, 0x24, 0x01, 0x30, 0x95, 0x71, 0x92, 0x73, 0xc6, 0x55, 0x42, 0xb0, 0xe3, 0x1b, 0x1a, 0x2a, 0x3d, 0x92, 0x8f), - // cipher_text: vec!(0x27, 0x94, 0xe6, 0xe1, 0x33, 0xf6, 0x89, 0x2f, 0x23, 0x83, 0x7f, 0xff, 0x60, 0xcf, 0x7c, 0x28, 0xee, 0x99, 0x42, 0xf8, 0x98, 0x2e, 0xf8, 0x08, 0x9d, 0xb1, 0x17, 0x90, 0x3d, 0x01, 0x43, 0x29, 0x3f, 0xdf, 0x12, 0xea, 0x1c, 0xc0, 0x14, 0xbc, 0xd8, 0x80, 0x6f, 0xb8, 0x3c, 0x19, 0x57, 0x0e, 0xed, 0x7a, 0xf5, 0x22, 0xdb, 0x0d, 0xe4, 0x89, 0xbb, 0xc8, 0x71, 0x33, 0xa1, 0x34, 0x34, 0x51, 0x8b, 0xcf, 0xb9, 0xcd, 0xa4, 0xd9, 0xf6, 0xd8, 0x32, 0xa6, 0x92, 0x09, 0x65, 0x7a, 0x44, 0x7a, 0xbf, 0x8a, 0xfd, 0x81, 0x6a, 0xe1, 0x5f, 0x31, 0x3c, 0x7e, 0xa9, 0x5e, 0xc4, 0xbc, 0x69, 0x4e, 0xfc, 0x23, 0x86, 0xcd, 0xd8, 0xd9, 0x15, 0xdc, 0x47, 0x5e, 0x8f, 0xad, 0xf3, 0x42, 0x1f, 0xbb, 0x03, 0x19, 0xa3, 0xc0, 0xb3, 0xb6, 0xdf, 0xa8, 0x0c, 0xa3, 0xbb, 0x22, 0xc7, 0xaa, 0xb0, 0x7f, 0xe1, 0x4a, 0x3f, 0xea, 0x5f, 0x0a, 0xee, 0x17, 0xab, 0x13, 0x02, 0x33, 0x8e, 0xea, 0xc0, 0x10, 0xa0, 0x4e, 0x50, 0x5e, 0x20, 0x09, 0x6a, 0x95, 0xf3, 0x34, 0x7d, 0xc2, 0xb4, 0x51, 0x0f, 0x62, 0xd6, 0xa4, 0xc1, 0xfa, 0xe6, 0xb3, 0x69, 0x39, 0x50, 0x3a, 0x6a, 0xc2, 0x27, 0x80, 0xa6, 0x2d, 0x72, 0xf2, 0xfc, 0x38, 0x49, 0xd4, 0xef, 0x21, 0x26, 0x7f, 0xff, 0xde, 0xf2, 0x31, 0x96, 0xd8, 0x8f, 0xbb, 0x9b), - // tag: vec!(0x45, 0x7c, 0xce, 0x6e, 0x07, 0x5f, 0xfd, 0xb1, 0x80, 0x76, 0x5a, 0xb2, 0xe1, 0x05, 0xc7, 0x07) - // }, - // TestVector{ - // key: [0xbd, 0x68, 0xff, 0x5e, 0xb2, 0x96, 0xc7, 0x1c, 0xfe, 0x6b, 0xc9, 0x03, 0xc1, 0x49, 0x07, 0xf7, 0x72, 0x6b, 0xcb, 0x13, 0x31, 0xf0, 0xc7, 0x5f, 0x78, 0x01, 0xcd, 0x1b, 0x79, 0x48, 0xf3, 0xa1], - // nonce: [0x65, 0xa7, 0x48, 0x00, 0x4b, 0x35, 0x2b, 0xa6], - // plain_text: vec!(0x52, 0xbf, 0x78, 0xc0, 0x0f, 0x6e, 0x5d, 0xca, 0x2f, 0xc6, 0x0e, 0x2e, 0x9a, 0x52, 0xe8, 0x27, 0xdf, 0x97, 0x80, 0x8e, 0x9c, 0xf7, 0x27, 0x77, 0x38, 0x60, 0xca, 0xfc, 0x89, 0xf4, 0xb6, 0x41, 0x78, 0xa1, 0x9b, 0x30, 0xb4, 0x6e, 0xd8, 0x13, 0xfe, 0x00, 0xc8, 0xf0, 0x9b, 0x25, 0xa6, 0xa1, 0xb6, 0xe3, 0x50, 0xd5, 0xb0, 0x05, 0x12, 0x29, 0x34, 0xa5, 0x9b, 0xfb, 0xd5, 0xe6, 0xe0, 0xc6, 0x35, 0xc8, 0x4a, 0x52, 0x26, 0xc3, 0xf2, 0xf7, 0xdc, 0xf9, 0x51, 0x56, 0x0f, 0x18, 0xac, 0x22, 0x04, 0x53, 0xd5, 0x83, 0x01, 0x5f, 0xdb, 0x2e, 0x44, 0x6c, 0x69, 0xc6, 0xe6, 0xfd, 0xec, 0xf2, 0xe5, 0x95, 0xe0, 0x4f, 0xab, 0x1b, 0x0c, 0x50, 0x6e, 0x3c, 0x6b, 0xd5, 0xe4, 0x41, 0x4a, 0x35, 0xf1, 0x50, 0x21, 0xe9, 0x7f, 0x44, 0x7a, 0xa3, 0x34, 0xf5, 0x4a, 0x8f, 0x1e, 0xf9, 0x42, 0xde, 0xc6, 0x27, 0x35, 0x11, 0xb5, 0x66, 0x8b, 0x69, 0x6f, 0xca, 0x97, 0x18, 0x8f, 0xf1, 0x5e, 0xd8, 0x4b, 0x2f, 0x46, 0x14, 0x5c, 0xce, 0x03, 0x1c, 0x1a, 0x7f, 0x00, 0xbd, 0x88, 0xbb, 0x83, 0xd9, 0x07, 0x97, 0xed, 0xc4, 0x61, 0x61, 0xb3, 0xfd, 0xa7, 0xa2, 0x29, 0x91, 0x73, 0x49, 0x6d, 0x73, 0xb8, 0x12, 0x13, 0x95, 0x56, 0xe8, 0xb4, 0xeb, 0x31, 0x80, 0x78, 0xb9, 0xeb, 0x2a, 0xe5, 0x04, 0x6e, 0x83, 0xb7, 0x9d, 0xd3, 0xd4, 0x59, 0x50), - // aad: vec!(0x55, 0x57, 0xb0, 0x8a, 0x50, 0x10, 0xcb, 0xc9, 0xf4, 0x6b, 0xb1, 0x40, 0xc2, 0x50, 0x5f, 0x68, 0x68, 0x4e, 0xb2, 0x48, 0x89, 0x32, 0x4b, 0xff, 0x44, 0xb2, 0x72, 0x34, 0xfd, 0x7a, 0x95, 0xa9, 0x9c, 0xfb, 0x4f, 0xf9, 0x0a, 0x8f, 0x99, 0x82, 0x08, 0x5b, 0x72, 0x5f, 0x78, 0xac, 0x42, 0xec, 0xa6, 0xce, 0x7f, 0x33, 0x14, 0xe4, 0x57, 0xdc, 0x41, 0xf4, 0x04, 0x00, 0x86, 0x81, 0xa9, 0xd2, 0x9b, 0xa7, 0x65, 0x66, 0x0d, 0xe2, 0xe0, 0x5b, 0xb6, 0x79, 0xd6, 0x5b, 0x81, 0xf5, 0xe7, 0x97, 0xd8, 0x41, 0x7b, 0x94, 0xeb, 0x9a, 0xab, 0xbd, 0x05, 0x76, 0xb5, 0xc5, 0x7f, 0x86, 0xea, 0xe2, 0x5f, 0x60, 0x50, 0xa7, 0x91, 0x8e, 0x4c, 0x80, 0x21, 0xa8, 0x5b, 0x47, 0xf7, 0xa8, 0x3b, 0x4c, 0x84, 0x46, 0x89, 0x84, 0x41, 0xc5, 0xcc, 0x4e, 0x02, 0x29, 0x77, 0x6e, 0xf3, 0xe8, 0x09, 0xcb, 0x08, 0x5d, 0x71, 0xf3, 0xc7, 0x5e, 0xc0, 0x33, 0x78, 0x73, 0x0c, 0xb0, 0x66, 0x15, 0x0f, 0x07, 0xe6, 0x0f, 0x96, 0xae, 0xc9, 0x83, 0xc0, 0xe7, 0xe7, 0x2b, 0xf6, 0xbf, 0x87, 0xae, 0x42, 0x22, 0x8d, 0xfd, 0xa1, 0x95, 0xf9, 0x78, 0x55, 0xfc, 0xdf, 0x4e, 0x6d, 0x1c, 0x44, 0x79, 0xd9, 0x78, 0xab, 0xcf, 0xa2, 0x76, 0xd1, 0x6e, 0xd6, 0x0e, 0xcb, 0xfb, 0xfc, 0x66, 0x40, 0x41, 0x33, 0x5c, 0xe6, 0x5a, 0x40, 0xa2, 0xca, 0x34, 0x24, 0xdf), - // cipher_text: vec!(0xa5, 0xc8, 0xcf, 0x42, 0x28, 0x7d, 0x47, 0x60, 0xfc, 0xa7, 0x55, 0xe2, 0x11, 0x18, 0x17, 0xb9, 0x81, 0xc4, 0x7e, 0x85, 0xb0, 0x04, 0x7d, 0xe2, 0x70, 0xec, 0x30, 0x1c, 0xa5, 0xf7, 0xb3, 0x67, 0x9f, 0x47, 0x49, 0x21, 0x08, 0x92, 0xb6, 0xea, 0x65, 0x68, 0xf3, 0xa6, 0xa4, 0x34, 0x47, 0x34, 0xa0, 0xef, 0xc0, 0x12, 0x0f, 0xfe, 0xde, 0xcf, 0x21, 0x2d, 0x55, 0xcb, 0xcb, 0xb6, 0x78, 0x15, 0xac, 0x96, 0x48, 0x75, 0xaf, 0x45, 0xf7, 0x35, 0xb7, 0x00, 0x92, 0xa8, 0xf8, 0x43, 0x5f, 0x52, 0xfc, 0x01, 0xb9, 0x81, 0xae, 0x97, 0x1d, 0x48, 0x60, 0x26, 0xfb, 0x69, 0xa9, 0xc3, 0x92, 0x7a, 0xcf, 0xe1, 0xf2, 0xea, 0xb0, 0x34, 0x0a, 0xe9, 0x5f, 0x8d, 0xbe, 0xe4, 0x1b, 0x25, 0x48, 0xe4, 0x00, 0x80, 0x5e, 0xce, 0x19, 0x1d, 0xb5, 0xfd, 0x1f, 0x08, 0x04, 0x05, 0x3f, 0x1d, 0xbf, 0xaf, 0x7f, 0x8d, 0x6f, 0xde, 0xd3, 0x87, 0x4c, 0xb9, 0x2d, 0x99, 0xa2, 0x72, 0x9d, 0x3f, 0xaa, 0xa6, 0x05, 0x22, 0x06, 0x0c, 0xf0, 0xb8, 0x10, 0x1b, 0x46, 0x3b, 0x3e, 0xb3, 0x5b, 0x38, 0x0f, 0xcd, 0xdb, 0x64, 0x06, 0xc0, 0x27, 0xd7, 0x3f, 0xe7, 0x01, 0xa5, 0x09, 0x0c, 0x8d, 0xd5, 0x31, 0xc2, 0x03, 0xce, 0x97, 0x9e, 0x26, 0xb9, 0xce, 0xd3, 0x43, 0x1e, 0x2b, 0x72, 0x6a, 0x72, 0x44, 0xa2, 0x0d, 0x93, 0x77, 0xbd, 0x62, 0x95, 0x1b, 0xf5), - // tag: vec!(0x45, 0x79, 0xfa, 0x1f, 0xdb, 0x4c, 0x67, 0x4c, 0xc3, 0xcd, 0x23, 0x2b, 0x8d, 0xa5, 0x2a, 0x97) - // }, - // TestVector{ - // key: [0x93, 0x4f, 0xd0, 0x43, 0xc3, 0x2d, 0x16, 0xa8, 0x8f, 0xad, 0x01, 0xc3, 0x50, 0x64, 0x69, 0xb0, 0x77, 0xcb, 0x79, 0xd2, 0x58, 0xb5, 0x66, 0x4f, 0xa5, 0x5a, 0xd8, 0x52, 0x1a, 0xfd, 0xca, 0xa2], - // nonce: [0xc7, 0x09, 0x1f, 0x6a, 0xfb, 0xbe, 0xb3, 0x60], - // plain_text: vec!(0x2b, 0xdd, 0x1f, 0xc4, 0xf0, 0x11, 0xef, 0x97, 0xea, 0x52, 0xec, 0x64, 0x38, 0x19, 0x94, 0x1c, 0x7e, 0x0f, 0xb3, 0x90, 0x23, 0xc2, 0xf3, 0xc7, 0x68, 0x38, 0x04, 0xa0, 0xdd, 0xee, 0x14, 0xa5, 0xd1, 0x78, 0x4a, 0x52, 0x46, 0x96, 0x6d, 0x53, 0x3b, 0x35, 0x38, 0xed, 0xc7, 0xd8, 0x74, 0x2d, 0x27, 0x06, 0x1c, 0x3c, 0xab, 0x88, 0xdf, 0x03, 0x18, 0xab, 0x24, 0x21, 0x02, 0xde, 0x3a, 0x54, 0xd0, 0x36, 0x32, 0xee, 0xb8, 0x71, 0xb7, 0x2c, 0x7e, 0x8f, 0x80, 0x65, 0xb4, 0x9f, 0x4a, 0x91, 0xe9, 0x5e, 0x15, 0xf3, 0xf4, 0x6b, 0x29, 0xfd, 0x76, 0xb8, 0xfc, 0xea, 0x0d, 0x23, 0x57, 0x0c, 0x55, 0x30, 0xe3, 0xbb, 0xb8, 0xa6, 0xaa, 0xfa, 0x9a, 0xe3, 0x2c, 0x1b, 0x3e, 0xac, 0x65, 0x3c, 0x5e, 0xd5, 0xfd, 0xb2, 0xda, 0x5a, 0x98, 0x60, 0x75, 0x80, 0x8f, 0x63, 0x85, 0x87, 0x0c, 0x85, 0xb1, 0x91, 0x3e, 0x26, 0x04, 0x2a, 0x9d, 0x8e, 0x78, 0xf5, 0xbc, 0x2e, 0xa6, 0xde, 0x5a, 0x64, 0xf8, 0xae, 0xaf, 0xa2, 0x2a, 0xdc, 0xff, 0xc7, 0xf6, 0x93, 0x2d, 0x54, 0x3c, 0x29, 0xbb, 0x3a, 0x04, 0x61, 0x47, 0x83, 0xf9, 0x48, 0x68, 0x0e, 0x43, 0x3a, 0x71, 0x57, 0x35, 0x68, 0xd2, 0xce, 0x98, 0x4d, 0x24, 0x9f, 0xb4, 0xfc, 0x06, 0xa9, 0xf3, 0x58, 0xc7, 0x6a, 0xa3, 0xe6, 0x4a, 0x35, 0x7f, 0x4e, 0xae, 0x92, 0x4c, 0x13, 0x56, 0xbd, 0x5b, 0xac, 0xcf, 0x7e, 0x0f), - // aad: vec!(0xf7, 0x37, 0xdd, 0x85, 0x63, 0x8e, 0xb3, 0x24, 0xdd, 0x38, 0x91, 0x21, 0x9c, 0x5e, 0xef, 0x7c, 0x2d, 0xd0, 0x53, 0xcf, 0xd0, 0x55, 0xd4, 0x47, 0xa4, 0x11, 0xeb, 0xa3, 0x04, 0xa4, 0xb2, 0x7d, 0xce, 0x98, 0x1d, 0x11, 0x2c, 0x45, 0x40, 0x59, 0x09, 0x33, 0xc1, 0x53, 0xd6, 0x03, 0x02, 0x2c, 0x91, 0xeb, 0xd2, 0xb4, 0xa5, 0x80, 0x69, 0xd2, 0x7e, 0x6c, 0xa1, 0x7a, 0x46, 0x2e, 0xf8, 0x22, 0xca, 0x41, 0xbf, 0xfa, 0x80, 0xb4, 0x3a, 0x68, 0xb1, 0xb5, 0x64, 0x64, 0x4c, 0xb3, 0xc5, 0xa7, 0xf0, 0xfd, 0xdf, 0x7a, 0x13, 0xa3, 0x0f, 0xf2, 0x44, 0x37, 0xfd, 0xdd, 0x8e, 0xf9, 0x3c, 0x6f, 0x6f, 0x20, 0x5d, 0x05, 0x4f, 0x81, 0x89, 0x0d, 0x98, 0x2b, 0xd4, 0xd4, 0xec, 0xe0, 0xb1, 0x56, 0x36, 0x77, 0xe8, 0x43, 0xfe, 0x48, 0xc1, 0xf5, 0x4e, 0x9a, 0x57, 0xed, 0x4d, 0xa6, 0x60, 0x61, 0x48, 0x27, 0x12, 0xe7, 0x10, 0xa4, 0x01, 0x07, 0x3b, 0xe5, 0x08, 0x0d, 0x5b, 0x8b, 0x96, 0x52, 0x5b, 0xff, 0xa6, 0x7d, 0xe5, 0xaf, 0x31, 0xd5, 0x03, 0x85, 0xfb, 0xbf, 0x1a, 0x87, 0xc2, 0x1b, 0xf0, 0xe0, 0xa1, 0xfd, 0xff, 0x69, 0xec, 0x32, 0xc7, 0xb7, 0x10, 0x3e, 0x0b, 0x8e, 0xe6, 0xc8, 0x44, 0x24, 0x5e, 0x0f, 0xc8, 0x4b, 0x9f, 0x89, 0xfc, 0xce, 0x62, 0x96, 0x6c, 0xea, 0x68, 0xe2, 0x87, 0x1d, 0x3b, 0x82, 0xe8, 0xdf, 0x42, 0x4c, 0x76, 0x30, 0x9f, 0xc8, 0x8d), - // cipher_text: vec!(0xdd, 0x13, 0xfb, 0xf2, 0x2c, 0x8d, 0x18, 0x35, 0x4d, 0x77, 0x4b, 0xcd, 0x18, 0xf7, 0xeb, 0x81, 0x4e, 0x9b, 0x52, 0x8e, 0x9e, 0x42, 0x4a, 0xbc, 0x4e, 0x3f, 0x24, 0x63, 0x19, 0x5e, 0x80, 0x18, 0x57, 0x65, 0x65, 0xd1, 0x6a, 0xb4, 0x88, 0x45, 0xd1, 0x1c, 0x92, 0x77, 0xf2, 0x86, 0x5e, 0xbb, 0x4d, 0xc4, 0x12, 0xfd, 0x5b, 0x27, 0x07, 0x8f, 0x83, 0x25, 0xea, 0xdf, 0x97, 0x1e, 0x69, 0x44, 0xc6, 0x65, 0x42, 0xe3, 0x4d, 0x9d, 0xda, 0x97, 0x1e, 0x2a, 0xba, 0x70, 0xdb, 0xd3, 0xe9, 0x4a, 0x1e, 0x63, 0x8d, 0x52, 0x14, 0x77, 0xa0, 0x27, 0x77, 0x6b, 0x52, 0xac, 0xf9, 0x05, 0x20, 0xca, 0x22, 0x9e, 0xbc, 0x76, 0x0b, 0x73, 0x12, 0x88, 0x79, 0x47, 0x5d, 0x1c, 0xbe, 0x1f, 0x70, 0xfc, 0x59, 0x8b, 0x54, 0x9c, 0xd9, 0x2d, 0x8a, 0x9a, 0xc6, 0x83, 0x3e, 0x50, 0x0c, 0x13, 0x8c, 0x56, 0x47, 0x4d, 0xb8, 0x4c, 0xb3, 0xd7, 0x0b, 0x7a, 0xa4, 0xf2, 0x93, 0xa4, 0xc2, 0xb4, 0xd8, 0x18, 0xb0, 0xff, 0x9f, 0xd8, 0x59, 0x18, 0xdc, 0x59, 0x0a, 0x12, 0xa8, 0xc0, 0xe3, 0x75, 0xc4, 0xd9, 0x8b, 0x7f, 0xc8, 0x75, 0x96, 0x54, 0x7e, 0xb9, 0x60, 0x67, 0x6a, 0xad, 0x55, 0x59, 0x83, 0x45, 0x88, 0xf0, 0x0f, 0x25, 0x1a, 0x9d, 0x53, 0xf9, 0x5c, 0x47, 0xaf, 0x4d, 0xf3, 0xc4, 0x29, 0x91, 0x75, 0xd5, 0x21, 0x17, 0x79, 0xc1, 0x48, 0xcf, 0xc9, 0x88, 0xa5, 0xe9, 0xd9), - // tag: vec!(0x47, 0x66, 0x16, 0xea, 0x15, 0x19, 0x0c, 0x10, 0x93, 0xfd, 0xc4, 0xa0, 0x87, 0x64, 0x3c, 0xae) - // }, - // TestVector{ - // key: [0xf9, 0xf6, 0xeb, 0x9a, 0xd7, 0x36, 0xa8, 0xf6, 0x6e, 0x74, 0x59, 0xfe, 0xf5, 0xec, 0x28, 0x90, 0x18, 0x8d, 0xc2, 0x6b, 0xaf, 0x34, 0xa9, 0x5f, 0x6f, 0x03, 0x84, 0xe7, 0x9f, 0x5c, 0x65, 0x59], - // nonce: [0x78, 0x58, 0xdf, 0xc0, 0x84, 0xfe, 0x4b, 0x0f], - // plain_text: vec!(0xa6, 0x44, 0xca, 0x6e, 0x7c, 0xc0, 0x76, 0xe8, 0x7e, 0xb2, 0x92, 0x9f, 0xd2, 0x57, 0x69, 0x3f, 0xce, 0x0f, 0x6f, 0xb6, 0x4f, 0xd6, 0x32, 0xf7, 0xf0, 0x7c, 0x64, 0x8e, 0xbd, 0x03, 0x69, 0x6c, 0x8e, 0x26, 0x2e, 0x6a, 0x81, 0x0d, 0x7b, 0x7c, 0x4e, 0x5e, 0xef, 0x8c, 0x65, 0xb5, 0x32, 0x3c, 0x99, 0xdb, 0xba, 0x50, 0xa7, 0x0b, 0x4a, 0x9e, 0x5c, 0x2a, 0x9e, 0x73, 0x15, 0x97, 0x3c, 0xd6, 0x7f, 0x35, 0xd8, 0x05, 0x2c, 0xe9, 0xa8, 0x5a, 0x20, 0x64, 0x16, 0xdd, 0x30, 0x31, 0x92, 0x9f, 0x4f, 0x92, 0x9b, 0x13, 0xd0, 0xa5, 0xfb, 0x10, 0xcb, 0x73, 0xc6, 0x5f, 0x6c, 0x0a, 0xce, 0x01, 0x9d, 0xa1, 0x46, 0xb5, 0x1c, 0x52, 0x74, 0xa0, 0x99, 0xf4, 0x4e, 0x36, 0x69, 0xd2, 0x6a, 0xdd, 0x6f, 0x2f, 0xf0, 0x81, 0xe8, 0x86, 0xf3, 0xcf, 0x95, 0x2f, 0xe0, 0xdb, 0xbe, 0x6b, 0x05, 0x34, 0xc2, 0x3e, 0x30, 0x75, 0x74, 0xbd, 0x35, 0xfb, 0xd6, 0x57, 0xf5, 0xfc, 0xbd, 0x5d, 0xc1, 0x9f, 0xb3, 0x82, 0xa1, 0xdc, 0x0a, 0x2d, 0xc8, 0x28, 0x5a, 0x03, 0x50, 0xf7, 0x15, 0x54, 0xe4, 0xc6, 0x01, 0x49, 0x77, 0x49, 0xe3, 0x55, 0x67, 0xdd, 0x4a, 0x27, 0x3c, 0xdd, 0xc9, 0xa4, 0x8c, 0xe5, 0x3a, 0x5f, 0x1d, 0x29, 0x7f, 0xd8, 0xba, 0xf8, 0xd1, 0xb9, 0xfe, 0xb3, 0x5d, 0x91, 0x51, 0x11, 0x43, 0x45, 0xab, 0xad, 0xa4, 0xd9, 0x0d, 0xb9, 0x47, 0xbb, 0x9a, 0x74, 0x3c, 0x17, 0x5f, 0x56, 0x53, 0xd1), - // aad: vec!(0x20, 0x48, 0xd1, 0xc2, 0xdd, 0xfb, 0x5e, 0xc3, 0x85, 0xb2, 0x01, 0x83, 0x2c, 0x7a, 0x99, 0x3f, 0x22, 0x9b, 0xa7, 0x2e, 0xc1, 0x6d, 0x6e, 0xbf, 0x72, 0x3e, 0xf0, 0xc5, 0x03, 0x2b, 0x99, 0x66, 0x20, 0x9a, 0x9e, 0x8a, 0x63, 0x15, 0x1b, 0x40, 0x41, 0x2e, 0x96, 0xb8, 0x2f, 0x86, 0x72, 0x8e, 0xa6, 0x58, 0x8c, 0x7e, 0x8e, 0x11, 0xac, 0x71, 0xcc, 0x8e, 0xab, 0xab, 0x8c, 0x4b, 0x54, 0xde, 0x86, 0x66, 0x58, 0xd9, 0xc5, 0x01, 0x1d, 0xef, 0x61, 0xfb, 0x3d, 0xbe, 0x4e, 0x63, 0x01, 0x58, 0xa4, 0x5e, 0xa4, 0x1a, 0x2e, 0xd5, 0x5e, 0xbd, 0x1e, 0xfb, 0x1a, 0xbe, 0xda, 0x76, 0x37, 0xde, 0x6f, 0xa5, 0xfd, 0x2f, 0x15, 0x1c, 0x6d, 0x2f, 0x38, 0x5b, 0xf6, 0xcd, 0x00, 0x2c, 0xa8, 0xb4, 0xa2, 0x89, 0x6e, 0x0d, 0x65, 0x94, 0x4e, 0xe9, 0x13, 0xe3, 0xc7, 0x84, 0x66, 0x9d, 0xd2, 0x01, 0xb1, 0x98, 0x5e, 0xf3, 0x57, 0x7f, 0x7f, 0x12, 0x3a, 0x5f, 0x9b, 0xcf, 0xfa, 0x17, 0x6c, 0x8f, 0x55, 0x7c, 0x4f, 0x72, 0x91, 0x33, 0xca, 0xc5, 0x18, 0x64, 0x2f, 0x27, 0xd9, 0xb2, 0x2c, 0xa9, 0xb9, 0x7f, 0xaa, 0xaf, 0xe5, 0xb6, 0x69, 0xa1, 0x0b, 0x79, 0xac, 0xe4, 0xa7, 0xd5, 0x72, 0x7d, 0xf1, 0x46, 0xc7, 0x7c, 0xe6, 0x81, 0x35, 0x7d, 0x69, 0xf9, 0xc2, 0xd6, 0x5b, 0x44, 0x01, 0xbd, 0x73, 0xcd, 0x11, 0x33, 0x87, 0xe3, 0xb3, 0xa0, 0x5d, 0x89, 0x7a, 0xda, 0xd7, 0xa2, 0x4c, 0x48, 0x5e, 0x7b), - // cipher_text: vec!(0x41, 0x46, 0xfa, 0xff, 0xd7, 0x31, 0x3f, 0x5d, 0x9f, 0x62, 0x53, 0x70, 0xd2, 0x04, 0x13, 0xcc, 0x62, 0xab, 0x65, 0xf4, 0xac, 0xfa, 0x3c, 0x7e, 0xe1, 0x12, 0x5b, 0x93, 0x7d, 0xd7, 0xa3, 0x9f, 0x63, 0x8f, 0xc4, 0x6c, 0x8e, 0xd0, 0x04, 0xfb, 0x52, 0x56, 0x98, 0xde, 0x5d, 0x86, 0x20, 0xec, 0x15, 0x34, 0x35, 0x57, 0x18, 0x17, 0xc3, 0xde, 0x25, 0x7b, 0x0d, 0x0e, 0x64, 0x8e, 0xbb, 0x92, 0x94, 0x0c, 0x86, 0xa9, 0x82, 0x62, 0xd5, 0x4e, 0x76, 0x4f, 0x28, 0xcb, 0xdd, 0x4f, 0x7d, 0x9b, 0xea, 0x97, 0x02, 0x91, 0xf2, 0x11, 0x04, 0x14, 0xf6, 0x20, 0x64, 0xd7, 0x22, 0x9c, 0x63, 0x32, 0x23, 0x6c, 0x50, 0x7b, 0x3d, 0xac, 0x74, 0x2e, 0x65, 0x1d, 0x85, 0xa2, 0xa2, 0x2f, 0xb2, 0x43, 0xc0, 0xcc, 0x7c, 0xc2, 0xd0, 0x16, 0xe5, 0xbe, 0xa3, 0x8f, 0x33, 0xf9, 0xa9, 0xce, 0x04, 0x89, 0x44, 0xa5, 0xfe, 0x8b, 0x07, 0x8d, 0x71, 0xd2, 0x31, 0x68, 0xe1, 0x2d, 0xfe, 0x5a, 0x0f, 0x0b, 0x82, 0x97, 0x71, 0xed, 0xc7, 0x07, 0x3f, 0xb9, 0x60, 0x32, 0xb7, 0xbe, 0x47, 0x13, 0x37, 0xa3, 0x7a, 0xca, 0x0c, 0xf7, 0xc0, 0xcd, 0xd5, 0x43, 0xee, 0xd6, 0x86, 0xcd, 0x34, 0x93, 0x47, 0x17, 0xfd, 0x79, 0xa3, 0xf1, 0x84, 0x92, 0xee, 0xf7, 0x2f, 0x9f, 0x45, 0x0b, 0x88, 0x0a, 0xa7, 0xe2, 0xe1, 0xb6, 0x5e, 0x3b, 0x04, 0xc2, 0x2e, 0x72, 0x30, 0x13, 0x38, 0xb4, 0x3a, 0xa3, 0x2c, 0xee, 0xc2, 0xe6), - // tag: vec!(0x10, 0xff, 0xaf, 0x2b, 0xe3, 0x16, 0x67, 0x6d, 0xa0, 0x2d, 0x74, 0x73, 0xa9, 0xdf, 0x87, 0xb9) - // }, - // TestVector{ - // key: [0x29, 0xb1, 0x96, 0x36, 0xcd, 0xd3, 0x25, 0x07, 0xfd, 0x98, 0xec, 0x4e, 0xe2, 0x6c, 0xaa, 0xb1, 0xa9, 0x17, 0x64, 0x6f, 0xb8, 0xf0, 0x5b, 0x0d, 0xc0, 0x17, 0x28, 0xa9, 0xf4, 0xa1, 0x27, 0xf0], - // nonce: [0x06, 0x69, 0x9d, 0x24, 0x59, 0x16, 0x68, 0x6d], - // plain_text: vec!(0x5f, 0xdf, 0x91, 0x3a, 0xce, 0xab, 0x1d, 0x6d, 0xba, 0xf7, 0xd9, 0xa2, 0x93, 0x52, 0xfa, 0x8a, 0x3e, 0xb2, 0x27, 0x18, 0x04, 0x3a, 0x79, 0xcf, 0xfa, 0x2f, 0xe8, 0xc3, 0x5c, 0x82, 0x0a, 0xec, 0x7c, 0x07, 0x64, 0x4b, 0x87, 0x85, 0xdc, 0xf7, 0xa4, 0x33, 0xb4, 0x18, 0x9a, 0xbb, 0x25, 0x7f, 0xb1, 0x2b, 0x06, 0xfa, 0xe0, 0x66, 0x26, 0x41, 0x01, 0x1a, 0x06, 0x98, 0x73, 0xc3, 0xe3, 0xc5, 0xcc, 0xc7, 0x8e, 0x73, 0x58, 0x18, 0x4a, 0x62, 0xc2, 0x00, 0x5c, 0x44, 0xb8, 0xa9, 0x22, 0x54, 0x95, 0x8e, 0xb5, 0xff, 0x46, 0x0d, 0x73, 0xcd, 0x80, 0x28, 0x4d, 0x6d, 0xab, 0xa2, 0x2c, 0x3f, 0xab, 0xa0, 0x46, 0xc5, 0x42, 0x6f, 0xe8, 0xb7, 0xca, 0xce, 0xc6, 0x4b, 0x23, 0x5a, 0x8f, 0x8d, 0x3e, 0x26, 0x41, 0xe5, 0xbc, 0x37, 0x88, 0x30, 0x59, 0x4b, 0xcf, 0xb2, 0x7c, 0x17, 0x7a, 0xea, 0x74, 0x59, 0x51, 0xee, 0x57, 0x80, 0xa6, 0x37, 0x05, 0x72, 0x7e, 0xf4, 0x2c, 0x4a, 0xd3, 0xab, 0xf5, 0x56, 0xd8, 0x8e, 0x38, 0x30, 0xf3, 0xdb, 0x6b, 0x09, 0xe9, 0x3e, 0xdd, 0x09, 0x48, 0x5c, 0xbf, 0x90, 0x7f, 0x79, 0xde, 0x61, 0xf8, 0xdc, 0x5c, 0xb5, 0xfb, 0x76, 0x65, 0xff, 0xa0, 0xef, 0x53, 0xcb, 0x48, 0x70, 0x2f, 0x6a, 0x81, 0xd8, 0xad, 0x42, 0x1c, 0xef, 0x20, 0xc1, 0xdb, 0xdf, 0x40, 0x2b, 0x8f, 0xaf, 0xed, 0x56, 0xa5, 0x36, 0x1b, 0x2f, 0x93, 0xf9, 0x14, 0xa2, 0x38, 0x0f, 0xdd, 0x05, 0x57, 0xfa, 0xf1, 0xf4, 0xde), - // aad: vec!(0x39, 0x11, 0x6c, 0x49, 0xcc, 0x13, 0xad, 0xb0, 0x65, 0xb9, 0x2c, 0xb7, 0x63, 0x5f, 0x73, 0xd5, 0xf6, 0xbf, 0x6b, 0x5c, 0xcb, 0xf7, 0x2a, 0x3f, 0x65, 0xa5, 0xdf, 0x6b, 0xd4, 0xa6, 0x61, 0x10, 0x50, 0x15, 0x35, 0x8d, 0x9e, 0x69, 0xf4, 0x2e, 0x98, 0xae, 0xd7, 0x95, 0xe8, 0x16, 0x12, 0x82, 0xbc, 0x11, 0x30, 0x58, 0xb7, 0xef, 0x3b, 0x9e, 0x23, 0xfc, 0xd8, 0xee, 0xab, 0x34, 0xa3, 0x92, 0xe0, 0x3f, 0x4d, 0x63, 0x29, 0xc1, 0x12, 0xcb, 0x96, 0x83, 0x85, 0xec, 0x52, 0xa7, 0xaf, 0xc9, 0x8b, 0xb8, 0x69, 0x57, 0x85, 0xaf, 0x6b, 0x27, 0xb7, 0x00, 0x97, 0x3c, 0xc9, 0x52, 0x63, 0x0b, 0x72, 0x47, 0xce, 0x22, 0x6b, 0x4f, 0xbb, 0x99, 0xb8, 0xa4, 0x86, 0x37, 0x0b, 0xf6, 0x34, 0x5d, 0x45, 0x16, 0xc5, 0x2c, 0x64, 0xe3, 0x3f, 0x40, 0x7c, 0x4f, 0x2d, 0x1b, 0xa9, 0x05, 0x45, 0xc8, 0x87, 0x32, 0xd9, 0x8b, 0xbd, 0x97, 0x97, 0x2a, 0xc5, 0xe9, 0x4c, 0x69, 0x46, 0x24, 0xa9, 0xb3, 0x78, 0x2b, 0x00, 0x99, 0x82, 0x46, 0x51, 0xcb, 0x75, 0x67, 0x91, 0x4d, 0x25, 0xb3, 0xe1, 0x31, 0x81, 0xa7, 0x91, 0xdb, 0xcd, 0x40, 0xe7, 0x6e, 0x83, 0x6b, 0x33, 0x50, 0xd3, 0x10, 0xa5, 0x21, 0x51, 0xbf, 0x83, 0x5d, 0x3c, 0x35, 0x7c, 0x98, 0x71, 0x48, 0x2c, 0x29, 0x28, 0xe8, 0x40, 0x4c, 0x6e, 0x53, 0x34, 0x06, 0xd4, 0xd6, 0xfa, 0x8f, 0x63, 0x36, 0x6f, 0x2c, 0x4e, 0xd8, 0x28, 0x14, 0x1f, 0x1f, 0xf0, 0x0f, 0x01, 0xa5, 0x36), - // cipher_text: vec!(0x01, 0xe2, 0x37, 0x22, 0x0b, 0x61, 0x90, 0x54, 0xa1, 0xf3, 0x67, 0x09, 0x28, 0xfe, 0x67, 0xd4, 0x04, 0x84, 0xb5, 0xaf, 0x40, 0xfb, 0xd0, 0x4d, 0x03, 0x25, 0x00, 0xaa, 0xc5, 0xac, 0xaa, 0x3b, 0x45, 0x84, 0xdd, 0x99, 0xa5, 0x8c, 0x39, 0x06, 0x27, 0x63, 0x6a, 0x50, 0xde, 0x5d, 0x74, 0x4f, 0x76, 0xa5, 0x6a, 0x33, 0x20, 0x5f, 0x9e, 0x3b, 0x00, 0xe1, 0x61, 0x62, 0xeb, 0x47, 0xff, 0x33, 0x33, 0xe1, 0xe2, 0x08, 0xca, 0x20, 0x0f, 0x1a, 0x53, 0x38, 0xa8, 0x6e, 0x17, 0xbd, 0x92, 0xdd, 0x2d, 0x16, 0xaf, 0x8b, 0xb0, 0x22, 0xa7, 0xdc, 0x05, 0xb9, 0x23, 0xd0, 0x19, 0xe0, 0x52, 0x47, 0xf1, 0xa0, 0xd0, 0xb4, 0xbf, 0xcf, 0xce, 0x58, 0xdd, 0x6d, 0x83, 0x83, 0x07, 0x05, 0x70, 0x76, 0x76, 0xd5, 0x57, 0x39, 0xab, 0xee, 0x89, 0xfc, 0xd5, 0xcb, 0x94, 0xb8, 0xfd, 0xe0, 0x06, 0xa5, 0xda, 0x02, 0xdf, 0x64, 0xb0, 0x0a, 0x46, 0x7f, 0x45, 0x97, 0x0b, 0x5c, 0xa4, 0x40, 0xf2, 0x23, 0x19, 0xb9, 0x73, 0x5a, 0x55, 0xd4, 0x54, 0xb9, 0xfb, 0xa0, 0x58, 0x8f, 0xef, 0x0c, 0x59, 0xd3, 0xd8, 0x38, 0x23, 0xeb, 0xa6, 0xe0, 0x60, 0x1a, 0x96, 0xe1, 0x02, 0x33, 0x82, 0x6c, 0x5a, 0xde, 0xea, 0x6b, 0x2a, 0x51, 0xd3, 0x86, 0xa0, 0x7a, 0x9e, 0x04, 0x7a, 0xd4, 0x05, 0xb2, 0x3d, 0x4c, 0x3d, 0x89, 0xf3, 0x0c, 0x31, 0xe3, 0x19, 0x9f, 0x0c, 0x8f, 0x92, 0x7b, 0xfa, 0xc4, 0x3c, 0xee, 0xa1, 0xf9, 0x69, 0xde, 0x0a, 0x8c, 0x0f), - // tag: vec!(0x09, 0x2f, 0x9f, 0x3c, 0x5d, 0x4f, 0x25, 0x70, 0xc9, 0x94, 0x6c, 0x87, 0x96, 0x7f, 0x45, 0x79) - // }, - // TestVector{ - // key: [0xba, 0xe0, 0x6b, 0x9b, 0x54, 0x56, 0x70, 0x75, 0x51, 0xc7, 0xb0, 0xe2, 0x07, 0xaa, 0xe0, 0x2a, 0x19, 0xb4, 0x84, 0x8a, 0xd8, 0xca, 0x4c, 0xe4, 0x07, 0x05, 0xbf, 0x8c, 0x85, 0x6a, 0x6e, 0x52], - // nonce: [0x9c, 0x27, 0x06, 0x5c, 0x3e, 0xf2, 0xd5, 0x22], - // plain_text: vec!(0x50, 0xcd, 0xd8, 0x81, 0x37, 0xff, 0x42, 0x8a, 0x88, 0xe8, 0x7b, 0x58, 0x45, 0xbe, 0x49, 0x24, 0xf6, 0x38, 0x75, 0x37, 0xbb, 0x5c, 0x0b, 0x65, 0x4c, 0x80, 0x10, 0x7a, 0xb5, 0x69, 0x8d, 0xb7, 0x5b, 0x2e, 0x13, 0x18, 0x48, 0xe7, 0xae, 0xc1, 0x56, 0xd3, 0x1a, 0xed, 0x07, 0x66, 0xd3, 0x1c, 0x37, 0x9f, 0xec, 0xe4, 0x09, 0x5d, 0x38, 0x26, 0x4c, 0x6d, 0x59, 0x45, 0x97, 0x4d, 0x25, 0xf7, 0x29, 0xc3, 0xb0, 0xba, 0x11, 0xea, 0x85, 0x3e, 0x9c, 0xeb, 0xdb, 0x6f, 0x03, 0xbb, 0x67, 0x0f, 0xce, 0x08, 0xad, 0xff, 0x74, 0xd0, 0xa8, 0xf0, 0x2d, 0x63, 0x3f, 0xb3, 0x4e, 0x0f, 0xb7, 0x33, 0x7a, 0x8e, 0x66, 0xe1, 0xc1, 0x20, 0x84, 0xd9, 0x14, 0xfb, 0x61, 0x73, 0xb8, 0x10, 0x56, 0x84, 0xdb, 0x82, 0x27, 0x52, 0xc6, 0x75, 0x1a, 0x37, 0x2b, 0xb1, 0x66, 0x90, 0x28, 0x4d, 0x66, 0x1b, 0x8b, 0x8b, 0xc6, 0xa6, 0xdf, 0xbd, 0xdf, 0x45, 0xeb, 0xc2, 0x21, 0x95, 0x96, 0xf9, 0xf2, 0xf8, 0x78, 0xc1, 0x18, 0xdf, 0x69, 0x03, 0x0d, 0xe3, 0x8b, 0x4d, 0x99, 0xdd, 0xe4, 0x3b, 0x9b, 0x9e, 0x20, 0xa3, 0xda, 0xb6, 0x91, 0x64, 0x5d, 0xd5, 0x18, 0x34, 0x2f, 0x49, 0xb0, 0x6a, 0x0f, 0xe0, 0xa3, 0x97, 0xad, 0xf2, 0x61, 0xe9, 0x9f, 0x07, 0xaf, 0x5b, 0x0b, 0x37, 0x98, 0xb1, 0x02, 0x2b, 0xa0, 0x93, 0x9c, 0x42, 0xa5, 0x4d, 0x3b, 0x93, 0x64, 0x1c, 0xff, 0xa3, 0xc2, 0xe1, 0x74, 0xbc, 0xe9, 0xab, 0x7a, 0xd7, 0xe7, 0xc7, 0x92, 0x43, 0x08, 0xd1, 0xa7, 0x7a), - // aad: vec!(0x5d, 0x55, 0x90, 0xdb, 0x1b, 0xd3, 0x16, 0xeb, 0x7a, 0x0e, 0x30, 0xe4, 0xc7, 0xa6, 0xdf, 0xdb, 0xef, 0x9d, 0x32, 0x87, 0xfd, 0xb8, 0xd8, 0x24, 0x38, 0x95, 0x99, 0xc3, 0xc2, 0xee, 0x26, 0x2b, 0x21, 0x92, 0xeb, 0x5b, 0x97, 0x08, 0xe6, 0x6e, 0x22, 0xdb, 0xc7, 0xec, 0xa8, 0x3f, 0xa1, 0xa9, 0x95, 0xda, 0x3c, 0xe6, 0x4c, 0x86, 0xfe, 0x5a, 0xa0, 0x8b, 0x82, 0x6d, 0x47, 0x6d, 0xc4, 0x39, 0x49, 0x7e, 0x2d, 0x12, 0xe2, 0x70, 0x2c, 0x63, 0xc8, 0xd2, 0x7a, 0xa7, 0xf0, 0x9f, 0xed, 0xee, 0x81, 0x6d, 0xc8, 0xbf, 0xfe, 0x13, 0x51, 0xd5, 0x32, 0x71, 0xa3, 0x4d, 0x42, 0x92, 0xb6, 0x13, 0xb7, 0xef, 0xce, 0xdb, 0x7e, 0x3c, 0xf3, 0xe6, 0xad, 0x38, 0x9e, 0xef, 0x12, 0x47, 0x1e, 0x9e, 0x20, 0xe3, 0x8e, 0x7a, 0xe2, 0x2a, 0x32, 0x3a, 0xbb, 0xad, 0xfe, 0x8f, 0x2e, 0x84, 0x27, 0x1b, 0xff, 0xb1, 0x81, 0x9f, 0xeb, 0x4f, 0x77, 0xb8, 0x28, 0x43, 0xcb, 0x87, 0x57, 0xcf, 0xae, 0x29, 0x36, 0x31, 0xbc, 0x6d, 0x39, 0x66, 0x91, 0x07, 0xe7, 0x01, 0x5c, 0x85, 0xd7, 0x34, 0x3f, 0xfa, 0x6f, 0xc1, 0xbb, 0xe6, 0xf5, 0xab, 0x4d, 0xe3, 0x0c, 0xd7, 0x52, 0xa2, 0x81, 0xe0, 0x30, 0x61, 0xea, 0x89, 0xde, 0x2a, 0x3f, 0x5e, 0x90, 0xe2, 0x0d, 0xa2, 0x2f, 0xd6, 0xe8, 0x52, 0x5c, 0x10, 0x07, 0x38, 0x66, 0x7f, 0x42, 0x21, 0x2b, 0x2c, 0xf4, 0x5f, 0xcb, 0x23, 0xbb, 0xb5, 0x4b, 0x21, 0xc1, 0x17, 0x48, 0x4b, 0x22, 0xc6, 0xe5, 0x14, 0x68, 0x53, 0x14, 0xdf), - // cipher_text: vec!(0x66, 0xb7, 0xf6, 0x9a, 0xc4, 0x9f, 0xab, 0x4e, 0x59, 0x75, 0xae, 0xb6, 0xfa, 0x92, 0x87, 0xd8, 0xea, 0xc0, 0x2a, 0xc3, 0x12, 0xc4, 0xde, 0x78, 0xf7, 0x7f, 0x59, 0xda, 0x16, 0xcb, 0xcf, 0x87, 0x27, 0x4e, 0x66, 0x80, 0x1c, 0x4b, 0x86, 0x2c, 0x33, 0xea, 0x79, 0xcd, 0xc7, 0x65, 0x28, 0x86, 0x2b, 0xb2, 0x95, 0x6c, 0x06, 0xdb, 0x8b, 0x8a, 0xcf, 0xac, 0x47, 0x94, 0xeb, 0xf3, 0x9e, 0x35, 0xac, 0x03, 0xcc, 0x73, 0xa4, 0x35, 0x1a, 0x4f, 0xf7, 0x62, 0xf6, 0x81, 0xa4, 0x8d, 0x6f, 0x25, 0xca, 0xd3, 0x6e, 0x28, 0x14, 0xc9, 0xb5, 0xc4, 0x0b, 0x9a, 0xe9, 0x25, 0x09, 0xe5, 0x84, 0x29, 0x10, 0x68, 0x47, 0x78, 0x94, 0x54, 0xd3, 0x76, 0x83, 0x69, 0x36, 0xbe, 0xbc, 0x7a, 0x80, 0xe6, 0xc6, 0x6e, 0x7a, 0xa5, 0x29, 0x36, 0xd6, 0xb3, 0x61, 0x37, 0x8a, 0x41, 0xf8, 0x49, 0xad, 0x4e, 0x48, 0xf9, 0xee, 0x2d, 0x3e, 0x92, 0x21, 0x7a, 0x90, 0x8f, 0xa8, 0xeb, 0x35, 0x73, 0x6a, 0xc8, 0xad, 0xa7, 0xd3, 0x2a, 0xe0, 0x53, 0x91, 0xf2, 0xd8, 0x07, 0xbe, 0x35, 0x12, 0x54, 0x3c, 0x36, 0x13, 0x8a, 0x5f, 0xe6, 0x60, 0xdd, 0x4c, 0xd4, 0xcd, 0x18, 0x4b, 0xb4, 0x3b, 0x6b, 0xa6, 0xbc, 0x0b, 0xae, 0x63, 0x4e, 0x2f, 0xa9, 0x66, 0x93, 0x04, 0xcd, 0x51, 0x0e, 0xd5, 0x10, 0x3f, 0x63, 0x00, 0x68, 0xff, 0x76, 0xd3, 0x37, 0x57, 0x38, 0xde, 0x60, 0xa3, 0x81, 0x84, 0x2b, 0x42, 0x14, 0x77, 0xe2, 0x5a, 0x49, 0x0c, 0xdd, 0x68, 0x94, 0xb2, 0x70, 0x41, 0x25), - // tag: vec!(0xc9, 0x99, 0x8a, 0x67, 0x7d, 0xfb, 0x0e, 0x91, 0x92, 0x4a, 0xec, 0x9d, 0xe0, 0xaf, 0xd5, 0x85) - // }, - // TestVector{ - // key: [0x2c, 0xb3, 0x74, 0xcb, 0x04, 0x8c, 0x16, 0x8f, 0x2e, 0x43, 0x59, 0x7f, 0x02, 0x8d, 0x9e, 0x73, 0xca, 0xde, 0x1b, 0x45, 0x82, 0x84, 0xff, 0xc2, 0x60, 0xd4, 0xfc, 0x6b, 0x90, 0x11, 0xc4, 0x14], - // nonce: [0x9f, 0xb9, 0x09, 0x16, 0x9b, 0xc9, 0xf4, 0xe9], - // plain_text: vec!(0x39, 0xeb, 0x92, 0x94, 0x82, 0x78, 0x4b, 0x46, 0x35, 0x46, 0xf5, 0xd8, 0x4f, 0x80, 0x51, 0x0f, 0x20, 0x19, 0x92, 0x3d, 0x46, 0x5b, 0x99, 0xd1, 0x94, 0x24, 0x6d, 0x68, 0xc7, 0xae, 0x34, 0x3f, 0x91, 0x97, 0x1d, 0x8f, 0x70, 0x59, 0xce, 0xbb, 0x86, 0xaa, 0x5d, 0xd0, 0x99, 0x28, 0x9a, 0xa6, 0x48, 0x24, 0x8b, 0x8c, 0x5c, 0xa0, 0x4e, 0x66, 0xac, 0x5e, 0x9b, 0xf0, 0x67, 0x76, 0xe3, 0x88, 0x34, 0x95, 0x39, 0x76, 0x18, 0xa0, 0x22, 0x7f, 0x03, 0x56, 0x66, 0x80, 0x6e, 0x63, 0x68, 0x36, 0xb4, 0x7d, 0x3d, 0x2d, 0x25, 0x5a, 0x49, 0xdb, 0x79, 0x86, 0x6c, 0xf0, 0x0d, 0x9d, 0xda, 0xbd, 0xa2, 0x59, 0xc4, 0xf9, 0x68, 0xa1, 0xe0, 0x1e, 0x65, 0x1c, 0x78, 0x11, 0xce, 0xbb, 0xee, 0x2e, 0xe7, 0x18, 0x03, 0xea, 0x1d, 0x9d, 0x23, 0x48, 0x7e, 0xb2, 0x21, 0xf2, 0xd9, 0x55, 0x57, 0x56, 0x80, 0x0a, 0xba, 0x5e, 0x6a, 0xbb, 0xef, 0xd6, 0xfb, 0x72, 0xb3, 0x15, 0x1c, 0xc9, 0x9c, 0xed, 0x59, 0x9c, 0xd8, 0x6d, 0xf2, 0xa9, 0xb1, 0xce, 0x94, 0xf8, 0x9f, 0x34, 0x7e, 0xeb, 0x12, 0x4d, 0x9e, 0x7f, 0x0d, 0x9c, 0xc4, 0x8d, 0x3d, 0xed, 0xd8, 0x19, 0xe6, 0xd3, 0xdb, 0xac, 0x57, 0xec, 0xee, 0x19, 0x95, 0x47, 0xb2, 0x66, 0x11, 0x6a, 0x20, 0x35, 0xc9, 0xac, 0xc4, 0xc8, 0xca, 0x32, 0x71, 0xac, 0x74, 0x95, 0x23, 0x72, 0x89, 0x7c, 0x4a, 0x5f, 0x2c, 0xb8, 0x4e, 0x2d, 0x81, 0x81, 0x7f, 0xec, 0x9d, 0x67, 0x74, 0xf6, 0xd8, 0xa5, 0xb2, 0x02, 0x16, 0x84, 0x13, 0x2d, 0xb4, 0xfc, 0xa3), - // aad: vec!(0x0c, 0x7b, 0xd4, 0xf3, 0xa3, 0x0e, 0xe9, 0x44, 0xcc, 0xf9, 0x48, 0x91, 0x81, 0xe6, 0x91, 0x16, 0x84, 0xdc, 0xff, 0xad, 0x45, 0x93, 0xa9, 0xb6, 0x5a, 0x67, 0xdf, 0xc8, 0x07, 0x18, 0xc6, 0x9b, 0x35, 0x89, 0x7d, 0x01, 0x28, 0x10, 0x16, 0xb7, 0x73, 0x1e, 0x12, 0xc1, 0x5c, 0xad, 0x84, 0x82, 0xe7, 0x94, 0x58, 0xe0, 0x8a, 0x75, 0x56, 0x22, 0xe3, 0xf3, 0xf2, 0x2a, 0x23, 0xef, 0x6c, 0x84, 0x87, 0xa3, 0x6a, 0xd1, 0x77, 0x1b, 0xa0, 0x6c, 0x64, 0x1f, 0x06, 0xf8, 0x5d, 0xe0, 0xdb, 0x37, 0x76, 0xcc, 0x6d, 0xf0, 0x6a, 0xd8, 0xfe, 0x3b, 0x4d, 0x60, 0xd5, 0x85, 0x08, 0xde, 0x94, 0x30, 0x83, 0xf1, 0x7c, 0xbb, 0x9d, 0xc0, 0xd3, 0x90, 0xac, 0x94, 0xd8, 0x42, 0x9e, 0x8c, 0x6f, 0xcf, 0xe0, 0x63, 0xf4, 0x24, 0xfb, 0xde, 0x0f, 0x62, 0xf6, 0xa7, 0xf9, 0x1a, 0x62, 0x6d, 0x19, 0x5d, 0xc4, 0x98, 0xa6, 0xe6, 0x9b, 0xd9, 0x31, 0x09, 0xc4, 0xe9, 0xba, 0x13, 0xe7, 0x33, 0x0a, 0xba, 0x45, 0x6d, 0x71, 0x0a, 0x4b, 0x0c, 0xc2, 0x79, 0xd4, 0x04, 0x56, 0x60, 0x40, 0x6e, 0x26, 0xd6, 0x1d, 0xff, 0x70, 0xd4, 0xa3, 0x3c, 0x4f, 0x10, 0x52, 0x86, 0x9f, 0x92, 0x48, 0x02, 0x4e, 0x7a, 0x0f, 0x85, 0xf1, 0xef, 0xfb, 0x32, 0xf6, 0xf7, 0xcc, 0xb1, 0xf8, 0x60, 0xf3, 0xef, 0x04, 0xe8, 0xf7, 0xb2, 0x90, 0x96, 0xe6, 0xbc, 0xf9, 0xd4, 0xb3, 0xe0, 0xce, 0x70, 0x3e, 0x9b, 0xf2, 0x28, 0xfd, 0xf5, 0x15, 0xc2, 0xff, 0x9c, 0xba, 0xbd, 0x16, 0x98, 0x7b, 0xe0, 0xf9, 0xba, 0xbd, 0x3d, 0x8a), - // cipher_text: vec!(0x91, 0xdd, 0xad, 0xb8, 0x6b, 0x7e, 0xbe, 0xf7, 0x98, 0xdd, 0xaa, 0x59, 0xda, 0x51, 0xd7, 0x13, 0x16, 0xfc, 0xf6, 0xc9, 0x67, 0x81, 0x43, 0x17, 0x82, 0x27, 0xd7, 0x78, 0x75, 0x0d, 0xc9, 0x82, 0x7f, 0xc6, 0xcc, 0x21, 0xe6, 0x05, 0xc5, 0x05, 0x02, 0x3e, 0x6d, 0xb2, 0x58, 0x49, 0xdf, 0x7f, 0xb6, 0xfc, 0x1c, 0xa4, 0xd2, 0x23, 0xaa, 0x21, 0x5f, 0x8c, 0x85, 0xb7, 0x24, 0x64, 0x3c, 0x83, 0xbf, 0x82, 0x18, 0x81, 0x5a, 0x9f, 0x9e, 0x29, 0x52, 0x38, 0x4e, 0x0c, 0xa6, 0xa8, 0x0a, 0x37, 0x60, 0xb3, 0x9d, 0xaf, 0x91, 0xa3, 0xc6, 0x15, 0x4c, 0x47, 0x28, 0xc2, 0x37, 0x1f, 0xd1, 0x81, 0xfa, 0x37, 0x64, 0x75, 0x3d, 0x0b, 0x0c, 0x23, 0x80, 0x8a, 0x82, 0xcd, 0x8f, 0x04, 0x97, 0x24, 0x6e, 0x3a, 0x0f, 0x17, 0xf8, 0x90, 0x6a, 0x07, 0xc7, 0x25, 0xd2, 0x89, 0x1c, 0xe9, 0x68, 0xa9, 0xd4, 0x32, 0xc2, 0xb1, 0x02, 0xd8, 0x5c, 0x05, 0x51, 0x0b, 0x28, 0xe7, 0x15, 0xbb, 0x60, 0xd0, 0x40, 0x3a, 0x77, 0x49, 0x0e, 0x7f, 0x18, 0xbe, 0x81, 0x21, 0x8b, 0xc4, 0xf3, 0x92, 0x87, 0xb9, 0xbb, 0x09, 0xf5, 0x02, 0x27, 0xdd, 0x2f, 0x55, 0xe4, 0xfb, 0x70, 0xc4, 0x43, 0x8d, 0xa8, 0xba, 0x3c, 0x8f, 0xfb, 0xce, 0xd8, 0x7d, 0x90, 0x15, 0x59, 0x13, 0xfa, 0xa9, 0x97, 0x9f, 0xc5, 0x7e, 0x6c, 0xbe, 0xdd, 0xfa, 0xba, 0x3d, 0x3a, 0xb4, 0x16, 0x3c, 0x0e, 0xeb, 0xc7, 0xd9, 0x42, 0x79, 0xc2, 0x7d, 0x3e, 0xd5, 0x63, 0x38, 0x89, 0x3d, 0xba, 0x54, 0x2e, 0xae, 0xfb, 0xa3, 0x0f, 0x8c, 0x3b), - // tag: vec!(0x72, 0x8e, 0x60, 0xf8, 0x12, 0x4e, 0xff, 0xba, 0xc2, 0x34, 0xf7, 0x0d, 0xa9, 0x25, 0x88, 0x1c) - // }, - // TestVector{ - // key: [0xf0, 0xf1, 0x6b, 0x6f, 0x12, 0xb3, 0x84, 0x0b, 0xbd, 0x1c, 0x4a, 0x6a, 0x08, 0x11, 0xee, 0xf2, 0x37, 0xf1, 0x52, 0x1b, 0x45, 0xde, 0x99, 0x86, 0xda, 0xec, 0x9f, 0x28, 0xfc, 0xa6, 0x48, 0x5c], - // nonce: [0x7a, 0xc9, 0x3e, 0x75, 0x4e, 0x29, 0x03, 0x23], - // plain_text: vec!(0x05, 0x30, 0x55, 0x64, 0x24, 0xd8, 0x23, 0xf9, 0x0a, 0x7f, 0x1c, 0x52, 0x4c, 0x4b, 0xaa, 0x70, 0x6a, 0xad, 0x28, 0x07, 0xe2, 0x89, 0xe9, 0x47, 0x93, 0x01, 0xe3, 0xe7, 0xa7, 0x1f, 0x2a, 0x5e, 0x14, 0xe6, 0x23, 0x2e, 0xa7, 0x85, 0xf3, 0x39, 0xc6, 0x69, 0xaf, 0x2e, 0x6d, 0x25, 0xf1, 0xd5, 0xa2, 0x61, 0x09, 0x6a, 0x54, 0x8d, 0x23, 0x86, 0x49, 0x45, 0xc3, 0xa5, 0x89, 0xb6, 0x7b, 0x09, 0xb0, 0x30, 0x4a, 0x78, 0x4d, 0x61, 0xb4, 0x2b, 0x24, 0x19, 0x13, 0x94, 0x85, 0x24, 0x2e, 0x0d, 0x51, 0xfc, 0xbe, 0x9e, 0x8f, 0xed, 0x99, 0x6d, 0x21, 0x4d, 0xe8, 0x71, 0x7e, 0x6a, 0x71, 0xf8, 0x98, 0x7c, 0xca, 0xd6, 0x5e, 0xb9, 0x2e, 0x66, 0x70, 0x70, 0x34, 0xa5, 0xae, 0x38, 0xe6, 0x48, 0x6e, 0x26, 0xeb, 0x43, 0x74, 0xc5, 0x65, 0xaa, 0xd5, 0xdf, 0x94, 0x9d, 0xab, 0x20, 0x9f, 0x7f, 0x7b, 0xcd, 0x8e, 0xb6, 0xfc, 0x52, 0x76, 0x1a, 0x26, 0xcf, 0xe5, 0xd0, 0x1f, 0xd3, 0x49, 0xe5, 0x9f, 0x40, 0x42, 0xe6, 0xdb, 0xe6, 0xb2, 0x32, 0xf9, 0x30, 0x1b, 0x97, 0x1d, 0xee, 0x12, 0x1d, 0x8a, 0xa1, 0xe6, 0x2d, 0x40, 0xf0, 0x43, 0xa4, 0x2f, 0x3a, 0xa8, 0x59, 0xd8, 0x67, 0xeb, 0x80, 0x9b, 0x1c, 0xed, 0x5a, 0xe1, 0xec, 0x62, 0xca, 0xcf, 0x94, 0xa6, 0x9f, 0xaf, 0xd0, 0x63, 0x1a, 0x8b, 0x5d, 0xfd, 0x66, 0xd8, 0x55, 0x90, 0x0f, 0xb2, 0x95, 0xee, 0xc9, 0x0a, 0xe5, 0xfc, 0xbf, 0x77, 0xbe, 0xae, 0x26, 0x7a, 0x79, 0xd2, 0x40, 0x81, 0xbb, 0x32, 0x2d, 0x8c, 0x4e, 0x06, 0x30, 0xfe, 0xd2, 0x52, 0x54, 0x1b, 0x36), - // aad: vec!(0x13, 0xbf, 0xcc, 0x17, 0xb8, 0x10, 0x09, 0x9c, 0xda, 0x31, 0xca, 0x53, 0xa1, 0x32, 0x3d, 0xb9, 0xb0, 0x76, 0x33, 0xce, 0xb2, 0x08, 0x8a, 0x42, 0x26, 0x3a, 0x4c, 0xbd, 0x6a, 0x4d, 0x47, 0x97, 0x87, 0x76, 0x00, 0x5c, 0x9a, 0x20, 0x20, 0x33, 0x19, 0xc3, 0xa3, 0xae, 0x43, 0x4e, 0x9a, 0x26, 0xfb, 0x54, 0x10, 0x47, 0xdc, 0x9d, 0xf3, 0x8d, 0xc3, 0x6c, 0x09, 0x52, 0x67, 0x27, 0x2e, 0x20, 0x3d, 0x0b, 0x24, 0xd1, 0x19, 0xa7, 0x0a, 0x7e, 0x96, 0x04, 0x1b, 0x6d, 0x82, 0xb7, 0xc4, 0xd5, 0x57, 0x0e, 0x1e, 0x4a, 0x1c, 0xf2, 0xf6, 0xe4, 0x4a, 0xe6, 0x3f, 0xe0, 0x05, 0xa1, 0xf5, 0xb9, 0x00, 0x77, 0x8c, 0x48, 0x2f, 0x7b, 0xd8, 0x9e, 0x2e, 0x02, 0x30, 0x5e, 0x35, 0xb8, 0xf6, 0x1b, 0x7b, 0xb2, 0xc7, 0x8a, 0x13, 0xae, 0xbf, 0xce, 0x01, 0x45, 0xd1, 0xc5, 0xaa, 0x0b, 0xf1, 0xd1, 0x0d, 0x23, 0x61, 0x6d, 0x5a, 0x3a, 0x44, 0x6d, 0xe5, 0x50, 0x30, 0x2f, 0x56, 0xf8, 0x1d, 0xc5, 0x6f, 0xe4, 0xf3, 0x70, 0x0f, 0x14, 0x24, 0x26, 0x88, 0xd9, 0xb9, 0x2d, 0x8a, 0x42, 0x79, 0x79, 0xb4, 0x03, 0xc8, 0xde, 0x8c, 0x49, 0x3a, 0x2c, 0xde, 0x51, 0x0e, 0xaf, 0x6b, 0x28, 0x5e, 0x66, 0x75, 0xb1, 0x73, 0xaa, 0x03, 0x14, 0xa3, 0x86, 0xb6, 0x35, 0xc7, 0x57, 0x7d, 0x5a, 0xff, 0x0d, 0x86, 0x8a, 0x0c, 0xb3, 0xf7, 0x3c, 0x8d, 0x20, 0x05, 0xf8, 0xc7, 0xc9, 0xda, 0xb5, 0xa0, 0x60, 0xef, 0x80, 0x10, 0x2c, 0x9d, 0x4a, 0x4a, 0xf9, 0x88, 0x83, 0x8a, 0xfe, 0x87, 0xaf, 0xf0, 0x4c, 0x06, 0x89, 0xe8, 0xc3, 0xc7, 0xf9), - // cipher_text: vec!(0x2c, 0x14, 0xc3, 0x93, 0x1e, 0x98, 0xe8, 0x45, 0x07, 0xc4, 0xc1, 0x65, 0xc2, 0xed, 0x47, 0xad, 0x4a, 0x17, 0x8f, 0x0e, 0x21, 0x6c, 0xd7, 0xac, 0x24, 0x53, 0xbb, 0xbf, 0x9f, 0x85, 0xdd, 0x06, 0xbd, 0x8e, 0xf5, 0x4a, 0x9f, 0xf1, 0xfd, 0x3d, 0xd8, 0xe0, 0xca, 0xfb, 0x63, 0x5d, 0x8f, 0x2d, 0xe8, 0x61, 0xa0, 0xdb, 0x5b, 0x14, 0xd0, 0x3f, 0x17, 0xaa, 0xea, 0x8c, 0x89, 0xb3, 0x01, 0x07, 0x97, 0xc7, 0x1c, 0x13, 0xa0, 0xe6, 0x66, 0x89, 0x9d, 0x7f, 0xf6, 0xe5, 0x3c, 0x4f, 0x08, 0xbe, 0x8d, 0xdb, 0x3e, 0x37, 0x68, 0x8b, 0x5a, 0xfa, 0x08, 0x80, 0x79, 0xb6, 0xc7, 0x51, 0x9b, 0x83, 0x3e, 0x16, 0x56, 0x00, 0x73, 0xe6, 0x99, 0x53, 0x03, 0x02, 0x02, 0x8a, 0x34, 0x96, 0xe0, 0x5e, 0xdd, 0xde, 0xc0, 0x1a, 0x23, 0xa4, 0xc7, 0x98, 0x39, 0x56, 0x25, 0x0e, 0x8d, 0x9e, 0x61, 0x6f, 0x7b, 0x94, 0x08, 0x56, 0x95, 0x5c, 0xde, 0x81, 0xc1, 0xef, 0xab, 0xf6, 0xb7, 0xb9, 0x2f, 0x15, 0x3d, 0x03, 0xf4, 0xcd, 0x17, 0xe7, 0xf7, 0xd2, 0x90, 0x76, 0x70, 0xcf, 0xc8, 0x4d, 0x45, 0xc1, 0xd7, 0x93, 0x67, 0x75, 0xa3, 0xfc, 0xe4, 0x79, 0x68, 0x50, 0x42, 0x78, 0xff, 0xae, 0xca, 0xce, 0xa0, 0x87, 0x1b, 0x22, 0x7f, 0x25, 0x0e, 0x29, 0x79, 0x51, 0x6f, 0x6f, 0xa3, 0x10, 0xfe, 0xc0, 0xd8, 0xdf, 0x1a, 0xf7, 0x87, 0x2e, 0x5a, 0x53, 0x4e, 0x82, 0x87, 0x0a, 0xa0, 0x5f, 0x43, 0xef, 0x0a, 0x45, 0x58, 0x46, 0xb9, 0x3c, 0xe9, 0x38, 0x06, 0x4f, 0xa3, 0x3e, 0x92, 0xde, 0x26, 0x2e, 0x41, 0x56, 0xda, 0xe5, 0x67, 0x75), - // tag: vec!(0xd9, 0x5d, 0x73, 0xbf, 0x9a, 0xeb, 0x71, 0xeb, 0xa9, 0x04, 0x23, 0x96, 0xf3, 0x72, 0x54, 0x24) - // }, - // TestVector{ - // key: [0x37, 0x92, 0x94, 0x3c, 0x03, 0x96, 0xf1, 0x84, 0x04, 0x96, 0x91, 0x7c, 0xe8, 0xad, 0x89, 0x60, 0x83, 0x85, 0x00, 0x7e, 0x79, 0x6f, 0xeb, 0xee, 0xa3, 0x80, 0x5f, 0x3f, 0x4c, 0xbe, 0xcc, 0xf7], - // nonce: [0x23, 0xb2, 0xf9, 0x06, 0x8b, 0x2c, 0x4c, 0x85], - // plain_text: vec!(0xbe, 0x6b, 0x67, 0xeb, 0x94, 0x3e, 0xe7, 0xb5, 0xc7, 0x85, 0xcd, 0x88, 0x2f, 0x65, 0x3e, 0x73, 0xa8, 0xf7, 0x5b, 0x4a, 0x41, 0xa2, 0xa7, 0xc5, 0x6a, 0xe5, 0xa1, 0x0f, 0x72, 0x9c, 0xaf, 0x39, 0x94, 0x8f, 0xe4, 0x8a, 0xd0, 0xe5, 0x12, 0x40, 0xe2, 0xe7, 0xaa, 0x43, 0x19, 0x3c, 0x7e, 0xc6, 0xce, 0x7f, 0x49, 0x09, 0xfc, 0x94, 0xc9, 0xf9, 0x9e, 0x38, 0xe6, 0xa0, 0xad, 0x7e, 0x98, 0xeb, 0x29, 0xc5, 0xc2, 0xe6, 0x1c, 0x99, 0xe9, 0xcb, 0xe8, 0x90, 0xf1, 0x54, 0x18, 0x5c, 0xec, 0x21, 0x3a, 0x74, 0x72, 0x5d, 0x23, 0xc1, 0xa4, 0xe4, 0xd0, 0xcb, 0x9b, 0x1a, 0x36, 0xb7, 0x8c, 0x87, 0xe5, 0xee, 0xe2, 0x0d, 0x2a, 0xa2, 0x9a, 0xae, 0x80, 0xd4, 0x75, 0x9e, 0xb0, 0xc5, 0x1c, 0x5d, 0xc3, 0xa9, 0x5b, 0xdb, 0xbf, 0x7e, 0x14, 0xeb, 0x43, 0x44, 0x19, 0xa6, 0xc8, 0x8a, 0x95, 0x4a, 0xc0, 0x3d, 0x0c, 0x98, 0x73, 0x9f, 0x42, 0x11, 0xb8, 0x73, 0x2a, 0xcd, 0x71, 0xc2, 0x97, 0xf5, 0x78, 0xb8, 0xcb, 0x64, 0xcc, 0xac, 0x45, 0xf7, 0x23, 0x5d, 0xdc, 0x7f, 0x2a, 0x3f, 0x5f, 0x99, 0x75, 0x25, 0xc1, 0xed, 0x39, 0xdc, 0x55, 0x01, 0x26, 0xcd, 0xf9, 0xce, 0xda, 0xf5, 0x54, 0x25, 0x48, 0x90, 0x85, 0xe9, 0x1b, 0x17, 0x0b, 0xe6, 0x20, 0x5a, 0x5a, 0x39, 0x5f, 0x2d, 0xd4, 0x08, 0x4a, 0x3e, 0x8d, 0xbc, 0x4f, 0xd8, 0xb1, 0x32, 0x52, 0xf7, 0xef, 0xfa, 0xe0, 0x67, 0xb5, 0x71, 0xcb, 0x94, 0xa1, 0xe5, 0x4a, 0xba, 0x45, 0xb1, 0xb9, 0x84, 0x13, 0x08, 0xdb, 0x0c, 0xc7, 0x5b, 0x03, 0xcf, 0xce, 0x4d, 0xda, 0xfe, 0x89, 0xce, 0x20, 0xf2, 0xd1), - // aad: vec!(0x7e, 0xb6, 0xd7, 0xb7, 0xbb, 0xaa, 0xa3, 0xc2, 0x02, 0xa4, 0xf0, 0xf1, 0xde, 0x22, 0x63, 0x76, 0x71, 0x69, 0xeb, 0x4a, 0x64, 0x85, 0x32, 0x40, 0xd4, 0x8c, 0x0f, 0x8d, 0x5d, 0x31, 0xb0, 0x8d, 0x5b, 0xaf, 0x42, 0x97, 0x76, 0x14, 0xa5, 0x7a, 0xad, 0x99, 0x42, 0x6c, 0xde, 0x76, 0xd2, 0x42, 0xcb, 0x37, 0xd2, 0x95, 0x6d, 0x8c, 0x77, 0xdc, 0x4f, 0xd6, 0x2a, 0x3a, 0xbf, 0x30, 0xe8, 0xac, 0x6c, 0xd5, 0x8c, 0x8e, 0xf3, 0x5e, 0x67, 0x49, 0x70, 0x22, 0x96, 0x01, 0x38, 0xc5, 0x77, 0x87, 0x81, 0x88, 0x92, 0x46, 0x0f, 0x3b, 0xfc, 0x16, 0xe3, 0x7f, 0xf3, 0x88, 0xb1, 0xed, 0xc6, 0xce, 0x2b, 0xc5, 0x3c, 0x22, 0x71, 0x7e, 0xdc, 0x7a, 0x03, 0xd4, 0xc7, 0x8b, 0x0d, 0xbb, 0xe9, 0x12, 0x1c, 0x7f, 0xd8, 0xa3, 0xe3, 0x99, 0x3b, 0x87, 0xa4, 0xfe, 0x38, 0x9b, 0xff, 0x13, 0xbd, 0xae, 0x3b, 0x34, 0x9d, 0xe0, 0xb6, 0xdb, 0x56, 0x16, 0x02, 0xc5, 0x3f, 0x74, 0x60, 0x22, 0xae, 0xb4, 0x48, 0x3c, 0x72, 0x3b, 0x67, 0x82, 0x50, 0x42, 0xf4, 0xaf, 0x20, 0xb7, 0xdd, 0x1e, 0x60, 0x31, 0xcf, 0x54, 0x21, 0x52, 0x66, 0x29, 0x5c, 0x52, 0x4a, 0xc8, 0xe1, 0x37, 0x04, 0x24, 0xc5, 0xc5, 0xe6, 0x07, 0xfb, 0x3e, 0x23, 0xe9, 0x7c, 0x8e, 0xeb, 0xe6, 0x46, 0x56, 0x77, 0x5e, 0xdf, 0x61, 0x64, 0x22, 0xa8, 0xb9, 0x74, 0xe1, 0xac, 0xf1, 0x3a, 0xb4, 0x5c, 0x9a, 0x36, 0x7a, 0x7d, 0xd9, 0xb2, 0xd6, 0x2f, 0x48, 0xbb, 0xc0, 0x58, 0x19, 0xb6, 0x5e, 0xcc, 0xb8, 0x13, 0xca, 0x81, 0x3f, 0x57, 0xb2, 0x2e, 0xe4, 0xc2, 0x80, 0xdb, 0xb5, 0xa9, 0xd8, 0xd5), - // cipher_text: vec!(0x0b, 0x31, 0x6a, 0xb2, 0xbc, 0xf5, 0x35, 0x99, 0x00, 0xfa, 0x40, 0x82, 0xd5, 0xd2, 0x53, 0xb4, 0x9a, 0xd9, 0x4b, 0x70, 0xe3, 0xfa, 0xb5, 0x44, 0xf9, 0x8b, 0xd1, 0x11, 0xcb, 0xce, 0xf6, 0x76, 0x6c, 0xf9, 0x53, 0xde, 0xec, 0x08, 0xca, 0xe1, 0xf4, 0x89, 0xfe, 0x12, 0xf7, 0xac, 0xc0, 0x03, 0x2d, 0xb8, 0xa6, 0xb0, 0xc0, 0xee, 0xe0, 0xc2, 0x06, 0xea, 0x5f, 0xb9, 0x73, 0xfe, 0xae, 0xbf, 0x90, 0xf6, 0x90, 0xe8, 0x40, 0x09, 0x4d, 0xb5, 0xe1, 0x3f, 0xdd, 0x71, 0x57, 0xba, 0x12, 0x73, 0x68, 0xc9, 0x95, 0xb4, 0x26, 0x52, 0x94, 0x35, 0xa1, 0xbc, 0xdd, 0x1f, 0x14, 0xce, 0x91, 0x25, 0xb8, 0xa0, 0xe4, 0xc9, 0x6b, 0x6e, 0xc0, 0x9e, 0x3c, 0x36, 0xa1, 0x80, 0xad, 0xf8, 0x19, 0x41, 0xc0, 0x02, 0xd1, 0x9c, 0x19, 0xd5, 0x3c, 0x20, 0x09, 0xbe, 0x80, 0x3b, 0x98, 0x75, 0x04, 0x60, 0x6b, 0x7d, 0x43, 0xbd, 0xee, 0x5e, 0x0b, 0x32, 0xff, 0x23, 0xc4, 0x66, 0xb6, 0xcc, 0xcf, 0xcd, 0x0d, 0x4e, 0x88, 0xfd, 0x13, 0x32, 0xe7, 0x37, 0x12, 0xb5, 0xab, 0x72, 0x5c, 0x1a, 0x38, 0x3e, 0x58, 0x4f, 0x34, 0xf8, 0x0d, 0xaf, 0xf2, 0x9d, 0x28, 0x5a, 0xe5, 0xe4, 0x3c, 0xf1, 0xd0, 0xcc, 0x7a, 0x82, 0x8e, 0x75, 0xc2, 0x5d, 0xac, 0xed, 0x3a, 0x58, 0x1a, 0x93, 0xd7, 0xa5, 0x0f, 0x31, 0x3b, 0x33, 0xf3, 0x8d, 0xdd, 0xfa, 0xa2, 0x3c, 0xd5, 0xb9, 0x91, 0x47, 0x97, 0xdb, 0x82, 0x0e, 0xe2, 0x40, 0x0d, 0x52, 0xbf, 0x5f, 0xa9, 0x82, 0x27, 0x7f, 0xe9, 0xb5, 0x88, 0x1a, 0xc4, 0x29, 0x81, 0x63, 0x3b, 0x39, 0x57, 0xb0, 0xe9, 0x35, 0x05, 0x18, 0x28), - // tag: vec!(0x01, 0x97, 0x3e, 0xe2, 0xe8, 0x1c, 0xef, 0x22, 0x75, 0x1a, 0x6a, 0x88, 0x31, 0xd7, 0x52, 0xef) - // }, - // TestVector{ - // key: [0xfe, 0x4b, 0xe6, 0x05, 0x47, 0x73, 0xf6, 0x34, 0x35, 0x6a, 0xc3, 0x28, 0x59, 0x1f, 0xbc, 0x6f, 0x83, 0x3b, 0x0d, 0x1b, 0xee, 0xb3, 0x8d, 0xd5, 0xb6, 0xfe, 0xb7, 0x48, 0x1b, 0x44, 0x89, 0xd4], - // nonce: [0x0b, 0x3f, 0x16, 0xf8, 0x98, 0xa5, 0xa7, 0xd5], - // plain_text: vec!(0x76, 0xce, 0xd1, 0xad, 0xe6, 0xd1, 0xef, 0x40, 0x69, 0xaf, 0xdd, 0xb3, 0x2e, 0x74, 0x32, 0xd4, 0xff, 0x2f, 0xd0, 0x66, 0x85, 0x12, 0x1f, 0x7b, 0x16, 0x46, 0x4e, 0x7a, 0x72, 0xd3, 0x65, 0x74, 0x4f, 0x54, 0x7d, 0x2c, 0xcf, 0x53, 0x48, 0x63, 0x10, 0xe3, 0x8b, 0x42, 0xd8, 0xba, 0xca, 0xf7, 0x11, 0xe5, 0x4c, 0x54, 0x58, 0xd2, 0xd6, 0x8c, 0x4d, 0xbc, 0xc8, 0xde, 0x31, 0xab, 0x67, 0x32, 0xf4, 0x43, 0x0e, 0x88, 0xa6, 0x45, 0x65, 0xf5, 0xb2, 0x87, 0x64, 0x07, 0x75, 0xaa, 0xa2, 0xaf, 0x1c, 0xc4, 0x61, 0xd3, 0xe4, 0x15, 0xbb, 0x27, 0x5c, 0x62, 0x46, 0xb1, 0xb5, 0x85, 0x17, 0xaa, 0x72, 0x66, 0x7e, 0xae, 0x29, 0x1a, 0x29, 0x82, 0xed, 0xa1, 0x75, 0xd1, 0xb2, 0x2c, 0x5a, 0x58, 0xe6, 0xfe, 0xc2, 0xb3, 0x74, 0x3d, 0x55, 0x71, 0x2f, 0x20, 0x1c, 0xa2, 0x4b, 0xa5, 0xc0, 0xae, 0x8c, 0x25, 0x72, 0x48, 0x71, 0xb2, 0xec, 0x2f, 0xb9, 0x14, 0xa8, 0xda, 0x5a, 0x52, 0x67, 0x0a, 0xb9, 0xb4, 0x3a, 0x83, 0xb8, 0x56, 0x8c, 0xe7, 0x4d, 0xb5, 0xc6, 0x34, 0x06, 0x1c, 0xb8, 0x05, 0x30, 0xc8, 0x07, 0x0c, 0x38, 0xb8, 0xf4, 0x8c, 0x33, 0xba, 0x13, 0x6c, 0xb9, 0xf2, 0x15, 0x8e, 0xe7, 0xed, 0xa8, 0xb6, 0x5f, 0x21, 0x92, 0xfc, 0x94, 0xd1, 0x29, 0x1f, 0x18, 0x2f, 0x10, 0x17, 0x95, 0xb7, 0x19, 0x0c, 0x74, 0xb3, 0x19, 0xd2, 0xd3, 0xe0, 0x2a, 0x97, 0xc8, 0x24, 0xd9, 0xc9, 0x47, 0x1a, 0x83, 0x79, 0x7e, 0x49, 0x36, 0x31, 0x0b, 0x20, 0x7e, 0x3a, 0x1e, 0x0b, 0xcf, 0x75, 0xf7, 0xc3, 0xe3, 0xee, 0x48, 0xa7, 0x47, 0x64, 0x1c, 0xdc, 0x43, 0x77, 0xf2, 0xd5, 0x50, 0x82), - // aad: vec!(0x83, 0x4c, 0xd7, 0x75, 0xcb, 0xef, 0xe4, 0xb3, 0x3a, 0x3c, 0xa5, 0x3a, 0x00, 0xc0, 0x6a, 0x3c, 0x4a, 0x66, 0x69, 0x83, 0xe4, 0x11, 0x5a, 0x02, 0x9f, 0x15, 0x72, 0x94, 0x60, 0xda, 0xa4, 0x5d, 0x15, 0x05, 0xe9, 0x51, 0x72, 0xd3, 0x69, 0x56, 0x25, 0xa1, 0x86, 0xb2, 0x8b, 0x8b, 0xe1, 0x73, 0xa9, 0x25, 0xaf, 0x04, 0x66, 0x5f, 0x20, 0x92, 0x67, 0xb3, 0xc5, 0x12, 0x3e, 0x8b, 0xe1, 0x3d, 0xa4, 0x47, 0xee, 0x1a, 0xe8, 0x56, 0xbb, 0x09, 0x25, 0xf3, 0x5a, 0xaa, 0x76, 0xe0, 0x4a, 0x7b, 0xca, 0x84, 0x60, 0xf7, 0x6c, 0x20, 0x24, 0xde, 0x21, 0x49, 0xf3, 0x8a, 0x8c, 0xfb, 0xa8, 0x16, 0x94, 0xb8, 0x54, 0x88, 0x5d, 0x72, 0x56, 0x81, 0x05, 0x57, 0x1b, 0x6b, 0x21, 0x3a, 0x0b, 0xc1, 0x88, 0xa4, 0x4c, 0xc7, 0xfe, 0x13, 0x15, 0x3c, 0xbf, 0x26, 0x14, 0x01, 0xb2, 0x38, 0xcf, 0x12, 0xa9, 0x5e, 0x23, 0xcb, 0x56, 0xf2, 0x40, 0x11, 0x4f, 0x16, 0xe2, 0xf1, 0xe3, 0xa5, 0x14, 0x61, 0x5a, 0xab, 0x44, 0x49, 0xc0, 0xc4, 0x9e, 0x4d, 0x90, 0x0b, 0x0e, 0x17, 0xd1, 0xa8, 0xda, 0xbb, 0x53, 0xd4, 0x3d, 0xca, 0x32, 0xfa, 0x05, 0x2d, 0x57, 0x6b, 0x73, 0xdd, 0x9b, 0x40, 0x85, 0x6b, 0x51, 0x5d, 0x6d, 0x7e, 0xfc, 0x2a, 0x5c, 0x17, 0xe0, 0xeb, 0xcb, 0x17, 0xbd, 0x59, 0xdc, 0x86, 0xf2, 0x2c, 0xe9, 0x09, 0x30, 0x1a, 0x26, 0x52, 0xf1, 0x34, 0xe8, 0x2e, 0xf0, 0xe4, 0x51, 0x94, 0x87, 0xed, 0x12, 0xd5, 0x15, 0x36, 0x02, 0x4f, 0x2a, 0xe8, 0xf7, 0x5d, 0x93, 0x7c, 0x42, 0xd0, 0x03, 0x07, 0x6e, 0x5d, 0xea, 0x8d, 0xe0, 0xc6, 0x84, 0xcd, 0xa1, 0xf3, 0x42, 0x53, 0xd8, 0xfc), - // cipher_text: vec!(0xf8, 0xde, 0xfb, 0x6f, 0xe9, 0x5d, 0xfe, 0xc4, 0x99, 0xb9, 0x09, 0x99, 0x6a, 0x1f, 0x75, 0xa1, 0x98, 0xa9, 0x0e, 0x4d, 0x6c, 0x64, 0x64, 0xd0, 0x0a, 0x35, 0x7a, 0x55, 0x53, 0x11, 0xc4, 0x2f, 0xe9, 0x2d, 0xbb, 0xc4, 0xb7, 0x9c, 0x93, 0x5e, 0x4f, 0x0b, 0x1a, 0x95, 0xe4, 0x4f, 0xdb, 0xc1, 0x38, 0x0b, 0xeb, 0xab, 0xca, 0x28, 0xdb, 0x4d, 0xd0, 0xd2, 0x87, 0x0d, 0xaa, 0xaf, 0xc3, 0x8e, 0xf2, 0x79, 0x08, 0xc3, 0x50, 0x9e, 0x94, 0x57, 0x14, 0x80, 0x1c, 0xc5, 0x1f, 0x1a, 0x07, 0xb2, 0x43, 0x0c, 0x74, 0xfa, 0x64, 0xf2, 0xa7, 0xc2, 0xf7, 0xfd, 0x15, 0x51, 0xd2, 0x58, 0xc9, 0xc3, 0xbe, 0x02, 0x08, 0x73, 0xfc, 0x1b, 0xf1, 0x9f, 0x33, 0xab, 0x6c, 0x66, 0x09, 0x11, 0xdc, 0xf2, 0x31, 0x71, 0x95, 0xd0, 0xef, 0xee, 0x82, 0xd2, 0x0e, 0xc2, 0x6d, 0x22, 0x61, 0x1f, 0x9c, 0xf8, 0x6c, 0x51, 0xa6, 0x4e, 0x28, 0xb3, 0xa1, 0xf3, 0x44, 0x50, 0x00, 0x18, 0xe0, 0x85, 0x5c, 0x88, 0xda, 0xe3, 0xc0, 0x7a, 0xca, 0xea, 0xa1, 0x0b, 0x60, 0x38, 0x84, 0x84, 0xdc, 0xe9, 0x3e, 0x16, 0xe6, 0xe1, 0xa6, 0xe6, 0x9e, 0x89, 0x98, 0x06, 0x64, 0x8a, 0x92, 0x56, 0x8c, 0x87, 0x80, 0xe9, 0xf4, 0xba, 0xac, 0xd9, 0x8c, 0xbb, 0x35, 0x3a, 0xc2, 0xf9, 0x08, 0xe7, 0x75, 0xd9, 0x23, 0x03, 0xcf, 0xab, 0x84, 0x3f, 0x15, 0xbe, 0x0e, 0x0c, 0x32, 0x2a, 0x95, 0x88, 0x02, 0xfb, 0x1a, 0x60, 0xfc, 0xc7, 0x63, 0x1f, 0x15, 0x1f, 0x4c, 0x2b, 0x8c, 0xb9, 0x65, 0xd2, 0xd2, 0x96, 0xac, 0xef, 0x25, 0x02, 0x75, 0xa2, 0xfe, 0xcc, 0x0c, 0xea, 0x80, 0x3c, 0xe7, 0xc0, 0x58, 0xb1, 0x2d, 0xd2), - // tag: vec!(0xad, 0xe5, 0x15, 0x09, 0x19, 0x30, 0xdd, 0x78, 0x61, 0xb2, 0x7f, 0x78, 0xa8, 0x7e, 0xf6, 0x0c) - // }, - // TestVector{ - // key: [0xa2, 0x88, 0xb1, 0x1c, 0xe5, 0x38, 0x2e, 0xc7, 0x24, 0xce, 0x4a, 0xb2, 0xd7, 0xef, 0xa8, 0xe7, 0x77, 0xe9, 0x1e, 0xbd, 0x04, 0x36, 0x79, 0x35, 0xe1, 0x5f, 0x9d, 0xac, 0x48, 0x3e, 0x95, 0x96], - // nonce: [0x87, 0x41, 0x44, 0xdb, 0xf6, 0x48, 0xb3, 0x25], - // plain_text: vec!(0x4c, 0x91, 0x95, 0x28, 0x0a, 0x79, 0xa5, 0x09, 0x91, 0x9a, 0xf4, 0x94, 0x7e, 0x9e, 0x07, 0x23, 0x16, 0x95, 0xfd, 0x7c, 0x50, 0x88, 0x53, 0x9f, 0x23, 0x93, 0x6c, 0xe8, 0x87, 0x70, 0xce, 0x07, 0xd9, 0xad, 0x3a, 0xe4, 0xa4, 0x63, 0xb3, 0xa5, 0x7d, 0x06, 0x34, 0xd3, 0xa7, 0x7c, 0xea, 0xad, 0xf3, 0x47, 0xa3, 0x34, 0x68, 0x2b, 0x04, 0xbe, 0x8e, 0x58, 0xb8, 0xe8, 0x6f, 0xb9, 0x4a, 0x1f, 0x93, 0x25, 0x51, 0x32, 0xb8, 0xcd, 0xb0, 0xdf, 0x86, 0xf5, 0xbe, 0xa3, 0x54, 0xee, 0xa4, 0xe8, 0x31, 0x5f, 0xea, 0x83, 0xe3, 0xfd, 0xf6, 0xe5, 0x8a, 0xa9, 0xf2, 0x6e, 0x93, 0xca, 0xa0, 0x8e, 0x5e, 0x25, 0x51, 0xa9, 0x4b, 0xd9, 0x16, 0xa5, 0x1f, 0xed, 0x29, 0xec, 0x16, 0xf6, 0x68, 0x00, 0xcd, 0xa6, 0xa0, 0xaa, 0x24, 0xec, 0x30, 0x8b, 0xf5, 0xfb, 0x88, 0x5a, 0xfb, 0xa2, 0x72, 0x68, 0x5d, 0xe2, 0x7c, 0x1e, 0xdc, 0xdd, 0x36, 0x68, 0x04, 0x8e, 0xf0, 0x7b, 0x06, 0xe9, 0x0d, 0x46, 0x4a, 0x8a, 0xa2, 0x86, 0x64, 0x90, 0x3c, 0xac, 0x45, 0xe1, 0x54, 0xe8, 0xe1, 0xe3, 0x9c, 0x25, 0x7e, 0x1f, 0xf5, 0x06, 0xb9, 0xd9, 0x5c, 0xef, 0x4f, 0x30, 0x0b, 0xb7, 0x3b, 0x89, 0x9e, 0x78, 0x28, 0x60, 0x2c, 0x3c, 0x1d, 0x29, 0x0b, 0x8c, 0xf5, 0x5e, 0xe5, 0xfd, 0x72, 0xec, 0xce, 0x9e, 0x6e, 0xfc, 0x92, 0x93, 0xae, 0xbf, 0x67, 0x4a, 0x70, 0xe2, 0xa7, 0x67, 0x3e, 0x75, 0x62, 0x9c, 0x12, 0x95, 0x06, 0x22, 0xdf, 0xf7, 0x1d, 0x3e, 0xc0, 0x99, 0x2e, 0x57, 0x77, 0x6c, 0x78, 0x8c, 0x69, 0x27, 0xd3, 0x0b, 0x4e, 0x24, 0xb7, 0x49, 0x19, 0x1c, 0x3c, 0xe8, 0x01, 0x7f, 0x0a, 0xda, 0x62, 0x76, 0xe4, 0x37, 0x20), - // aad: vec!(0x04, 0xab, 0xe8, 0x58, 0x8c, 0x8c, 0x8c, 0x39, 0xa1, 0x82, 0x09, 0x2e, 0x5e, 0x78, 0x40, 0x44, 0x2b, 0xd1, 0xc1, 0x14, 0x9d, 0xa1, 0x02, 0xc4, 0xee, 0x41, 0x2b, 0xd8, 0xb8, 0x2b, 0xaa, 0x50, 0x87, 0xef, 0x72, 0x91, 0xb5, 0xcd, 0x07, 0x7c, 0x17, 0x7c, 0x42, 0x77, 0x0b, 0x00, 0x23, 0xe0, 0xe4, 0x62, 0xb0, 0x6e, 0x75, 0x53, 0xf1, 0x91, 0xbc, 0xb0, 0x31, 0x5a, 0x34, 0x91, 0x8d, 0xcd, 0xbf, 0xfe, 0x2b, 0x99, 0xc3, 0xe0, 0x11, 0xb4, 0x22, 0x0c, 0xc1, 0x77, 0x5d, 0xeb, 0xcc, 0x0d, 0xb5, 0x5f, 0xa6, 0x0d, 0xf9, 0xb5, 0x22, 0x34, 0xf3, 0xd3, 0xfa, 0x96, 0x06, 0x50, 0x8b, 0xad, 0xc2, 0x6f, 0x30, 0xb4, 0x7c, 0xdb, 0x4f, 0x1c, 0x0f, 0x47, 0x08, 0xd4, 0x17, 0xb6, 0x85, 0x3e, 0x66, 0xc2, 0xf1, 0xf6, 0x7f, 0x62, 0x00, 0xda, 0xf7, 0x60, 0xce, 0xb6, 0x4f, 0xfc, 0x43, 0xdb, 0x27, 0xf0, 0x57, 0xad, 0x3e, 0xe9, 0x73, 0xe3, 0x1d, 0x7e, 0x5d, 0x5d, 0xeb, 0x05, 0x03, 0x15, 0xc1, 0xc6, 0x87, 0x98, 0x0c, 0x0c, 0x14, 0x8e, 0xe1, 0xa4, 0x92, 0xd4, 0x7a, 0xcf, 0xcd, 0x61, 0x32, 0x33, 0x41, 0x76, 0xc1, 0x12, 0x58, 0xc8, 0x9b, 0x19, 0xba, 0x02, 0xe6, 0xac, 0xc5, 0x5d, 0x85, 0x2f, 0x87, 0xb6, 0xa2, 0x16, 0x9e, 0xd3, 0x4a, 0x61, 0x47, 0xca, 0xa6, 0x09, 0x06, 0xac, 0x8c, 0x08, 0x13, 0xc0, 0xf0, 0x55, 0x22, 0xaf, 0x7b, 0x7f, 0x0f, 0xad, 0xdb, 0x4b, 0xc2, 0x97, 0x40, 0x5e, 0x28, 0xec, 0xf5, 0xa0, 0xf6, 0xaa, 0xc6, 0x25, 0x84, 0x22, 0xd2, 0x9c, 0xfe, 0x25, 0x0d, 0x61, 0x40, 0x28, 0x40, 0xf3, 0xc2, 0x7d, 0x0c, 0xe3, 0x9b, 0x3e, 0x2d, 0x5f, 0x1e, 0x52, 0x05, 0x41, 0xd2, 0x96, 0x5e), - // cipher_text: vec!(0x0a, 0xfc, 0xe7, 0x70, 0xa1, 0x2f, 0x15, 0xd6, 0x7a, 0xc1, 0x04, 0xba, 0x06, 0x40, 0xaa, 0xb9, 0x59, 0x22, 0x39, 0x06, 0x07, 0x47, 0x3c, 0xbd, 0xa7, 0x13, 0x21, 0x15, 0x6a, 0x55, 0x59, 0x90, 0x6b, 0xe9, 0x33, 0xfb, 0x09, 0x80, 0xda, 0x56, 0xf2, 0x7e, 0x89, 0x79, 0x6e, 0xaa, 0x10, 0x54, 0xf5, 0xaa, 0xcf, 0x16, 0x68, 0xd9, 0xf2, 0x73, 0xcc, 0x69, 0x07, 0x1b, 0x9e, 0x8e, 0x22, 0xaf, 0x6a, 0x20, 0x5a, 0x6a, 0x88, 0xf7, 0xad, 0x91, 0x8e, 0x22, 0xf6, 0x16, 0xbd, 0xdb, 0xb0, 0x7c, 0x78, 0x91, 0x3c, 0x7e, 0x05, 0x6e, 0x76, 0x9e, 0x6f, 0xcf, 0x91, 0xc7, 0x60, 0x0c, 0x27, 0x40, 0x21, 0x2e, 0x3a, 0x17, 0x6e, 0x41, 0x10, 0xca, 0xc9, 0xe3, 0x61, 0xa5, 0x9a, 0x77, 0x34, 0x57, 0x06, 0x4d, 0x2d, 0xc6, 0x52, 0xdd, 0x11, 0x5d, 0x04, 0xf1, 0xc3, 0x75, 0x6c, 0x0e, 0x1d, 0x39, 0xf6, 0x73, 0x7a, 0x16, 0xb4, 0x50, 0x86, 0x63, 0xe3, 0x10, 0x93, 0x4c, 0x49, 0xc5, 0x80, 0x58, 0xb3, 0xc7, 0xb9, 0xaf, 0x7b, 0xb2, 0x33, 0x4c, 0x8a, 0x16, 0x36, 0x08, 0xc4, 0x24, 0x99, 0x65, 0x89, 0x86, 0x92, 0x7c, 0xda, 0x36, 0x5e, 0x2a, 0xea, 0xd3, 0xac, 0x29, 0xde, 0x16, 0xe4, 0x7e, 0x95, 0x43, 0x83, 0xea, 0x56, 0x6f, 0x8f, 0xb2, 0x45, 0xa4, 0xe5, 0xa9, 0x34, 0xc7, 0x67, 0xbb, 0x3b, 0xf7, 0xe0, 0xeb, 0x8a, 0x47, 0x7f, 0xd0, 0xe1, 0xf6, 0x1b, 0xcb, 0x23, 0x84, 0x62, 0xa0, 0xd1, 0x9c, 0x5c, 0xea, 0x92, 0x93, 0xca, 0x58, 0xad, 0xe7, 0x68, 0x29, 0x41, 0x32, 0x16, 0xa7, 0x88, 0x2c, 0xd2, 0x84, 0x63, 0x23, 0x04, 0x66, 0x94, 0xf7, 0x8c, 0xd8, 0xb0, 0x34, 0x77, 0x92, 0xeb, 0xb7, 0x5a, 0xbd, 0xc1), - // tag: vec!(0x97, 0x3e, 0x58, 0xb1, 0xb8, 0xad, 0xb1, 0x76, 0xa6, 0xf1, 0xe5, 0xc9, 0x63, 0xbf, 0xdc, 0x5c) - // }, - // TestVector{ - // key: [0x65, 0xb6, 0x3e, 0xd5, 0x37, 0x50, 0xc8, 0x8c, 0x50, 0x8c, 0x44, 0x88, 0x1a, 0xe5, 0x9e, 0x6f, 0xff, 0x69, 0xc6, 0x62, 0x88, 0xf3, 0xc1, 0x4c, 0xfe, 0xc5, 0x03, 0x39, 0x12, 0x62, 0xca, 0xfc], - // nonce: [0x7f, 0x5e, 0x56, 0x0a, 0x1d, 0xe4, 0x34, 0xba], - // plain_text: vec!(0x84, 0x5e, 0xf2, 0x7b, 0x66, 0x15, 0xfb, 0x69, 0x9d, 0x37, 0x97, 0x1d, 0xb6, 0xb5, 0x97, 0x93, 0x0a, 0x7e, 0xf1, 0xe6, 0xf9, 0x00, 0x54, 0x79, 0x1e, 0xb0, 0x4d, 0xdf, 0xe7, 0x25, 0x2b, 0x5f, 0x88, 0xfd, 0x60, 0xeb, 0xa5, 0xaf, 0x46, 0x9b, 0xc0, 0x96, 0x61, 0xc0, 0x98, 0x7a, 0x49, 0x6f, 0xa5, 0x40, 0x62, 0x1a, 0xfe, 0xec, 0x51, 0xbe, 0xbd, 0xa7, 0x86, 0x82, 0x68, 0x00, 0x94, 0x3d, 0x97, 0x70, 0x39, 0xde, 0xe7, 0x62, 0x35, 0x24, 0x81, 0x12, 0xff, 0x8b, 0x74, 0x3f, 0x25, 0xed, 0x5f, 0x3c, 0xb0, 0xd3, 0x30, 0x7f, 0x5e, 0x11, 0x8d, 0x84, 0xfd, 0xbb, 0x9c, 0x3f, 0x55, 0x31, 0xbc, 0x17, 0x7f, 0xb8, 0x45, 0x49, 0xc9, 0x94, 0xea, 0x44, 0x96, 0xc6, 0x5e, 0x52, 0x49, 0xda, 0x98, 0x7d, 0xd7, 0x55, 0xd4, 0x6d, 0xc1, 0x78, 0x8f, 0x58, 0x24, 0x10, 0x26, 0x6a, 0x10, 0xf2, 0x91, 0xc1, 0x47, 0x4f, 0x73, 0x21, 0x83, 0xa2, 0xa3, 0x9a, 0xfe, 0x60, 0x37, 0x71, 0xbb, 0x9c, 0x42, 0x3f, 0xe3, 0xe8, 0x90, 0x6f, 0x2b, 0xe4, 0x4a, 0x0c, 0x9a, 0x7c, 0x3f, 0x0c, 0xeb, 0x09, 0xd1, 0xd0, 0xf9, 0x2d, 0x94, 0x23, 0x83, 0xa8, 0x75, 0xc0, 0x56, 0x7c, 0x78, 0x69, 0xf0, 0x45, 0xe5, 0x6d, 0xd1, 0xa4, 0xd6, 0xe9, 0x0c, 0x58, 0xd4, 0x4f, 0xe0, 0xc5, 0x76, 0x0b, 0xb4, 0xfd, 0x01, 0xde, 0x55, 0x43, 0x9d, 0xb5, 0x2b, 0x56, 0x83, 0x1e, 0x5a, 0x26, 0xa4, 0x7d, 0xe1, 0x42, 0x49, 0x45, 0x3a, 0x4f, 0x8e, 0x7d, 0xa3, 0xcb, 0x32, 0x82, 0xc6, 0x62, 0x29, 0x16, 0x19, 0x7e, 0xbf, 0xaa, 0xd8, 0x5d, 0xd6, 0x5c, 0x61, 0xe7, 0xd2, 0xd3, 0xba, 0x62, 0x62, 0x76, 0x36, 0x67, 0x46, 0xf3, 0x96, 0x39, 0x4c, 0x1b, 0xf7, 0x5f, 0x51, 0xce), - // aad: vec!(0x51, 0xa3, 0x58, 0x83, 0x98, 0x80, 0x8e, 0x1d, 0x6a, 0x98, 0x50, 0x5c, 0x6e, 0x56, 0x01, 0xae, 0x2a, 0x27, 0x66, 0xf1, 0xf2, 0x8f, 0x8f, 0x69, 0xd1, 0xcc, 0xbc, 0xad, 0x18, 0x03, 0x8c, 0x15, 0x7b, 0x41, 0x52, 0x5b, 0xe5, 0x8a, 0xe4, 0x52, 0x7a, 0x07, 0x37, 0x48, 0xb7, 0xa0, 0x48, 0x09, 0xe5, 0x2a, 0x5d, 0xf0, 0xc7, 0x98, 0x84, 0x17, 0x60, 0x77, 0x38, 0xe6, 0x3d, 0x7e, 0xad, 0x47, 0xdb, 0x79, 0x5a, 0x34, 0x6b, 0x04, 0xe7, 0x40, 0x18, 0x6e, 0x73, 0xcc, 0xad, 0x79, 0xf7, 0x25, 0xb5, 0x8e, 0xe2, 0x2d, 0xc6, 0xe3, 0x0d, 0x1f, 0x0a, 0x21, 0x8e, 0xda, 0x17, 0x91, 0xe2, 0x22, 0x9b, 0x25, 0x3d, 0x4a, 0xb2, 0xb9, 0x63, 0xa4, 0x3e, 0x12, 0x31, 0x8c, 0x8b, 0x07, 0x85, 0xc2, 0x0f, 0xca, 0x3a, 0xbc, 0xf2, 0x20, 0xc0, 0x87, 0x45, 0xd9, 0xf9, 0x60, 0x2f, 0x0e, 0xce, 0x54, 0x4a, 0x05, 0x73, 0x6d, 0x76, 0xb1, 0x2d, 0x24, 0x96, 0x99, 0xc9, 0xe3, 0xe9, 0x9f, 0x3f, 0x13, 0xcf, 0x4e, 0x5d, 0xc1, 0x3a, 0x04, 0x12, 0x5c, 0x94, 0x9a, 0x5b, 0x30, 0xd0, 0x34, 0xb2, 0x3c, 0xb3, 0x64, 0xc8, 0x78, 0x19, 0x64, 0xbc, 0x6c, 0x30, 0xe5, 0xe5, 0xca, 0x96, 0x73, 0xd5, 0x17, 0xef, 0x5f, 0x35, 0x96, 0x5d, 0x8a, 0x8c, 0xf1, 0xbe, 0x01, 0x7e, 0x34, 0x3d, 0xf9, 0x7b, 0x6b, 0xee, 0x37, 0xb3, 0x06, 0x38, 0xb1, 0x54, 0x28, 0x6d, 0x1f, 0x36, 0xd2, 0xf9, 0xa0, 0xea, 0xa2, 0x3c, 0xc4, 0x84, 0xea, 0xc5, 0xa0, 0x5b, 0x15, 0xd9, 0xef, 0xc5, 0x37, 0xd9, 0x89, 0xdb, 0xc8, 0xb3, 0x10, 0x6c, 0x0d, 0xc1, 0xa5, 0x6e, 0x97, 0xe6, 0xae, 0xc2, 0xef, 0xf5, 0x4a, 0x82, 0xcf, 0x7a, 0xe9, 0xdf, 0x2a, 0xf4, 0x6b, 0x4c, 0x86, 0x0f, 0x83), - // cipher_text: vec!(0x02, 0x7b, 0x14, 0x19, 0x7b, 0x40, 0x12, 0x25, 0x6b, 0x13, 0x3b, 0x78, 0xdd, 0xc9, 0x4e, 0x72, 0xfb, 0x4d, 0x72, 0x4f, 0xef, 0xa4, 0xae, 0x32, 0x9f, 0x5a, 0x5f, 0xa3, 0xfa, 0x78, 0x4f, 0xe6, 0xd7, 0xe1, 0xe8, 0x05, 0xe3, 0xf7, 0xa7, 0x55, 0x57, 0xde, 0x64, 0xde, 0x50, 0x6d, 0x38, 0x23, 0x7b, 0x46, 0x7f, 0xa5, 0x77, 0xef, 0xb5, 0x9e, 0x7c, 0xfe, 0x23, 0x56, 0xbe, 0xd6, 0x65, 0x5c, 0x5a, 0xa4, 0xe2, 0x38, 0xdc, 0xfe, 0xb7, 0x5c, 0x16, 0x54, 0x9a, 0x09, 0x17, 0x26, 0x87, 0x68, 0xa9, 0x6a, 0xcb, 0x5e, 0x20, 0x54, 0x6a, 0x1f, 0xb7, 0xe3, 0xa7, 0xcf, 0xf8, 0x87, 0xf4, 0x9f, 0x2c, 0xd7, 0xa1, 0x35, 0xf7, 0x2a, 0x98, 0xa7, 0x79, 0x15, 0x0f, 0x32, 0x07, 0xbf, 0x73, 0x3e, 0x88, 0x86, 0x1f, 0xd7, 0x9e, 0xad, 0xbf, 0x77, 0xfa, 0x3b, 0xfe, 0x97, 0xbf, 0xe8, 0xb6, 0xa9, 0x91, 0xcb, 0x3b, 0xcc, 0x2c, 0xde, 0x82, 0x87, 0xf7, 0xe8, 0x93, 0x84, 0x84, 0x65, 0x61, 0x93, 0x4b, 0x0f, 0x3e, 0x05, 0xe0, 0x64, 0x6e, 0x0e, 0x19, 0x07, 0x77, 0x0d, 0xf6, 0x7a, 0x75, 0x94, 0x16, 0x1a, 0x4d, 0x07, 0x63, 0xfa, 0xa6, 0xfa, 0x84, 0x40, 0x80, 0x93, 0x21, 0x59, 0x99, 0x9d, 0x52, 0x8e, 0xe0, 0x55, 0x87, 0x10, 0x05, 0x8c, 0xe1, 0x6f, 0x97, 0xd1, 0x3a, 0xc9, 0xfd, 0x9b, 0xf5, 0x04, 0x41, 0x91, 0x18, 0x8b, 0xbf, 0xb5, 0x98, 0xd0, 0xfa, 0xfb, 0xdf, 0x79, 0x0b, 0x61, 0xce, 0x07, 0x81, 0xec, 0xc0, 0x42, 0x18, 0xa3, 0x0d, 0xed, 0x45, 0xef, 0xd4, 0x98, 0xcc, 0x9b, 0xa0, 0x35, 0x62, 0xed, 0x2b, 0x4a, 0x99, 0x3e, 0xe9, 0x88, 0x76, 0xb3, 0xab, 0x7a, 0x9b, 0xc0, 0x78, 0x29, 0xf1, 0xc4, 0xca, 0x6e, 0xad, 0x98, 0xc0, 0x6b), - // tag: vec!(0xe4, 0xd1, 0x8a, 0x70, 0x1b, 0x83, 0x08, 0x69, 0x7b, 0x5e, 0x79, 0x14, 0x1e, 0xd7, 0x83, 0xc1) - // }, - // TestVector{ - // key: [0x49, 0x86, 0xfd, 0x62, 0xd6, 0xcb, 0x86, 0xb2, 0xea, 0xf2, 0x19, 0x17, 0x4b, 0xec, 0x68, 0x1b, 0xeb, 0xcd, 0xef, 0x86, 0xc8, 0xbe, 0x29, 0x1f, 0x27, 0xd3, 0xe5, 0xdc, 0x69, 0xe2, 0xfe, 0xba], - // nonce: [0xd0, 0x8d, 0x48, 0x66, 0x20, 0xed, 0x2e, 0x84], - // plain_text: vec!(0x3a, 0x22, 0xad, 0x5d, 0xe3, 0x87, 0xdb, 0x4f, 0xdd, 0x5d, 0x62, 0xa1, 0xb7, 0x28, 0xc2, 0x3a, 0x8d, 0xdd, 0xc5, 0x0b, 0x1e, 0x89, 0xf5, 0x4f, 0x61, 0x98, 0xb9, 0x04, 0x99, 0xf9, 0xda, 0x31, 0x22, 0xeb, 0xeb, 0x38, 0xeb, 0xf5, 0xfd, 0xfe, 0x30, 0x30, 0x97, 0x34, 0xf7, 0x9a, 0xff, 0x01, 0xe3, 0xde, 0x1e, 0x19, 0x6b, 0x35, 0xbf, 0xfa, 0x33, 0xba, 0xe4, 0x51, 0xf3, 0x1f, 0x74, 0xb8, 0xae, 0xc0, 0x37, 0x63, 0xf9, 0xe0, 0x86, 0x1a, 0x34, 0xfe, 0x5d, 0xb0, 0xb4, 0x0c, 0x76, 0xe5, 0x7c, 0x7f, 0xc5, 0x82, 0xbf, 0xa1, 0x9c, 0x94, 0xee, 0x25, 0xb5, 0xe1, 0x68, 0x27, 0x0f, 0x37, 0x9b, 0xf9, 0xf8, 0xa0, 0xa1, 0x8b, 0xed, 0x05, 0xde, 0x25, 0x6f, 0x8f, 0x0d, 0xd7, 0xc2, 0x3b, 0xa2, 0xff, 0x1c, 0x7f, 0x72, 0x14, 0x09, 0x46, 0x2f, 0x04, 0xcc, 0x61, 0x1a, 0xd9, 0xbd, 0x4c, 0x3c, 0x9a, 0xcf, 0x30, 0x74, 0x2a, 0xcf, 0xb9, 0x51, 0x8a, 0x63, 0x75, 0xcb, 0xb1, 0x5d, 0x65, 0xa1, 0xbc, 0x69, 0x93, 0xea, 0x43, 0x48, 0x94, 0xf9, 0x3d, 0x4f, 0x6e, 0x05, 0x99, 0x6e, 0xbc, 0x1b, 0xd5, 0x65, 0x79, 0x29, 0x63, 0x09, 0xa2, 0xc6, 0xb8, 0xfd, 0xe9, 0x50, 0x72, 0x16, 0x8b, 0x5f, 0xd3, 0x19, 0x27, 0xc4, 0xc0, 0xab, 0xaa, 0x05, 0x6b, 0xcd, 0x16, 0x22, 0x1d, 0x5f, 0x22, 0x0b, 0xe4, 0x75, 0x91, 0xf4, 0x32, 0x55, 0x01, 0x3a, 0x26, 0x2d, 0xce, 0x43, 0x98, 0x17, 0xf5, 0x34, 0x83, 0x0b, 0xa8, 0x21, 0x55, 0x34, 0x7e, 0x5f, 0xe3, 0x10, 0x1f, 0x80, 0x11, 0xb8, 0x93, 0x65, 0xa6, 0x56, 0x82, 0x14, 0xed, 0x06, 0x61, 0x91, 0x4e, 0x8c, 0xb3, 0x43, 0x1d, 0x6c, 0x8f, 0x23, 0x47, 0xdf, 0xc1, 0x20, 0x9a, 0x3e, 0xca, 0x4a, 0xaf, 0x0a, 0x11, 0x1f, 0x47, 0xfe), - // aad: vec!(0x7d, 0xd3, 0xf6, 0x56, 0xa0, 0x3c, 0x00, 0x1b, 0x45, 0xca, 0x06, 0x80, 0xbc, 0x3a, 0xc9, 0xd6, 0x8c, 0x6e, 0x96, 0xb5, 0x91, 0xd3, 0xc6, 0x9e, 0xb8, 0xc6, 0x5e, 0x48, 0x90, 0x09, 0xd8, 0x45, 0xcb, 0x33, 0x1c, 0x98, 0xb8, 0x2e, 0x62, 0x7e, 0x06, 0xd5, 0xbf, 0x01, 0xe7, 0x4c, 0x57, 0x3d, 0xf2, 0x68, 0xc2, 0x38, 0x6f, 0x12, 0x62, 0x8c, 0x01, 0x99, 0x51, 0xd4, 0x2f, 0x55, 0x99, 0x1f, 0xf2, 0x0d, 0x72, 0xa7, 0xb2, 0xc4, 0x5f, 0x41, 0xd0, 0xbe, 0x7a, 0xf4, 0x28, 0xc9, 0x2f, 0x32, 0x4a, 0xaa, 0xb8, 0xdf, 0x70, 0xd9, 0x00, 0x30, 0x1c, 0xdf, 0x09, 0xa3, 0xd9, 0x3e, 0xb7, 0x11, 0xc9, 0x19, 0xd3, 0x4a, 0x86, 0xff, 0xf9, 0xcb, 0x07, 0x83, 0x22, 0xee, 0x2e, 0x0a, 0xd4, 0x8d, 0xbd, 0xf3, 0xb7, 0x88, 0x4f, 0x0f, 0x2d, 0xc5, 0xc3, 0x62, 0x62, 0xc5, 0x9b, 0xcf, 0xd7, 0x5a, 0xc6, 0x20, 0x0f, 0x59, 0xc6, 0xfc, 0xd0, 0xce, 0x10, 0xff, 0x50, 0x05, 0xfe, 0xf5, 0xdf, 0x8f, 0x04, 0x32, 0x37, 0x7d, 0xfb, 0xfc, 0x1d, 0xb8, 0xf5, 0x59, 0xe2, 0x7e, 0x1a, 0xee, 0xf3, 0x38, 0x0e, 0xa3, 0x86, 0x48, 0x67, 0xd3, 0x6a, 0x25, 0xa1, 0x86, 0x54, 0x77, 0x9a, 0x75, 0x15, 0x86, 0xca, 0xd3, 0xb8, 0xa4, 0x6b, 0x90, 0x86, 0x4e, 0xe6, 0x97, 0xb0, 0x86, 0x05, 0x67, 0x3b, 0x8d, 0x21, 0x23, 0x43, 0x3c, 0x02, 0x0a, 0x21, 0xc4, 0xdb, 0x24, 0x3d, 0xde, 0x24, 0x20, 0xc1, 0x2f, 0xd4, 0xd5, 0x4a, 0x27, 0x04, 0xa0, 0xc8, 0xc3, 0x76, 0x45, 0x4a, 0x1b, 0x5e, 0x80, 0xfd, 0x6d, 0xb8, 0x9a, 0xab, 0xd5, 0x6d, 0x9b, 0x42, 0x1f, 0x29, 0x64, 0x9e, 0x47, 0x48, 0x24, 0xdf, 0xa5, 0x6c, 0xb5, 0xc6, 0x73, 0xc5, 0x04, 0xd1, 0x0b, 0xe5, 0x2b, 0x53, 0x75, 0x17, 0x09, 0xfe), - // cipher_text: vec!(0xc4, 0x01, 0x80, 0xaf, 0xd5, 0x30, 0x01, 0x66, 0x3f, 0xf4, 0x83, 0x41, 0x10, 0xf5, 0x6e, 0x6b, 0x0f, 0x17, 0x8c, 0xd3, 0xc0, 0xe7, 0xf7, 0xde, 0x5d, 0x00, 0x89, 0xee, 0x41, 0xd8, 0x40, 0x3f, 0xfb, 0x98, 0xe8, 0x49, 0x22, 0x70, 0x65, 0x44, 0xa3, 0x44, 0xd7, 0xe2, 0x62, 0x5b, 0x12, 0xcf, 0x66, 0xb9, 0xc9, 0x66, 0xf9, 0xf5, 0x7d, 0x7b, 0x94, 0xe3, 0xe4, 0xb3, 0x4e, 0x6f, 0x0a, 0xae, 0xd1, 0x76, 0x3c, 0xe0, 0x12, 0x78, 0x2e, 0x2f, 0x5e, 0x16, 0x82, 0xe6, 0xc3, 0x43, 0xfc, 0x79, 0x61, 0xfe, 0xdd, 0xdd, 0x09, 0x19, 0xd0, 0xb9, 0x10, 0xe9, 0x92, 0x3c, 0x17, 0xe3, 0x64, 0x06, 0x97, 0x9b, 0x25, 0x6b, 0x85, 0xae, 0xc2, 0x4e, 0xe3, 0x52, 0xf0, 0x3b, 0x48, 0xc1, 0x30, 0x2e, 0xab, 0x41, 0x9c, 0x83, 0xdc, 0xcc, 0x53, 0x72, 0xcc, 0x05, 0x9e, 0x9d, 0xe5, 0x96, 0x22, 0x4f, 0xa7, 0x00, 0x98, 0xeb, 0x32, 0xfc, 0x95, 0x79, 0xe9, 0x79, 0x17, 0xb9, 0x23, 0x91, 0x4f, 0xa2, 0xef, 0xc3, 0x0a, 0xb2, 0x9b, 0x45, 0x7b, 0xf1, 0x4e, 0x45, 0x58, 0x3b, 0x37, 0x71, 0x48, 0x6b, 0xdc, 0x08, 0x76, 0xf3, 0xea, 0x6e, 0x1a, 0x64, 0x67, 0x46, 0xc4, 0xf8, 0xc5, 0xcb, 0x26, 0x41, 0xa1, 0x55, 0x7c, 0x84, 0x73, 0xe6, 0xea, 0x67, 0xd4, 0x81, 0x1a, 0x67, 0x48, 0x5a, 0xe9, 0xa6, 0x78, 0xff, 0x3a, 0x24, 0x08, 0xca, 0x84, 0x5c, 0x3b, 0x51, 0x95, 0x7e, 0x18, 0x9e, 0xef, 0x47, 0xdf, 0xc1, 0xd4, 0x6b, 0xde, 0x4b, 0x9d, 0x75, 0x4d, 0x7d, 0xf1, 0x3f, 0x82, 0x8d, 0xda, 0xdb, 0x06, 0xe4, 0xeb, 0xdd, 0xb5, 0xf0, 0xda, 0xfb, 0xdb, 0x28, 0xde, 0x4c, 0x5e, 0x60, 0x78, 0x92, 0x6f, 0x20, 0xcd, 0xf9, 0xe9, 0x7e, 0xcd, 0x58, 0xe3, 0x09, 0xe6, 0x40, 0xf7, 0x4f, 0x06), - // tag: vec!(0xfd, 0x5e, 0x29, 0x33, 0x28, 0x32, 0xa1, 0x4a, 0x31, 0xa9, 0xce, 0x2c, 0xa8, 0x56, 0x84, 0x98) - // }, - // TestVector{ - // key: [0x7d, 0x28, 0xa6, 0x08, 0x10, 0xe4, 0x3d, 0x3d, 0xfa, 0x32, 0xe9, 0x7c, 0x07, 0x95, 0x7e, 0xc0, 0x69, 0xfc, 0x80, 0xcc, 0x6a, 0x50, 0x06, 0x18, 0x30, 0xaa, 0x29, 0xb3, 0xaa, 0x77, 0x7d, 0xfc], - // nonce: [0x47, 0x73, 0x8a, 0xc8, 0xf1, 0x0f, 0x2c, 0x3a], - // plain_text: vec!(0xb5, 0x02, 0x78, 0xae, 0x0f, 0x0f, 0xa2, 0xf9, 0x18, 0xbb, 0x9a, 0x5e, 0xd3, 0xa0, 0x79, 0x7c, 0x32, 0x8e, 0x45, 0x29, 0x74, 0xd3, 0x3c, 0xbf, 0x26, 0xa1, 0xe2, 0x13, 0xaa, 0x20, 0xc0, 0x3d, 0x0d, 0x89, 0x49, 0x08, 0x69, 0x75, 0x4a, 0xbf, 0x84, 0xdb, 0xbe, 0x23, 0x1d, 0x7b, 0xcc, 0xdc, 0xed, 0x77, 0xd5, 0x3f, 0xd4, 0x52, 0x73, 0x56, 0xd8, 0xe0, 0x2b, 0x68, 0x1f, 0xc8, 0x9a, 0x53, 0x5a, 0xe8, 0x73, 0x08, 0xbf, 0x7f, 0xbc, 0x26, 0x19, 0x7a, 0x5e, 0xa8, 0x5b, 0xdb, 0x3a, 0xa0, 0x33, 0xb8, 0xda, 0x5c, 0xd1, 0x97, 0xea, 0x6d, 0x72, 0xf9, 0x6f, 0x63, 0xb0, 0x3f, 0x4e, 0xcc, 0x7a, 0xde, 0xdf, 0x39, 0x9a, 0x50, 0x43, 0x77, 0x6c, 0xdb, 0x32, 0xc0, 0x8f, 0x30, 0xb7, 0x7f, 0x34, 0xdf, 0x85, 0xf8, 0xad, 0xb8, 0xe0, 0x26, 0x49, 0xa0, 0x4b, 0x02, 0x0b, 0x03, 0xe1, 0x7d, 0x44, 0x5c, 0xa6, 0x3e, 0x4e, 0xd7, 0x3a, 0xe4, 0x32, 0xc4, 0x81, 0x39, 0x2e, 0x03, 0x1e, 0xba, 0x2f, 0x9d, 0x2f, 0x7f, 0x98, 0x1d, 0x1e, 0x50, 0x91, 0x78, 0x22, 0xbd, 0x6f, 0xf7, 0x1c, 0x23, 0x9d, 0x33, 0x44, 0x4a, 0xda, 0x35, 0x23, 0xa5, 0x9d, 0xfb, 0xce, 0x54, 0x57, 0xea, 0xde, 0xc1, 0xab, 0x92, 0x6c, 0x9e, 0x6c, 0x52, 0x99, 0xc7, 0x52, 0x1e, 0x3f, 0x20, 0x4b, 0x96, 0x90, 0x1a, 0x71, 0x25, 0x04, 0xfc, 0xc7, 0x82, 0xe8, 0xce, 0xa8, 0x0b, 0xa1, 0x2a, 0x7f, 0x7e, 0x71, 0xce, 0xc3, 0xd0, 0x87, 0x18, 0x99, 0xb6, 0xca, 0x05, 0x90, 0x61, 0xda, 0x03, 0x77, 0x15, 0xf7, 0xd1, 0x3f, 0xed, 0x01, 0xc9, 0xca, 0xde, 0x1e, 0x68, 0x7b, 0x4f, 0xbb, 0x1f, 0x4a, 0xc4, 0xb0, 0x40, 0xdb, 0x3b, 0x43, 0x80, 0x0f, 0x11, 0x2f, 0xb9, 0x00, 0xe4, 0xf7, 0x72, 0xd6, 0x1b, 0x92, 0x1c, 0xbc, 0xe4, 0xda, 0x6f), - // aad: vec!(0x32, 0x42, 0x92, 0x81, 0x3b, 0x7d, 0xf1, 0x5b, 0xc0, 0x70, 0xcc, 0x5d, 0x8a, 0x4b, 0xf7, 0x4e, 0xad, 0x03, 0x64, 0x30, 0xbe, 0x63, 0xab, 0xc4, 0x33, 0x04, 0xcf, 0x65, 0x39, 0x59, 0xa2, 0x4a, 0x91, 0xc7, 0xde, 0x5a, 0x67, 0x1c, 0x50, 0xfa, 0x8a, 0x87, 0xe2, 0x1b, 0xb8, 0x2b, 0x06, 0x99, 0x99, 0xaa, 0xdf, 0xb6, 0x89, 0x5d, 0x8b, 0xda, 0x4c, 0x30, 0x83, 0xd1, 0x7b, 0x8c, 0xa5, 0x5b, 0x9a, 0xb1, 0x51, 0x1e, 0xd8, 0xc4, 0xb3, 0x9d, 0x8c, 0x28, 0xc1, 0x1a, 0x22, 0xef, 0x90, 0xc0, 0x8a, 0x98, 0x3e, 0x3f, 0xe2, 0xd9, 0x88, 0xdf, 0x9e, 0x02, 0xb1, 0x6a, 0x20, 0xb2, 0x4f, 0x39, 0xdd, 0xb2, 0x84, 0x29, 0x62, 0x5f, 0x51, 0x1d, 0xb0, 0x82, 0x98, 0xc4, 0xdc, 0x32, 0x1f, 0x6c, 0x26, 0x8f, 0xc8, 0x36, 0xa6, 0x19, 0x1d, 0xf6, 0x23, 0x2f, 0x51, 0xc4, 0x63, 0xa3, 0x97, 0xa8, 0xd8, 0xb3, 0x33, 0x74, 0xab, 0xe9, 0x4e, 0x62, 0xc0, 0xf5, 0xc3, 0x22, 0x38, 0x7e, 0x1f, 0xc4, 0xa1, 0xc1, 0x98, 0x0a, 0x04, 0xa1, 0xa3, 0xc2, 0xc3, 0x1b, 0x32, 0xf1, 0x83, 0xa1, 0x1c, 0x32, 0x68, 0xc6, 0xdc, 0xa5, 0x21, 0x14, 0x9d, 0xc1, 0x6a, 0xf1, 0x20, 0xa7, 0x8b, 0xe6, 0x62, 0x72, 0x10, 0xe8, 0xdd, 0xbc, 0x44, 0x47, 0x2b, 0xc2, 0x4d, 0x66, 0xce, 0x36, 0x81, 0xc7, 0x57, 0x9b, 0x3d, 0x9a, 0x42, 0x52, 0x12, 0xa7, 0x04, 0xa4, 0xf5, 0x10, 0x5c, 0xb8, 0x0f, 0x0d, 0x18, 0xee, 0x86, 0x09, 0x53, 0xd1, 0x0b, 0x59, 0xc1, 0x14, 0x82, 0x67, 0x79, 0xbb, 0xc3, 0x68, 0xd7, 0xa0, 0xee, 0xce, 0x9f, 0x22, 0x3e, 0x47, 0xcd, 0x8e, 0x5f, 0xd4, 0x53, 0x60, 0x7d, 0x10, 0x1d, 0x9d, 0x9c, 0x2b, 0xd9, 0xa6, 0x58, 0xd6, 0x52, 0x0b, 0x87, 0xd7, 0xb4, 0x26, 0x3f, 0x6d, 0x84, 0x5a, 0x52, 0x4a, 0x36, 0xe4), - // cipher_text: vec!(0x2c, 0x21, 0x7e, 0x96, 0x9c, 0x04, 0x74, 0x0a, 0x1a, 0xcf, 0xa3, 0x01, 0x17, 0xeb, 0x5b, 0x32, 0xdc, 0x57, 0x3d, 0xf3, 0x35, 0x4f, 0x4c, 0xc3, 0xbf, 0x8f, 0x69, 0x6f, 0xf9, 0x05, 0xf1, 0xe6, 0x40, 0xf3, 0xb2, 0xc2, 0x50, 0x47, 0x3b, 0x37, 0x66, 0x22, 0xe0, 0xc9, 0xbd, 0xa1, 0x3b, 0x94, 0x64, 0x05, 0x21, 0xbe, 0x1e, 0xf0, 0xfc, 0x66, 0x0b, 0x4c, 0x10, 0xdb, 0xe2, 0xbf, 0xc0, 0x93, 0x03, 0x07, 0x53, 0xe0, 0x4f, 0x6a, 0xae, 0xcf, 0x81, 0x3b, 0x43, 0xb6, 0x1f, 0x96, 0x04, 0x55, 0x97, 0x4b, 0x8b, 0xb8, 0xa9, 0xb4, 0x61, 0xd1, 0xe8, 0xfd, 0x38, 0x02, 0x31, 0x5e, 0x86, 0x3c, 0x00, 0x44, 0x8f, 0x24, 0xdd, 0x38, 0xde, 0xb9, 0x0e, 0x13, 0x54, 0x93, 0x27, 0x4e, 0xb1, 0x4c, 0xcb, 0xde, 0x15, 0xc5, 0x0d, 0xca, 0xd7, 0x34, 0xed, 0x81, 0x5a, 0x80, 0x6b, 0xe6, 0x62, 0x24, 0x92, 0xa8, 0x4c, 0xd0, 0x62, 0xe3, 0xba, 0x56, 0x7b, 0x90, 0x9a, 0x20, 0x5a, 0x1d, 0x0d, 0x2b, 0xed, 0xd4, 0x01, 0x69, 0x69, 0x7d, 0x26, 0x1c, 0x7b, 0x6c, 0x2e, 0x0b, 0x1f, 0x06, 0x98, 0x53, 0xfd, 0x47, 0x0e, 0x8f, 0x36, 0x4a, 0x14, 0x2c, 0x38, 0x6c, 0x43, 0x9a, 0x6d, 0xbe, 0x19, 0x2d, 0xed, 0x5a, 0x3d, 0x0f, 0xbf, 0x73, 0x79, 0x9f, 0x58, 0x8c, 0x59, 0xe5, 0x8c, 0x60, 0x24, 0x9d, 0x98, 0x0d, 0xdc, 0xf0, 0xd9, 0x69, 0x36, 0x31, 0xcd, 0x9b, 0x3f, 0x97, 0x25, 0x09, 0xc3, 0xa7, 0x71, 0x23, 0xd3, 0x8d, 0x9e, 0x26, 0x7e, 0xca, 0xd0, 0x6e, 0x12, 0x08, 0xe3, 0xf1, 0xc0, 0xa6, 0x9f, 0xbc, 0xa7, 0xc3, 0xbb, 0x1a, 0x48, 0xfd, 0xa1, 0x94, 0x93, 0xd0, 0xf8, 0xf4, 0x83, 0x98, 0x82, 0x00, 0x57, 0xb9, 0x41, 0x20, 0xf3, 0xef, 0x97, 0xd8, 0x7e, 0x9e, 0x8a, 0x1b, 0x30, 0x1a, 0x25, 0x34, 0xc6, 0x8f), - // tag: vec!(0x1f, 0xdd, 0x2d, 0xcd, 0x93, 0x5f, 0x55, 0x82, 0x2b, 0xf7, 0x23, 0x1a, 0x51, 0x6c, 0xa8, 0x41) - // }, - // TestVector{ - // key: [0xa7, 0x6e, 0x9b, 0x91, 0x6f, 0x5a, 0x67, 0xb7, 0x8a, 0x59, 0x49, 0x65, 0x1c, 0x8c, 0x3a, 0x97, 0x41, 0xa1, 0xbc, 0x3c, 0x41, 0xcd, 0xf8, 0x5f, 0xd2, 0xc8, 0xf3, 0xe9, 0xa0, 0x61, 0x60, 0x98], - // nonce: [0x08, 0x08, 0xda, 0x82, 0x92, 0xdc, 0x14, 0xe0], - // plain_text: vec!(0x9c, 0x14, 0x9e, 0xeb, 0x09, 0x34, 0x5c, 0x3c, 0x22, 0x46, 0x2b, 0x03, 0xe4, 0x9e, 0xb4, 0xdb, 0xa6, 0xbc, 0x98, 0xb2, 0x69, 0xb1, 0x08, 0x6d, 0x75, 0x2b, 0xcd, 0x8e, 0xea, 0x53, 0xb8, 0x97, 0x7b, 0x23, 0x8a, 0x04, 0xa9, 0x94, 0xba, 0xf9, 0x15, 0x59, 0x16, 0x86, 0xba, 0xab, 0x90, 0xb7, 0x9a, 0x3b, 0xf7, 0xd9, 0xad, 0xb2, 0xc6, 0xc2, 0xe3, 0x1a, 0xcd, 0x3e, 0x72, 0xf0, 0x81, 0x3f, 0xb7, 0x45, 0xaa, 0x5f, 0xb2, 0xe3, 0xda, 0x40, 0x8f, 0x78, 0x00, 0x1c, 0x9c, 0x09, 0xbd, 0x26, 0xa1, 0xa2, 0x64, 0x60, 0x11, 0xb6, 0x12, 0x0a, 0xaa, 0x2b, 0xba, 0xcc, 0x4a, 0x16, 0xc3, 0x9f, 0xb5, 0x25, 0x7b, 0x9b, 0x2e, 0xa2, 0xad, 0x8b, 0xf7, 0x0b, 0xcc, 0x98, 0x55, 0xcf, 0x11, 0x84, 0x11, 0x16, 0xc2, 0x76, 0x73, 0x10, 0xcf, 0x3c, 0xd4, 0x9d, 0x1a, 0xa4, 0x4c, 0xd5, 0x05, 0xf0, 0x79, 0x76, 0x1e, 0x06, 0x4d, 0x5b, 0xc7, 0xce, 0xa4, 0xa7, 0x17, 0x3b, 0x08, 0x68, 0x82, 0xa7, 0x7d, 0x3f, 0xc1, 0x79, 0xef, 0xc8, 0x6f, 0xc4, 0xdb, 0x8a, 0x37, 0x34, 0x91, 0xd2, 0xed, 0x81, 0xea, 0xbc, 0x63, 0xc9, 0x50, 0xe8, 0x32, 0xdb, 0x17, 0xd0, 0x9f, 0x47, 0x4d, 0x4e, 0xc4, 0x6b, 0xde, 0x47, 0x83, 0x0c, 0xaf, 0x26, 0xfa, 0xba, 0xa0, 0x37, 0x2b, 0x81, 0xfc, 0xcc, 0x44, 0x9c, 0x0e, 0x19, 0xcc, 0xd6, 0x30, 0xca, 0xf6, 0x93, 0xa7, 0xb4, 0x3b, 0xb1, 0xc4, 0x08, 0xa5, 0x4e, 0x03, 0xf5, 0x0c, 0x44, 0x28, 0x0a, 0x05, 0xad, 0x89, 0xfb, 0x6e, 0x8f, 0x01, 0xd8, 0xac, 0x27, 0x8e, 0xdf, 0x55, 0x6e, 0x5d, 0x86, 0xce, 0xb4, 0xb6, 0x14, 0xfb, 0x2e, 0xf1, 0x33, 0x81, 0x9c, 0x6e, 0x1f, 0xf6, 0xab, 0xb8, 0x6c, 0x54, 0xa1, 0x35, 0x25, 0x62, 0x04, 0xb5, 0xcd, 0x40, 0x0b, 0x93, 0x62, 0x4d, 0x39, 0x32, 0xe7, 0xc2, 0xb0, 0x46), - // aad: vec!(0x6a, 0xeb, 0x70, 0x31, 0xe4, 0xa2, 0xe2, 0x3e, 0xea, 0x93, 0xf0, 0x5f, 0xdc, 0x56, 0x2a, 0xa2, 0xbf, 0x43, 0xb8, 0x99, 0x8b, 0xea, 0x73, 0x44, 0x37, 0x7a, 0xad, 0xdc, 0x60, 0xfb, 0xdb, 0x7b, 0xcb, 0x14, 0x91, 0xd3, 0x79, 0xed, 0x0c, 0xb6, 0x13, 0xee, 0x75, 0x7c, 0xfb, 0x66, 0x49, 0x0d, 0xb6, 0x1b, 0xb4, 0x31, 0xd2, 0xfa, 0xd3, 0x4b, 0x38, 0xdd, 0xd5, 0x5b, 0xc5, 0xb2, 0x2a, 0xa6, 0xc4, 0x77, 0x3b, 0x99, 0x92, 0xf3, 0x4b, 0x87, 0x8c, 0x56, 0x63, 0xf6, 0xe8, 0xcd, 0xb5, 0xf8, 0x0a, 0x17, 0xf4, 0xd3, 0x12, 0xbf, 0x34, 0x24, 0x92, 0xe4, 0x8d, 0x1c, 0xe4, 0xc6, 0xd7, 0x54, 0x07, 0x6a, 0x63, 0x4f, 0xec, 0xe6, 0x15, 0x00, 0xac, 0xf8, 0x16, 0x8d, 0x47, 0x38, 0x1a, 0xf4, 0xfa, 0xf9, 0x80, 0xc6, 0xca, 0xc2, 0xbf, 0xd5, 0xda, 0x8c, 0x09, 0xb6, 0xed, 0xb0, 0xf5, 0x43, 0xbf, 0x0f, 0xe0, 0x26, 0x43, 0xe3, 0x8d, 0x73, 0xfa, 0x37, 0xd8, 0xae, 0x87, 0xfb, 0x66, 0x19, 0x3f, 0x22, 0xe5, 0x7f, 0xaf, 0x43, 0x93, 0xc0, 0x07, 0xd4, 0x8c, 0x86, 0x31, 0xa6, 0x85, 0xd5, 0x20, 0x57, 0x8f, 0x8f, 0x89, 0xdb, 0x68, 0x4f, 0xb3, 0x71, 0xea, 0x02, 0xf3, 0xa5, 0x8b, 0x1e, 0x21, 0x68, 0xf0, 0x21, 0x63, 0x21, 0x13, 0x94, 0x72, 0xe0, 0xd0, 0x3b, 0x6d, 0x90, 0xba, 0x8a, 0xab, 0x65, 0x40, 0x2e, 0x1c, 0x1a, 0xc4, 0xf9, 0x17, 0x2a, 0x60, 0xe2, 0x7e, 0x3d, 0x99, 0x7b, 0x9b, 0x05, 0xe2, 0xf6, 0x72, 0x12, 0x0d, 0x6c, 0x87, 0xbc, 0xaf, 0xa6, 0xd4, 0xc9, 0xb4, 0xcf, 0x8b, 0xa8, 0xa8, 0x29, 0x32, 0xd9, 0x28, 0x40, 0x36, 0x8f, 0xc5, 0x3d, 0xc5, 0xb4, 0x85, 0x26, 0x10, 0x3d, 0xca, 0xb5, 0xf1, 0x53, 0x10, 0x38, 0xaa, 0xbe, 0x89, 0x17, 0x13, 0x27, 0xac, 0x55, 0x9b, 0x98, 0xa3, 0xcf, 0x4e, 0xa7, 0x0b, 0xf0, 0x51), - // cipher_text: vec!(0x9c, 0x3f, 0xaa, 0xb9, 0x26, 0x1a, 0x63, 0xce, 0xa9, 0x47, 0x7b, 0x32, 0x69, 0x00, 0x72, 0x83, 0x99, 0x5b, 0x06, 0xba, 0x77, 0xef, 0x83, 0xd9, 0xe6, 0x93, 0xf7, 0xe4, 0xee, 0x98, 0x55, 0x55, 0x0e, 0xef, 0x94, 0x85, 0x5b, 0xe3, 0x9a, 0x7a, 0x43, 0x5b, 0x6a, 0x35, 0x84, 0xb2, 0x02, 0x97, 0x37, 0x77, 0xc7, 0xb2, 0x48, 0x23, 0x76, 0xba, 0x47, 0xb4, 0x93, 0x11, 0x94, 0x7a, 0x64, 0x98, 0x3b, 0x60, 0x23, 0x67, 0x56, 0xee, 0x44, 0x55, 0xd4, 0xcf, 0xad, 0xa8, 0xc3, 0x6a, 0xf8, 0xeb, 0x06, 0xb0, 0x6b, 0xa2, 0xf6, 0xb7, 0x9f, 0xfb, 0x11, 0x85, 0xc8, 0x9f, 0x2b, 0x2a, 0x83, 0x1c, 0xfa, 0xa3, 0x85, 0x5f, 0xc1, 0x84, 0x1d, 0x89, 0x10, 0x90, 0x8b, 0xe5, 0x07, 0x83, 0x52, 0x01, 0x11, 0x68, 0xa6, 0x7d, 0x36, 0x37, 0x2d, 0x85, 0x1a, 0x32, 0x17, 0xca, 0xbf, 0x59, 0x3e, 0xa4, 0x62, 0xdc, 0xd3, 0x25, 0xcf, 0x9a, 0x4f, 0x67, 0xe8, 0x54, 0x18, 0xfd, 0x5c, 0x92, 0x4e, 0x9b, 0x92, 0xab, 0x02, 0x6c, 0xbe, 0xe4, 0xe7, 0xab, 0x10, 0x67, 0x06, 0x6c, 0xb5, 0x94, 0x9d, 0xfc, 0x69, 0x9a, 0x68, 0xfe, 0x53, 0x9e, 0x1a, 0xbb, 0x13, 0xce, 0xc3, 0x39, 0x04, 0xe5, 0x20, 0x7e, 0x69, 0x63, 0xd2, 0x4f, 0x5a, 0x0b, 0x77, 0x06, 0x13, 0xb8, 0xb0, 0x00, 0x14, 0xe7, 0x91, 0xbf, 0xff, 0x88, 0xf9, 0xc2, 0x5c, 0xa1, 0x26, 0x12, 0x7a, 0x2f, 0x8d, 0x1d, 0x1e, 0x97, 0x94, 0xef, 0xd2, 0x8d, 0xce, 0x98, 0xb5, 0x3e, 0x22, 0x80, 0x73, 0xfa, 0xae, 0x8d, 0x50, 0x47, 0x53, 0x0d, 0x50, 0x21, 0x84, 0xfc, 0x34, 0x13, 0x21, 0xc3, 0xf5, 0x5f, 0xcb, 0xf4, 0x11, 0x87, 0xfc, 0x31, 0x26, 0x2c, 0x32, 0x5b, 0x97, 0xf5, 0x19, 0x95, 0x9b, 0x6a, 0x29, 0xb3, 0x6c, 0x71, 0xf7, 0x6f, 0x60, 0x19, 0x6b, 0xb1, 0x45, 0x7b, 0x77, 0xc8, 0xbb), - // tag: vec!(0xb4, 0x5d, 0xf1, 0x19, 0x04, 0x3d, 0x29, 0x00, 0x8f, 0xce, 0xf3, 0x6a, 0x16, 0x9e, 0xf8, 0x86) - // }, - // TestVector{ - // key: [0x98, 0xcd, 0x24, 0x77, 0xa7, 0xa0, 0x72, 0xc6, 0x9f, 0x37, 0x5b, 0x88, 0xd0, 0x9e, 0xd9, 0xd7, 0xb9, 0xc3, 0xdf, 0x3f, 0x87, 0xe3, 0x6c, 0xe6, 0x21, 0x72, 0x6f, 0x76, 0xe3, 0xb4, 0x1a, 0x1d], - // nonce: [0x77, 0xd1, 0x85, 0xaa, 0xf7, 0x15, 0xaa, 0x48], - // plain_text: vec!(0x42, 0xb3, 0x1e, 0xef, 0xda, 0xca, 0xb0, 0xf0, 0x3e, 0xf6, 0x06, 0x01, 0x56, 0x00, 0x0c, 0x81, 0x95, 0xad, 0xb0, 0x97, 0x6c, 0xab, 0xbe, 0x1a, 0x42, 0xbf, 0xcc, 0x09, 0xf8, 0x56, 0x59, 0xc6, 0x0b, 0x98, 0x63, 0x84, 0x01, 0xf2, 0xd2, 0xe2, 0xfa, 0xcf, 0xb9, 0xa9, 0x7a, 0x62, 0x92, 0x6b, 0xb0, 0xce, 0xca, 0xf3, 0xaf, 0x01, 0x80, 0xa0, 0x1b, 0xfb, 0x6e, 0x57, 0x6b, 0xab, 0xf7, 0xfc, 0x43, 0x33, 0x19, 0x37, 0xa9, 0x2a, 0xbd, 0x30, 0xcd, 0xdf, 0xa3, 0xe4, 0x50, 0xf8, 0x95, 0xe9, 0xdd, 0x91, 0x4d, 0xea, 0x3f, 0xaf, 0xd7, 0x59, 0xc1, 0x36, 0xd6, 0x85, 0x31, 0x0e, 0xbc, 0xe2, 0x8a, 0xc0, 0x61, 0x3c, 0xcd, 0xbf, 0x30, 0x11, 0x59, 0x46, 0xc9, 0x63, 0x4b, 0x67, 0x51, 0x0b, 0x77, 0xd0, 0xe3, 0x7f, 0x07, 0x71, 0x4b, 0x2d, 0xda, 0xc9, 0xd7, 0x09, 0x5b, 0x8d, 0x4b, 0xd8, 0x87, 0xc1, 0x32, 0xc4, 0xa9, 0x12, 0x7e, 0xb0, 0x1c, 0x8d, 0xed, 0xb4, 0xc3, 0x9c, 0x87, 0xb9, 0x8a, 0x74, 0x13, 0x16, 0x65, 0x6f, 0x9a, 0x8d, 0x5a, 0x5b, 0x0c, 0x0a, 0xc8, 0x47, 0x89, 0xaa, 0x23, 0x47, 0xa5, 0xf9, 0x9c, 0xa5, 0xad, 0x55, 0xcd, 0x1b, 0xcf, 0x98, 0xf7, 0x03, 0xeb, 0x4b, 0x00, 0xba, 0xdb, 0x8a, 0x85, 0x55, 0xf3, 0x8b, 0x3b, 0x36, 0x8d, 0xb8, 0xba, 0x7c, 0xee, 0xa9, 0x4e, 0x8b, 0x21, 0x9f, 0x51, 0xed, 0xce, 0x75, 0xd8, 0x41, 0x66, 0xb5, 0x60, 0x21, 0x56, 0xed, 0x59, 0x62, 0xa9, 0x3a, 0x51, 0xdb, 0x73, 0xc5, 0x9d, 0x87, 0xe9, 0x06, 0x17, 0x9d, 0x7a, 0x74, 0xa2, 0xa2, 0xa6, 0x9d, 0x8a, 0xd9, 0x9f, 0x32, 0x32, 0x25, 0xc8, 0x7e, 0x47, 0x5d, 0x3f, 0x77, 0x1b, 0x4a, 0x20, 0x3a, 0x2e, 0x2b, 0x03, 0xb4, 0x58, 0x40, 0x10, 0x44, 0x64, 0x9f, 0xa6, 0x53, 0x6d, 0xfa, 0xb2, 0x4d, 0x70, 0x37, 0x80, 0x7d, 0xcb, 0xf6, 0x51, 0x8e, 0x65, 0x78), - // aad: vec!(0xf5, 0xbb, 0x14, 0x96, 0x05, 0x2a, 0x43, 0x61, 0xdd, 0xdf, 0x72, 0xa2, 0x88, 0xe3, 0x69, 0x53, 0xa3, 0xd8, 0x15, 0xd6, 0x87, 0x6c, 0x01, 0x3f, 0x1d, 0x6b, 0xa8, 0x39, 0xe1, 0x27, 0xf7, 0x21, 0xb0, 0x52, 0xb1, 0xf7, 0xd8, 0xca, 0x20, 0xc7, 0xdc, 0x03, 0x86, 0xa7, 0xd4, 0x59, 0xeb, 0xd7, 0xeb, 0x9f, 0xc8, 0xcb, 0x08, 0x94, 0x1e, 0x6c, 0xa9, 0xdd, 0xb9, 0x80, 0xf3, 0x11, 0x5f, 0x65, 0xbc, 0x19, 0x28, 0xa4, 0x14, 0xd4, 0x41, 0xae, 0x71, 0xdc, 0xb8, 0x79, 0xd5, 0xbf, 0xe0, 0xcd, 0xe0, 0x56, 0x2b, 0xc3, 0x7f, 0x8f, 0xde, 0x0d, 0x52, 0x91, 0xad, 0x40, 0x5c, 0x92, 0xfc, 0xbb, 0x86, 0x0c, 0x43, 0xb5, 0x5a, 0xc0, 0xfe, 0x66, 0x3b, 0x54, 0xb3, 0xd0, 0x61, 0x6a, 0xca, 0x13, 0xa5, 0xc8, 0x2b, 0x7b, 0x5d, 0x34, 0x12, 0x5a, 0x05, 0xc2, 0xac, 0xb5, 0x53, 0x01, 0x41, 0x03, 0x0e, 0x6f, 0x2a, 0xa0, 0xc8, 0x32, 0x2b, 0x2c, 0x8f, 0xa3, 0x07, 0xe7, 0x51, 0x89, 0x18, 0xe5, 0x50, 0xe9, 0xf4, 0x89, 0x21, 0xc6, 0x16, 0x8f, 0x09, 0x4d, 0x87, 0x58, 0xe1, 0x6b, 0x9f, 0x81, 0x5f, 0xd0, 0x45, 0x80, 0x95, 0xc4, 0x14, 0x3f, 0x09, 0x22, 0xad, 0xb1, 0x84, 0x0d, 0x0e, 0x68, 0x56, 0x36, 0x82, 0x5a, 0x9c, 0x90, 0xee, 0x90, 0xee, 0x53, 0x7f, 0x4b, 0x8d, 0xce, 0xec, 0xbc, 0x42, 0x87, 0xc8, 0x2d, 0xc9, 0xa0, 0x0d, 0x7e, 0x51, 0x67, 0x1e, 0x37, 0xea, 0x28, 0x4e, 0xe3, 0xca, 0x50, 0x1b, 0x1b, 0x25, 0x96, 0x45, 0x9d, 0x3f, 0x59, 0x2f, 0x70, 0x18, 0x6f, 0x41, 0x12, 0x57, 0x39, 0xe3, 0x42, 0xc9, 0xf6, 0xbe, 0x92, 0x41, 0x97, 0x3b, 0x14, 0x14, 0xdf, 0xe5, 0xfb, 0x8c, 0xba, 0x1a, 0xf8, 0x2e, 0x67, 0x92, 0x78, 0xcf, 0xcf, 0x95, 0x42, 0x0d, 0xf0, 0xc5, 0x36, 0x4a, 0xf4, 0xd7, 0xe7, 0x2a, 0xd5, 0x7d, 0x5c, 0x87, 0x1f, 0xcb, 0xc3, 0x54, 0x62), - // cipher_text: vec!(0x7a, 0x3b, 0xf3, 0xe3, 0xad, 0x5a, 0xe3, 0xab, 0x71, 0xfb, 0x1f, 0x71, 0x21, 0xc3, 0xd8, 0xfb, 0x51, 0x10, 0x99, 0x48, 0x4b, 0x50, 0xaf, 0x7c, 0xa1, 0x28, 0xee, 0x03, 0x37, 0xed, 0x4b, 0x82, 0x8d, 0xc4, 0xcd, 0xe0, 0xb8, 0x8d, 0xc1, 0xe8, 0x08, 0x91, 0x01, 0xfa, 0x82, 0xc9, 0xbe, 0xb3, 0xeb, 0x48, 0xfd, 0xcf, 0x0f, 0x5b, 0x16, 0xda, 0x44, 0x1f, 0x5a, 0x3f, 0xce, 0x9a, 0x59, 0x00, 0x22, 0xaf, 0x95, 0xa9, 0x4a, 0xed, 0x6a, 0x3e, 0x71, 0xe5, 0x05, 0xf6, 0x0f, 0x30, 0x3c, 0x78, 0xc3, 0x56, 0xf2, 0x74, 0xea, 0x85, 0xa5, 0x53, 0x54, 0x07, 0x85, 0x30, 0x66, 0x4e, 0xcd, 0xa3, 0x2c, 0x80, 0xe7, 0x7d, 0xc2, 0x09, 0x74, 0xb3, 0xb3, 0x8f, 0x48, 0x25, 0xb8, 0xfb, 0xee, 0x8c, 0x39, 0x70, 0x76, 0x9a, 0x2f, 0x42, 0xc5, 0x18, 0x16, 0x08, 0xa8, 0xd7, 0xd7, 0x6e, 0xf4, 0xd0, 0x93, 0x96, 0x1b, 0x66, 0x5e, 0xe4, 0x2b, 0x97, 0x08, 0xfc, 0xaf, 0xe2, 0xc8, 0x2d, 0x3a, 0x30, 0x71, 0x73, 0xe2, 0xa2, 0x5a, 0xd2, 0x52, 0x8c, 0x3b, 0xf8, 0x33, 0x52, 0xb9, 0x26, 0x5e, 0x45, 0xb7, 0x07, 0x22, 0xd7, 0xcf, 0x8c, 0x9b, 0x80, 0x82, 0x6d, 0x21, 0x33, 0x52, 0x34, 0xee, 0x3d, 0xb6, 0x9d, 0x0d, 0x37, 0x87, 0x1c, 0x83, 0x22, 0x23, 0x65, 0x90, 0x0c, 0x96, 0xc1, 0x7a, 0x7e, 0x9f, 0x57, 0x42, 0xd0, 0xbf, 0xe3, 0x83, 0xbe, 0x24, 0xd0, 0xd4, 0x45, 0x90, 0xd4, 0xb0, 0xf2, 0x9f, 0x7a, 0xbe, 0x0c, 0x65, 0xda, 0xaf, 0xfb, 0x96, 0x8b, 0x3f, 0x26, 0x57, 0xb1, 0xeb, 0x30, 0x05, 0x34, 0xea, 0xcb, 0x52, 0xec, 0x7a, 0x6b, 0x6f, 0x9f, 0x57, 0xa5, 0x0a, 0x91, 0xb1, 0x79, 0x9f, 0x49, 0x13, 0x61, 0xcf, 0x61, 0x3c, 0x93, 0x4b, 0x7f, 0x52, 0x0d, 0xc4, 0xee, 0xeb, 0x40, 0xff, 0xc4, 0x5e, 0x10, 0xbe, 0x0a, 0x95, 0xe7, 0x6f, 0x36, 0x6d, 0x4e, 0xac, 0x14), - // tag: vec!(0xf6, 0x13, 0xb6, 0x52, 0x26, 0xaf, 0xb6, 0x4c, 0x61, 0x4f, 0xe6, 0x0d, 0x9c, 0x71, 0xed, 0x74) - // }, - // TestVector{ - // key: [0x2f, 0x0f, 0x46, 0x31, 0xab, 0x1c, 0x1b, 0xcf, 0x8f, 0x3a, 0xd0, 0x55, 0x9c, 0x81, 0x8d, 0x50, 0xe0, 0xaf, 0x7d, 0x8c, 0xd6, 0x3f, 0xaa, 0x35, 0x7f, 0x20, 0x69, 0xf3, 0x08, 0x81, 0xd9, 0xcb], - // nonce: [0x7d, 0x0c, 0xed, 0x2f, 0xdb, 0x1c, 0x91, 0x73], - // plain_text: vec!(0x65, 0x16, 0xba, 0x1d, 0x29, 0x35, 0x71, 0x44, 0xee, 0xbf, 0xa4, 0x86, 0xd2, 0x1d, 0xec, 0xf2, 0x23, 0xda, 0x3a, 0xa7, 0x6e, 0xc2, 0x9b, 0xbf, 0xcb, 0xe7, 0xf1, 0xee, 0xaf, 0x4a, 0x84, 0x77, 0x10, 0xe5, 0x08, 0x01, 0x77, 0xf7, 0xe5, 0xa7, 0xc8, 0xb4, 0x75, 0x2c, 0x21, 0x9b, 0x1c, 0xc7, 0x0a, 0xef, 0x4d, 0xb8, 0x61, 0xba, 0x67, 0xd0, 0xfa, 0x62, 0x22, 0xd9, 0xf4, 0xa1, 0xdc, 0x75, 0x6a, 0x0b, 0xa4, 0x4e, 0x62, 0x90, 0x6f, 0x93, 0x74, 0xa9, 0x60, 0xc1, 0x61, 0x98, 0x86, 0x6d, 0x86, 0x78, 0x54, 0xd8, 0x8f, 0x52, 0x8a, 0x60, 0xe2, 0x12, 0xeb, 0x91, 0x64, 0x57, 0x87, 0xe7, 0x56, 0x85, 0xb2, 0xe2, 0x15, 0xc0, 0xa4, 0x19, 0x90, 0xab, 0xc3, 0x44, 0xa7, 0x72, 0x36, 0xec, 0x01, 0x86, 0xba, 0x63, 0xa6, 0x64, 0x59, 0x29, 0x38, 0xcc, 0x5a, 0x8a, 0xc1, 0xd3, 0xeb, 0x99, 0xc9, 0x5c, 0xe0, 0x0e, 0x19, 0xfb, 0xe2, 0x49, 0x26, 0x30, 0x83, 0xd8, 0x5b, 0x05, 0x2d, 0x48, 0xbf, 0xdf, 0xfc, 0x01, 0x58, 0x5d, 0xc5, 0x7b, 0xb2, 0xa2, 0xc6, 0xc4, 0xa8, 0x19, 0x60, 0x4c, 0x1e, 0xc0, 0x54, 0x8c, 0x6f, 0x0f, 0x78, 0xdc, 0x05, 0xe4, 0x41, 0x8b, 0x36, 0x27, 0x7d, 0xc0, 0x72, 0x33, 0xc7, 0x53, 0x2f, 0x9c, 0x28, 0x9d, 0x6a, 0xed, 0x0c, 0xc6, 0xbc, 0x7d, 0xf4, 0xfd, 0x0a, 0x53, 0x6c, 0x49, 0x7b, 0x98, 0x2e, 0x2d, 0xad, 0x2c, 0x30, 0xd2, 0xdb, 0x1c, 0x65, 0x45, 0xa8, 0x45, 0xc5, 0xdf, 0xa8, 0x3a, 0x4a, 0xc4, 0x9e, 0xf0, 0x6f, 0xc9, 0xc9, 0x19, 0x07, 0x9d, 0x3e, 0x29, 0x9e, 0x31, 0xb5, 0xc3, 0xbe, 0x37, 0x08, 0x14, 0xae, 0x50, 0x22, 0xae, 0x46, 0x9d, 0x3e, 0xe5, 0x52, 0x46, 0xa4, 0x1b, 0xd0, 0xdc, 0x4e, 0x64, 0x35, 0x1c, 0xc3, 0x8c, 0x3c, 0x09, 0xaf, 0x0a, 0x1a, 0xee, 0x3b, 0x38, 0x8a, 0x68, 0x92, 0xde, 0xff, 0x0d, 0xf3, 0xf9, 0x3c, 0xd9, 0x2d, 0x72, 0x2b), - // aad: vec!(0x1c, 0xcf, 0xa1, 0xec, 0xec, 0xc8, 0xde, 0x1e, 0x20, 0x0d, 0x0e, 0xcc, 0x19, 0xdc, 0xf6, 0x7b, 0x7c, 0x96, 0xbe, 0xa3, 0xa2, 0x82, 0xc2, 0xbc, 0xcb, 0xa6, 0x10, 0x35, 0xdb, 0x5c, 0x14, 0x77, 0x63, 0x87, 0xb8, 0xb8, 0xf5, 0x8e, 0x57, 0x57, 0xde, 0xb0, 0x12, 0x9d, 0x4e, 0x5e, 0x31, 0x5f, 0x64, 0xdf, 0x35, 0x4a, 0x59, 0x85, 0xd2, 0xe4, 0x7e, 0xbb, 0xbe, 0xaf, 0xe0, 0xc9, 0x14, 0xf7, 0xcf, 0x1d, 0x63, 0xdd, 0x03, 0x11, 0xac, 0xe1, 0x9e, 0x69, 0xa8, 0xb6, 0xff, 0x0a, 0xb2, 0x5c, 0xc8, 0xdf, 0x04, 0x08, 0xd2, 0x21, 0x32, 0x20, 0x5e, 0x89, 0xe5, 0xeb, 0x67, 0x92, 0x68, 0xd8, 0x2b, 0x29, 0x13, 0xe6, 0x4e, 0x3f, 0x88, 0x5b, 0xbf, 0x4a, 0x6d, 0x37, 0x9b, 0x76, 0x0b, 0x94, 0x59, 0x0e, 0x31, 0x40, 0xdd, 0x72, 0x75, 0xab, 0x47, 0x13, 0xcb, 0x56, 0xd0, 0xb7, 0x16, 0xe2, 0x71, 0x8f, 0x11, 0x31, 0x66, 0x40, 0xcb, 0x39, 0x48, 0x02, 0x86, 0x2d, 0x39, 0xe7, 0x7a, 0x46, 0xd0, 0xc0, 0x65, 0xaf, 0x3c, 0xaf, 0x7d, 0xec, 0x14, 0xe8, 0x87, 0x03, 0x9d, 0x8a, 0xa8, 0xc3, 0xd3, 0xa8, 0xac, 0x1e, 0xe0, 0x60, 0x26, 0xf4, 0x9d, 0x00, 0xb2, 0xf5, 0x9d, 0x97, 0x1b, 0x54, 0x73, 0x5e, 0x95, 0xa5, 0x1f, 0x19, 0x93, 0x89, 0xa9, 0x3a, 0x4f, 0xc2, 0x4e, 0xba, 0xba, 0x1f, 0x7a, 0x2e, 0xef, 0x74, 0x12, 0xf6, 0x1f, 0xeb, 0xf7, 0x90, 0x84, 0xfb, 0xf4, 0x81, 0xaf, 0xc6, 0xfb, 0x6b, 0x20, 0x40, 0x84, 0xe5, 0xef, 0x5d, 0xf7, 0x1f, 0x30, 0x50, 0x64, 0x59, 0xde, 0xa0, 0x74, 0xf1, 0x1f, 0xc0, 0x55, 0xcd, 0x2a, 0x8c, 0x0f, 0xc9, 0x22, 0xc4, 0x81, 0x1a, 0x84, 0x99, 0x84, 0x35, 0x2a, 0x56, 0xa1, 0x56, 0x59, 0xb7, 0xd0, 0x7a, 0x4c, 0xc9, 0x0b, 0x88, 0x62, 0x36, 0x38, 0xea, 0x00, 0xc4, 0xc8, 0xbc, 0x13, 0x88, 0x4d, 0xf2, 0x23, 0x7b, 0x35, 0x9f, 0x28, 0x77, 0xaa, 0x41, 0xd6), - // cipher_text: vec!(0xe5, 0x80, 0x09, 0x37, 0x89, 0xba, 0x17, 0xff, 0xb4, 0x66, 0x72, 0xdc, 0x32, 0x6f, 0x09, 0x27, 0x8a, 0xca, 0x08, 0x59, 0x8d, 0x3e, 0x54, 0x58, 0xea, 0xa5, 0x3e, 0x6e, 0xd4, 0x5d, 0x5c, 0x71, 0xa3, 0x96, 0xe3, 0x5b, 0x5e, 0xa3, 0xfe, 0x7b, 0x7c, 0x04, 0x96, 0xa7, 0x34, 0xd2, 0x4f, 0x1c, 0x75, 0x42, 0x06, 0x94, 0xbe, 0x2f, 0xf0, 0x95, 0xd5, 0x17, 0x2f, 0xd3, 0x40, 0x77, 0x94, 0xe4, 0xb9, 0x9f, 0xd7, 0xc3, 0x74, 0xfb, 0xe8, 0xd1, 0x56, 0x4a, 0x04, 0x86, 0x14, 0xd3, 0xf3, 0x55, 0xbf, 0xb5, 0x86, 0x6d, 0xe1, 0xa5, 0x3e, 0x1a, 0x51, 0xf9, 0xf5, 0xe8, 0x31, 0x22, 0x53, 0xcf, 0xd8, 0x2f, 0x36, 0xef, 0xaa, 0x18, 0x98, 0xc8, 0x50, 0xca, 0x0d, 0x97, 0x5a, 0xd1, 0xe8, 0xb0, 0xd9, 0x59, 0x7a, 0x5a, 0x9e, 0x65, 0x16, 0xfe, 0x2a, 0x3c, 0x92, 0xef, 0xb7, 0x49, 0x55, 0x57, 0xa8, 0xaf, 0xc3, 0xda, 0x15, 0xb0, 0xd3, 0xe2, 0xba, 0x58, 0xf6, 0x12, 0x51, 0x98, 0x36, 0x94, 0x6c, 0xf2, 0xd1, 0x5b, 0x89, 0x83, 0x20, 0xd1, 0x6a, 0x02, 0x6c, 0x8c, 0x00, 0xa1, 0xbe, 0x2e, 0x35, 0xf0, 0xeb, 0xe6, 0x8f, 0x28, 0xd9, 0x1c, 0x6c, 0x45, 0xd2, 0x4c, 0x3f, 0x3c, 0x15, 0x7c, 0xb1, 0x32, 0xfa, 0x65, 0x9b, 0x77, 0x94, 0xdf, 0x88, 0x3d, 0x90, 0x74, 0x1f, 0xa2, 0xd2, 0xaf, 0xcc, 0x4f, 0x27, 0x85, 0x8e, 0x13, 0xec, 0xd4, 0x1b, 0x15, 0x4a, 0x35, 0xd2, 0x49, 0x47, 0xae, 0x73, 0x61, 0x17, 0x00, 0x60, 0xc1, 0x07, 0xd8, 0xec, 0xac, 0xb3, 0x93, 0xea, 0x67, 0x10, 0x4b, 0x60, 0x45, 0x72, 0x78, 0xa3, 0x92, 0xfd, 0xf1, 0x79, 0x4b, 0xab, 0x97, 0xd3, 0xb0, 0x2b, 0x71, 0xa4, 0xeb, 0x01, 0x5e, 0xaa, 0x38, 0xa4, 0xb4, 0xc9, 0x44, 0xc2, 0xbc, 0x7c, 0xd5, 0xe3, 0x29, 0xda, 0x4a, 0x1a, 0xb2, 0x93, 0x7a, 0x6a, 0xf8, 0x1a, 0x6c, 0xaa, 0x5f, 0xce, 0x75, 0x23, 0x31, 0xfd, 0xef, 0xd4), - // tag: vec!(0x0f, 0xd7, 0x41, 0x9c, 0x54, 0xbc, 0x84, 0x26, 0x5e, 0xd3, 0x10, 0xa3, 0x41, 0x1a, 0x3f, 0x2e) - // }, - // TestVector{ - // key: [0xa4, 0x8b, 0x9b, 0x6d, 0xf4, 0x75, 0xe5, 0x66, 0xab, 0xa7, 0x67, 0x1f, 0xbd, 0x76, 0x77, 0x2c, 0xb0, 0xef, 0xf0, 0xb1, 0x24, 0x99, 0x96, 0x79, 0x78, 0xce, 0x3e, 0x25, 0xfa, 0xc9, 0x2f, 0xeb], - // nonce: [0x2c, 0xcb, 0xf0, 0xd6, 0xc4, 0x0c, 0xb3, 0x02], - // plain_text: vec!(0x09, 0xda, 0x1c, 0xac, 0xd0, 0x01, 0xdc, 0xe4, 0xf7, 0x57, 0x3a, 0x06, 0x5a, 0x44, 0x06, 0xfe, 0x0d, 0xa0, 0x4a, 0xb3, 0x67, 0xa2, 0xd8, 0x77, 0x80, 0xa2, 0x76, 0x2e, 0x16, 0x89, 0x57, 0xa8, 0x8d, 0x3f, 0xa7, 0x8f, 0x0a, 0x4b, 0x69, 0x78, 0xd4, 0x49, 0x02, 0x6e, 0x5a, 0x80, 0x1d, 0x32, 0x88, 0x4b, 0x6e, 0x14, 0xfd, 0xaa, 0xaf, 0x86, 0x42, 0x14, 0xf9, 0x28, 0xeb, 0xc0, 0x3d, 0xea, 0xd0, 0x81, 0xfe, 0xe9, 0x66, 0x83, 0xeb, 0xb0, 0x32, 0x36, 0x2d, 0x50, 0x88, 0xc4, 0xc2, 0xa3, 0xb1, 0xe2, 0x42, 0xf0, 0x55, 0xf2, 0x60, 0x49, 0x19, 0xf4, 0xdd, 0x55, 0x1d, 0xb7, 0x77, 0xa2, 0x58, 0xcf, 0x9d, 0xa6, 0xd9, 0x5a, 0x2b, 0xde, 0x24, 0x92, 0x47, 0x81, 0x2b, 0x9e, 0xfc, 0x79, 0x85, 0xcf, 0x08, 0x70, 0x76, 0x20, 0x80, 0x85, 0x24, 0xd6, 0xdd, 0x30, 0x79, 0xb0, 0xb6, 0x3b, 0xf0, 0xf7, 0x1e, 0xa5, 0xde, 0x83, 0x4c, 0xcb, 0x8b, 0x7c, 0x6a, 0x97, 0x12, 0x5f, 0xd6, 0xca, 0x49, 0x14, 0x8e, 0x86, 0x6d, 0x31, 0x34, 0xbb, 0xf1, 0xd8, 0xa6, 0xb7, 0x14, 0xe9, 0xa8, 0x0f, 0xe5, 0x49, 0xc8, 0xbf, 0xef, 0xe3, 0x42, 0xf4, 0x1b, 0xe2, 0xba, 0x23, 0x00, 0xe0, 0x02, 0x8f, 0x78, 0xce, 0xfa, 0xb6, 0x52, 0x74, 0x63, 0x2d, 0xfd, 0xbe, 0x70, 0xbf, 0x7d, 0x65, 0x5e, 0xc4, 0x03, 0x6d, 0xf5, 0x61, 0xf2, 0xd4, 0xfc, 0x4d, 0x56, 0xa4, 0x82, 0xbb, 0xe2, 0xf9, 0xf2, 0xae, 0x27, 0x9b, 0x3a, 0xa2, 0x16, 0xb3, 0x9a, 0xfe, 0xe7, 0x5e, 0x53, 0x60, 0x2d, 0xe3, 0x19, 0x48, 0x4d, 0xb8, 0x9a, 0x51, 0xe8, 0x44, 0xf3, 0x8c, 0x36, 0x16, 0x34, 0xe4, 0x74, 0xf8, 0xf1, 0xf0, 0x1c, 0x34, 0x0f, 0x3f, 0x35, 0x94, 0x86, 0x0d, 0x67, 0x13, 0x46, 0x44, 0x9c, 0x6d, 0x08, 0xee, 0x38, 0xde, 0x22, 0xd2, 0x46, 0x30, 0x9b, 0xc7, 0xe4, 0xa2, 0x52, 0xa2, 0x9c, 0x86, 0xaa, 0x6d, 0x94, 0xb5, 0xb4, 0xfa, 0x58, 0x90, 0x4c, 0x70), - // aad: vec!(0x1c, 0x25, 0x03, 0xd5, 0xaa, 0x1a, 0xad, 0x19, 0x3f, 0x0d, 0xa1, 0x28, 0x74, 0x07, 0x4e, 0xa0, 0x43, 0x2b, 0xb7, 0x6a, 0x61, 0xcd, 0x43, 0xa3, 0x01, 0x70, 0x61, 0x51, 0x4d, 0xa0, 0x75, 0x98, 0x46, 0xa0, 0xf3, 0xae, 0x3a, 0x49, 0xfd, 0xb0, 0xb6, 0xd2, 0x9f, 0x71, 0x3d, 0xe6, 0x65, 0xbe, 0xac, 0xb6, 0x56, 0x8f, 0x26, 0x94, 0x11, 0x2c, 0xa3, 0x80, 0xd1, 0x3f, 0x3c, 0x16, 0x98, 0x31, 0x68, 0x66, 0xa7, 0xa7, 0xf8, 0x7f, 0x1d, 0x75, 0x03, 0xa9, 0x21, 0x76, 0xab, 0x84, 0xfc, 0x08, 0x97, 0x7b, 0x46, 0xba, 0x66, 0x45, 0x08, 0xa8, 0x58, 0xe7, 0x52, 0x57, 0x53, 0xc4, 0x55, 0x11, 0xb3, 0xd2, 0xf4, 0x07, 0xd5, 0xe9, 0x93, 0xc6, 0xed, 0xe7, 0x7f, 0x13, 0xd1, 0x29, 0x75, 0x70, 0x7e, 0x51, 0x95, 0x70, 0x49, 0x70, 0xa8, 0x9f, 0x71, 0xfc, 0x30, 0x82, 0x80, 0x49, 0xf9, 0x2f, 0x94, 0x4f, 0x3a, 0xa9, 0x3d, 0x6a, 0x52, 0x97, 0xe6, 0x78, 0xe0, 0x89, 0x52, 0x91, 0x9b, 0xeb, 0x7e, 0xac, 0x59, 0x19, 0xdf, 0x19, 0x19, 0xca, 0xb3, 0xc3, 0xda, 0x6a, 0xa6, 0x96, 0xa1, 0xee, 0xab, 0x63, 0x71, 0xf3, 0x10, 0xf7, 0xe8, 0x11, 0x43, 0xe7, 0xd2, 0x40, 0xb0, 0x21, 0x3a, 0xe5, 0x54, 0x52, 0x4b, 0x52, 0x00, 0x03, 0x06, 0x16, 0x0d, 0xd4, 0x87, 0x7b, 0xf1, 0x3b, 0xa0, 0xf1, 0x3b, 0xbe, 0x86, 0x7d, 0xa7, 0xc7, 0xd7, 0x07, 0xf3, 0x13, 0x35, 0xee, 0xf4, 0xcd, 0x94, 0x29, 0x38, 0xac, 0x89, 0x0a, 0x08, 0x29, 0xec, 0x66, 0xbd, 0x30, 0xae, 0x01, 0xa2, 0x18, 0x8a, 0x6e, 0x5e, 0xa0, 0xf1, 0x7c, 0xd7, 0xdc, 0x87, 0x5e, 0x17, 0xf0, 0x3c, 0x0a, 0xb5, 0xdd, 0x18, 0xe3, 0x6d, 0xb8, 0xa1, 0xfc, 0x1f, 0x72, 0x85, 0x9e, 0xe0, 0x46, 0xb6, 0x23, 0x68, 0xf1, 0x68, 0xb3, 0xbe, 0xa2, 0x23, 0x4e, 0x04, 0x32, 0xc0, 0x7b, 0x7d, 0x8e, 0x1b, 0x92, 0x77, 0xf2, 0x1e, 0x69, 0x2c, 0x51, 0x3b, 0x9e, 0x81, 0x6e, 0x68, 0x60), - // cipher_text: vec!(0x7d, 0x35, 0xcf, 0xe4, 0xbe, 0x56, 0xbd, 0x6e, 0x0e, 0x09, 0xde, 0xdc, 0xd0, 0x17, 0x35, 0xb9, 0x15, 0xbc, 0x18, 0x91, 0xa4, 0xd1, 0xf6, 0xa5, 0x41, 0xab, 0xc4, 0xbc, 0xd0, 0xeb, 0xe8, 0x9d, 0xcb, 0x8e, 0x36, 0x5e, 0x58, 0x13, 0x74, 0x2e, 0x8e, 0xc6, 0x57, 0x77, 0xb6, 0x15, 0x94, 0x22, 0xfa, 0xda, 0x74, 0x7d, 0xa9, 0x93, 0x94, 0x25, 0x2b, 0xaf, 0x8a, 0x04, 0x6f, 0xc1, 0xb6, 0x0a, 0xd7, 0x97, 0x55, 0xf5, 0x45, 0xf4, 0x44, 0x86, 0x27, 0xb7, 0xac, 0xaf, 0x40, 0x30, 0x00, 0x89, 0x4f, 0x56, 0x41, 0xe7, 0x8d, 0x3f, 0x94, 0x6d, 0xfc, 0xa2, 0x9e, 0xc6, 0x17, 0xf0, 0x66, 0x0d, 0xcd, 0x6e, 0x8d, 0x88, 0x27, 0xe6, 0x7e, 0x10, 0x22, 0xa2, 0x45, 0xc5, 0x95, 0xd8, 0x6e, 0x60, 0xfb, 0xd1, 0x76, 0xbf, 0x72, 0x1b, 0x17, 0x1b, 0xbe, 0x5e, 0xca, 0xf4, 0xae, 0x67, 0x1b, 0x9f, 0x3d, 0xd3, 0x92, 0x01, 0x46, 0xe6, 0xad, 0x43, 0x1b, 0xd8, 0xfc, 0x43, 0x18, 0x20, 0xe1, 0x94, 0x54, 0xb6, 0xca, 0x20, 0x97, 0x23, 0xd8, 0x0f, 0xdb, 0xee, 0x18, 0x7f, 0xca, 0x9c, 0x93, 0x7c, 0x97, 0x92, 0x06, 0xae, 0x97, 0xbe, 0x55, 0xf6, 0xba, 0x73, 0x66, 0xa5, 0x60, 0x87, 0x70, 0xa1, 0x1d, 0x53, 0x73, 0x96, 0x48, 0x5e, 0xb0, 0xa6, 0x65, 0x86, 0x38, 0x5f, 0x4d, 0x4c, 0xf3, 0x90, 0x5d, 0x1f, 0xc9, 0x08, 0x31, 0xc3, 0xe1, 0x36, 0xd5, 0xd5, 0x13, 0xfa, 0x22, 0xbe, 0x28, 0x51, 0x93, 0x14, 0x29, 0x94, 0xa3, 0xed, 0x47, 0x71, 0x45, 0xba, 0xcd, 0xcb, 0xdd, 0x79, 0x1e, 0x8b, 0x3b, 0x88, 0xb0, 0xd4, 0xf1, 0xd1, 0x8b, 0x27, 0x38, 0x25, 0x50, 0xa8, 0x18, 0xc4, 0xfd, 0x88, 0x84, 0xbf, 0x36, 0xf6, 0x77, 0xc6, 0xc3, 0xff, 0x56, 0x77, 0x40, 0x6e, 0x51, 0x09, 0x11, 0xe6, 0x96, 0xaf, 0x75, 0xe5, 0xb3, 0xf8, 0x59, 0xbe, 0xf6, 0x99, 0xbd, 0xd1, 0x6e, 0x62, 0x15, 0xfd, 0xb9, 0x8d, 0x87, 0x40, 0x25, 0xea, 0xda, 0x50), - // tag: vec!(0x2a, 0xab, 0xff, 0x35, 0x61, 0x1b, 0x3e, 0x00, 0x13, 0xf6, 0xae, 0x0d, 0xf1, 0x30, 0x79, 0x9b) - // }, - // TestVector{ - // key: [0x92, 0x3d, 0x4b, 0x08, 0x6b, 0x9e, 0x43, 0xb9, 0x86, 0xf7, 0xb6, 0x5e, 0x4c, 0xea, 0x61, 0x13, 0xa3, 0xd8, 0xaa, 0xbe, 0xfa, 0x89, 0x32, 0x3c, 0x5e, 0x4d, 0x5b, 0x6f, 0x15, 0x8b, 0xb7, 0xe0], - // nonce: [0xa0, 0xf7, 0x32, 0x97, 0xb8, 0x7f, 0x5d, 0xeb], - // plain_text: vec!(0x21, 0x43, 0x5e, 0x8d, 0x5c, 0x8e, 0xdf, 0x06, 0x84, 0xf5, 0x8c, 0x2c, 0xba, 0x40, 0x70, 0xc1, 0x0b, 0x48, 0x01, 0xad, 0xf4, 0x6b, 0x6c, 0x4d, 0x32, 0x2e, 0xb3, 0x99, 0x0a, 0x38, 0xa9, 0xad, 0x33, 0x8a, 0xd7, 0x04, 0xb9, 0xdf, 0x65, 0x97, 0xf3, 0xe6, 0x8d, 0x66, 0xcd, 0x5b, 0x56, 0x29, 0x0c, 0x84, 0x66, 0xdb, 0x22, 0x31, 0xe5, 0x6d, 0x6b, 0xcb, 0x9c, 0x44, 0xe1, 0xbd, 0x08, 0x1f, 0x42, 0xca, 0x2a, 0x89, 0x4d, 0xad, 0x36, 0x9d, 0xf2, 0xbd, 0x0d, 0x2c, 0x63, 0xd6, 0xc8, 0x81, 0x73, 0x2d, 0x6e, 0xa2, 0x2b, 0xb2, 0x2b, 0x5b, 0xc9, 0xa6, 0x2e, 0xaf, 0xfa, 0x1b, 0x09, 0x4d, 0x08, 0x45, 0xf6, 0xb9, 0x66, 0xd2, 0xcb, 0x09, 0x5e, 0x7b, 0x3b, 0x8b, 0xcb, 0xc1, 0x5e, 0x70, 0x74, 0x49, 0xd3, 0x5c, 0x8d, 0xf4, 0xae, 0xa3, 0x0c, 0x3b, 0x72, 0x43, 0xe9, 0x77, 0xff, 0xfd, 0x59, 0xc8, 0x0f, 0x1c, 0x5c, 0x9a, 0xf4, 0xbb, 0x5a, 0x54, 0xb9, 0xc7, 0x86, 0xfb, 0xbe, 0x8d, 0x21, 0xb2, 0xb9, 0x06, 0xa8, 0x7a, 0x78, 0x6c, 0xae, 0xd8, 0x41, 0xa3, 0x4a, 0x3e, 0x0c, 0xc0, 0xac, 0x32, 0x09, 0xd8, 0x3c, 0x58, 0xaf, 0xba, 0x19, 0xed, 0xd6, 0x36, 0x22, 0xdd, 0x26, 0x15, 0x32, 0xd2, 0xcf, 0xb0, 0xb4, 0x9d, 0x52, 0x7d, 0x8e, 0xaa, 0x08, 0x87, 0xa0, 0x87, 0xf5, 0x12, 0x9d, 0x89, 0x7f, 0x66, 0x52, 0x64, 0xb2, 0x29, 0xf8, 0x60, 0x36, 0x3d, 0x71, 0xa8, 0x8b, 0x7d, 0x49, 0xc8, 0xdc, 0x63, 0x60, 0x18, 0x2b, 0x35, 0x7b, 0x06, 0x62, 0x39, 0x1b, 0xb4, 0x13, 0x37, 0xf4, 0x60, 0x10, 0xac, 0x32, 0xb9, 0xfa, 0xda, 0x2d, 0x60, 0xa2, 0xef, 0xcb, 0x99, 0x36, 0x5d, 0x3b, 0x27, 0xb7, 0xac, 0x39, 0x69, 0x00, 0xd1, 0xc8, 0x21, 0xd0, 0xdf, 0x8b, 0x86, 0xcc, 0x9c, 0xc1, 0xf2, 0x67, 0x32, 0x59, 0xa3, 0x3e, 0xfe, 0xa6, 0x10, 0xbf, 0x8e, 0x1d, 0x00, 0xd7, 0xe9, 0xdb, 0x2a, 0xfe, 0xa2, 0x1d, 0xa8, 0xf5, 0x8c, 0x55, 0xf7, 0x99, 0x99, 0x9d), - // aad: vec!(0xc8, 0x53, 0xa8, 0xb3, 0x9c, 0x0d, 0xc5, 0x97, 0xd5, 0x62, 0xf1, 0x23, 0xcd, 0x22, 0x1e, 0x41, 0x04, 0xb6, 0x54, 0x23, 0xa0, 0x62, 0xa4, 0xf4, 0xba, 0x89, 0x0b, 0xa3, 0x44, 0xfe, 0xb8, 0x42, 0x90, 0xf6, 0x18, 0x17, 0xe2, 0x33, 0x30, 0xc3, 0x65, 0xf5, 0x8c, 0x35, 0x83, 0xce, 0x08, 0x36, 0x0d, 0x3c, 0x11, 0x71, 0x98, 0x2e, 0xad, 0x54, 0x96, 0xd5, 0x25, 0xac, 0x87, 0x8f, 0x23, 0xa5, 0x74, 0x80, 0xa6, 0xee, 0x39, 0xd4, 0xe6, 0x5a, 0xfd, 0x62, 0x68, 0x24, 0x5b, 0xb9, 0x82, 0xa2, 0x54, 0x5f, 0xa1, 0x19, 0x54, 0x27, 0xcd, 0xbb, 0xcd, 0x40, 0x4c, 0xda, 0xd5, 0x19, 0x8f, 0x55, 0xcc, 0xe2, 0xa5, 0xa0, 0x28, 0xfa, 0xe4, 0x35, 0xf7, 0x1b, 0x15, 0x92, 0x1d, 0x06, 0x6e, 0x8d, 0x43, 0x76, 0x6c, 0x32, 0xb2, 0xf2, 0xc3, 0xf5, 0x7c, 0x06, 0x74, 0xe1, 0x29, 0x60, 0x7d, 0xcd, 0x37, 0x03, 0xec, 0xa5, 0x29, 0x41, 0x4a, 0xda, 0xee, 0x79, 0xd8, 0x1f, 0xed, 0x43, 0x21, 0x53, 0xcc, 0xeb, 0x6f, 0x3f, 0xc5, 0x34, 0x04, 0x81, 0x0d, 0x8e, 0xc8, 0x78, 0xf7, 0xd9, 0x4b, 0xe5, 0xd3, 0x79, 0xd0, 0xe0, 0xe1, 0xaa, 0x9b, 0xc4, 0x04, 0xb4, 0xb5, 0xd3, 0x96, 0x03, 0x8a, 0x9d, 0x76, 0xa5, 0xce, 0x53, 0xc9, 0xf3, 0x75, 0x9b, 0x8e, 0x50, 0xfb, 0x33, 0x18, 0x58, 0xca, 0x58, 0xce, 0xe8, 0x1b, 0xfc, 0x3e, 0xe5, 0x8b, 0xae, 0xf5, 0xd1, 0x9c, 0x40, 0x2a, 0x3d, 0xc8, 0xb3, 0x63, 0x70, 0xec, 0x1a, 0xce, 0x5a, 0x4a, 0xa2, 0x52, 0x7f, 0xb9, 0x4b, 0x4f, 0x93, 0x3a, 0x4a, 0xb8, 0xcc, 0xaa, 0xf6, 0xa5, 0xaf, 0x5a, 0x77, 0x9e, 0xae, 0x56, 0x67, 0xc2, 0xa2, 0x4a, 0xb0, 0x27, 0xe7, 0x81, 0xc8, 0xd4, 0xf3, 0x0c, 0x37, 0x7a, 0xa5, 0x88, 0x5a, 0x2f, 0xda, 0xf6, 0x50, 0x7d, 0x18, 0xcd, 0x82, 0x4a, 0x84, 0x7c, 0x35, 0x36, 0x8b, 0x4e, 0xa9, 0x84, 0xd2, 0xc3, 0xc3, 0x82, 0x4a, 0x5b, 0x8b, 0xa3, 0x04, 0x2e, 0x18, 0x52, 0x50, 0x4a, 0x21, 0xa3), - // cipher_text: vec!(0xf2, 0xe2, 0x10, 0x52, 0xee, 0xbb, 0xb8, 0x6a, 0x4f, 0x5e, 0x80, 0x33, 0x60, 0x85, 0x5d, 0x86, 0x32, 0xaa, 0x72, 0x7d, 0xca, 0x6f, 0x5e, 0x79, 0xdd, 0x74, 0xd7, 0xaf, 0xf1, 0x06, 0xe4, 0x42, 0x00, 0x19, 0x28, 0xd1, 0x13, 0x00, 0x5b, 0x03, 0x0f, 0x84, 0x46, 0xf8, 0xef, 0xf2, 0xee, 0x95, 0x1d, 0xb6, 0x63, 0x97, 0x8a, 0xbe, 0x43, 0x09, 0x0d, 0xd5, 0xad, 0x2c, 0x51, 0xba, 0x97, 0xa0, 0xec, 0xf9, 0x88, 0xc6, 0x07, 0xd9, 0x5e, 0x48, 0x6d, 0x02, 0x52, 0x4f, 0x69, 0x0f, 0xa3, 0xc2, 0x8d, 0x5c, 0x48, 0xc1, 0xf7, 0x5c, 0x1f, 0x55, 0x5e, 0x7b, 0x43, 0xfe, 0x7e, 0x46, 0xf2, 0xca, 0x2b, 0x9f, 0xdb, 0x40, 0x8e, 0xc4, 0xba, 0x18, 0xb6, 0xcd, 0xde, 0x2a, 0xf6, 0x73, 0x18, 0x3c, 0xb7, 0xb1, 0xa3, 0xc2, 0x3a, 0xe7, 0x7e, 0xdd, 0xd4, 0xca, 0xc7, 0x5e, 0x1e, 0xa1, 0x47, 0x43, 0xfc, 0x57, 0x1f, 0x8d, 0x31, 0xce, 0x2e, 0x96, 0x78, 0x75, 0x24, 0xcd, 0x48, 0xaa, 0xda, 0xa4, 0x74, 0x18, 0x1c, 0x09, 0x6a, 0x03, 0x21, 0x84, 0x57, 0x4d, 0xdc, 0x25, 0xa6, 0xe0, 0xac, 0x84, 0x41, 0xc2, 0x12, 0xbc, 0x36, 0x29, 0x87, 0x08, 0xe3, 0x3c, 0x96, 0x3a, 0xe9, 0x31, 0xe6, 0xc6, 0x24, 0x1d, 0x1a, 0xff, 0xee, 0xf7, 0xb6, 0xef, 0x75, 0x94, 0x95, 0xdf, 0x44, 0xb6, 0xab, 0x64, 0x74, 0x47, 0x69, 0x3c, 0xf7, 0x03, 0x56, 0x9e, 0x69, 0xaa, 0x72, 0xf1, 0xde, 0xf9, 0xa3, 0x42, 0xb8, 0x97, 0x8c, 0x1e, 0xde, 0xa9, 0x70, 0x3a, 0x42, 0x1c, 0xa7, 0x5b, 0x92, 0xca, 0xc4, 0xde, 0x14, 0xb8, 0x8c, 0x69, 0x32, 0x00, 0x02, 0x2b, 0x8a, 0x2e, 0xd2, 0x2b, 0x1c, 0x46, 0x78, 0xb9, 0x9f, 0x4d, 0x69, 0x5e, 0x08, 0x0d, 0xd1, 0x19, 0x6d, 0x71, 0x68, 0xe1, 0x4f, 0x0d, 0x0f, 0x8f, 0xf8, 0x80, 0xd7, 0x42, 0xe9, 0x7b, 0x9f, 0x6d, 0x00, 0xaf, 0x1f, 0x71, 0x18, 0xe1, 0x0b, 0x77, 0xc5, 0xef, 0x3e, 0xa6, 0xc5, 0x2f, 0x84, 0xa2, 0x0f, 0xd6, 0xea, 0x46, 0xdc), - // tag: vec!(0xfa, 0x8e, 0xe1, 0x34, 0x00, 0xfb, 0x3f, 0x63, 0xb8, 0x99, 0xdf, 0x58, 0x2f, 0x2f, 0xec, 0x45) - // }, - // TestVector{ - // key: [0xdf, 0x73, 0xad, 0xab, 0x27, 0x68, 0x55, 0x9e, 0xa9, 0x83, 0xcc, 0xe8, 0x54, 0x53, 0xfe, 0x81, 0xd7, 0x9b, 0xe3, 0xb3, 0xc5, 0x7f, 0x20, 0x2b, 0x31, 0xb9, 0x4d, 0x66, 0x35, 0xcf, 0x2e, 0x4b], - // nonce: [0xe7, 0xa8, 0x7e, 0x6b, 0xf6, 0xb5, 0xa3, 0x54], - // plain_text: vec!(0x00, 0x32, 0xa3, 0x7a, 0xbf, 0x66, 0x1f, 0xaa, 0x18, 0xc5, 0x87, 0xfd, 0x2a, 0xa8, 0x88, 0x85, 0xc0, 0x61, 0xde, 0xeb, 0xa8, 0x11, 0x05, 0xdd, 0x22, 0x19, 0x69, 0xbe, 0xd5, 0xd5, 0x9c, 0x72, 0x04, 0xb0, 0x9b, 0x1a, 0x8c, 0x4c, 0x8d, 0xe3, 0xb9, 0xf7, 0x48, 0xc7, 0xfc, 0x70, 0x62, 0x6e, 0xbe, 0xac, 0xa0, 0x60, 0x23, 0x3a, 0x57, 0xb1, 0x02, 0x22, 0x1b, 0x1b, 0xf0, 0xf3, 0xd9, 0xfd, 0xaa, 0xad, 0x3d, 0x2b, 0x14, 0x39, 0xc2, 0x4d, 0x08, 0xf9, 0xc6, 0x7f, 0x49, 0xf3, 0xc4, 0x71, 0x28, 0xf9, 0x2e, 0xe5, 0x30, 0xab, 0xf4, 0xc4, 0xf4, 0x57, 0x3b, 0xc6, 0x0a, 0xe4, 0xb3, 0x81, 0x09, 0xf5, 0x5b, 0xca, 0x3c, 0xa9, 0xe1, 0xba, 0x9f, 0x9f, 0xd6, 0xe3, 0x4b, 0xa0, 0xd1, 0x74, 0x89, 0x29, 0x77, 0xa5, 0x33, 0x56, 0xe1, 0xf5, 0xc8, 0x8c, 0x61, 0x4f, 0xe3, 0xff, 0x3b, 0x3d, 0xd0, 0x81, 0x8e, 0x7a, 0x22, 0x85, 0x41, 0x2e, 0x3b, 0x37, 0x44, 0x4b, 0xbe, 0x8a, 0x80, 0x94, 0x2e, 0xfc, 0xfd, 0x03, 0x95, 0x88, 0x09, 0xa6, 0x96, 0x6c, 0xda, 0x94, 0x30, 0xb2, 0xf0, 0xc9, 0xe5, 0x52, 0xf4, 0xbc, 0xed, 0x6e, 0x19, 0xeb, 0x3e, 0x85, 0xfc, 0x57, 0x58, 0xbd, 0x7b, 0x58, 0x82, 0x97, 0xcc, 0xbe, 0xd3, 0x7e, 0xd9, 0x4c, 0x3a, 0xdc, 0x8c, 0x08, 0xea, 0x8b, 0x05, 0x84, 0x62, 0xaa, 0xc9, 0xd5, 0x7a, 0x93, 0x9e, 0xc7, 0x11, 0xbc, 0x4e, 0xcf, 0xec, 0x94, 0x4d, 0x2b, 0x65, 0x3b, 0x7c, 0xfc, 0x7b, 0x02, 0xa6, 0x5d, 0x70, 0x57, 0xc9, 0xfd, 0xad, 0xd5, 0x1b, 0x9d, 0xa8, 0xcc, 0x4a, 0x3c, 0x68, 0xda, 0xe9, 0xda, 0x8b, 0x9c, 0x53, 0x19, 0xc1, 0xa2, 0xba, 0xa3, 0xd6, 0xc8, 0x91, 0xc5, 0xac, 0x4a, 0x39, 0x46, 0x14, 0x84, 0xb5, 0xa0, 0x1a, 0xbc, 0x64, 0xdf, 0x44, 0x7a, 0xda, 0x24, 0xc0, 0x4a, 0x43, 0x63, 0xe6, 0x05, 0xea, 0xcc, 0xf3, 0x39, 0xa9, 0xaa, 0x51, 0x5e, 0x72, 0x42, 0x06, 0x20, 0x6d, 0xa6, 0xd2, 0x2b, 0xbd, 0x2f, 0x52, 0xe6, 0x4c, 0xd7, 0xc8, 0x95), - // aad: vec!(0xf8, 0x33, 0xe5, 0xab, 0x4f, 0x8b, 0xc8, 0x91, 0x67, 0xf8, 0x0f, 0x57, 0x6b, 0x1d, 0x6b, 0x22, 0xcd, 0xd0, 0xe3, 0x07, 0x21, 0xf5, 0xf7, 0x35, 0x79, 0x97, 0x46, 0xcf, 0x64, 0x5b, 0x6e, 0xff, 0x53, 0x1d, 0x4c, 0x7b, 0x03, 0x58, 0x4f, 0x3d, 0xfc, 0xb7, 0x3c, 0xbd, 0x35, 0xac, 0x42, 0x73, 0x62, 0x16, 0xdc, 0x7f, 0x0d, 0xe0, 0x98, 0xa4, 0xf4, 0x2c, 0x61, 0xce, 0xb4, 0xb2, 0x27, 0xee, 0x28, 0x8e, 0x47, 0xd6, 0x97, 0xa0, 0xa7, 0x6a, 0xfc, 0x76, 0x2f, 0x08, 0x4e, 0x8f, 0xdb, 0xf9, 0x35, 0x1c, 0x28, 0x34, 0x0c, 0x32, 0x47, 0x71, 0xc1, 0x09, 0xa4, 0x69, 0x34, 0x1a, 0xb1, 0x0c, 0xa1, 0x04, 0x83, 0xed, 0x2a, 0xf5, 0xe8, 0x78, 0xd7, 0xd3, 0xdc, 0x2b, 0xce, 0xd2, 0xf7, 0x2d, 0xa3, 0xd1, 0xa2, 0x58, 0x52, 0xb1, 0x03, 0xee, 0x98, 0x78, 0xe8, 0x15, 0x8e, 0xb4, 0x30, 0x9c, 0x1c, 0xe5, 0x28, 0xf3, 0xa1, 0x78, 0xac, 0xe1, 0x53, 0xb6, 0xd3, 0xae, 0x0a, 0xf0, 0xd5, 0x77, 0xcb, 0x3c, 0xb1, 0x54, 0x04, 0x89, 0xe8, 0x04, 0x27, 0xf7, 0x92, 0x21, 0x7a, 0xd8, 0xa0, 0x9b, 0x84, 0xf0, 0x27, 0xfc, 0xa7, 0xce, 0xb6, 0x51, 0xb4, 0x26, 0x4e, 0x98, 0xe9, 0x4b, 0x4c, 0xb8, 0xa3, 0x7b, 0x13, 0x33, 0x90, 0x89, 0x72, 0x33, 0xe8, 0xba, 0x91, 0x03, 0x62, 0x8d, 0x05, 0xb9, 0x60, 0x9e, 0x85, 0x52, 0xc4, 0xa4, 0xb1, 0x1e, 0x3f, 0x2f, 0xa8, 0xd5, 0x6a, 0xf3, 0x69, 0x57, 0x39, 0x0e, 0x88, 0xcb, 0xa4, 0x46, 0x56, 0xbe, 0x3e, 0xda, 0xce, 0x79, 0x8c, 0xf8, 0xcd, 0xf7, 0x77, 0x1b, 0xac, 0x33, 0x8a, 0x25, 0x6b, 0xc3, 0xcb, 0xa6, 0xdf, 0x97, 0x72, 0x8f, 0x22, 0x2f, 0x42, 0x3c, 0xa7, 0xc6, 0xd1, 0x49, 0xc9, 0x37, 0x2d, 0x66, 0x16, 0x3a, 0x98, 0xf7, 0x9a, 0x23, 0x4b, 0x00, 0xd4, 0xb7, 0x5f, 0xb2, 0xec, 0x86, 0x0d, 0xcc, 0x2d, 0x19, 0x98, 0x10, 0x5e, 0x4b, 0x9c, 0x01, 0xd6, 0x8f, 0x07, 0x9f, 0x3e, 0x0a, 0xa2, 0x1c, 0xc5, 0x34, 0x04, 0x7f, 0xc7, 0xb8, 0x58, 0xf8), - // cipher_text: vec!(0xb8, 0x42, 0xea, 0xdf, 0xdf, 0x43, 0x1c, 0x13, 0x5b, 0xd6, 0x58, 0x1d, 0x3e, 0xcc, 0xae, 0x54, 0xe2, 0x26, 0x7d, 0x88, 0x90, 0x03, 0x6a, 0xa3, 0x3d, 0xfe, 0x2d, 0x2d, 0x97, 0x15, 0xc4, 0x46, 0x25, 0x44, 0x12, 0x10, 0xa3, 0xa0, 0xd6, 0x66, 0xd7, 0x08, 0xd3, 0x05, 0x88, 0xfe, 0x85, 0x1e, 0xc3, 0x6e, 0x10, 0xd8, 0xfa, 0x35, 0x84, 0xed, 0x77, 0xb0, 0x95, 0x14, 0x94, 0x94, 0xb7, 0xc5, 0x43, 0x79, 0xd6, 0x2c, 0x89, 0x35, 0xe1, 0xd2, 0xb9, 0xa8, 0xf4, 0x7e, 0x47, 0x59, 0xad, 0x0b, 0x34, 0x37, 0xfd, 0xf2, 0xcc, 0x2f, 0xb6, 0xc5, 0xea, 0x25, 0xad, 0x10, 0xe0, 0xbd, 0xc9, 0xdc, 0x5b, 0x05, 0x17, 0xfc, 0x23, 0x7e, 0xb7, 0x83, 0xcc, 0x46, 0x1c, 0x46, 0x66, 0x5e, 0x2b, 0x1d, 0x1a, 0x5b, 0x80, 0x08, 0xdb, 0xf4, 0x09, 0xea, 0x2a, 0x63, 0xfe, 0xa0, 0x27, 0x6d, 0xe2, 0x3a, 0x32, 0xc9, 0x9d, 0x92, 0xa4, 0x98, 0x80, 0x7a, 0x0f, 0x95, 0xe2, 0x08, 0xfc, 0x62, 0x62, 0x32, 0x1a, 0x78, 0xaa, 0xfa, 0xf0, 0xcc, 0x3f, 0x83, 0x3f, 0xff, 0x37, 0xbd, 0x4e, 0xfa, 0x66, 0xf6, 0x02, 0x3a, 0x25, 0xcd, 0xc6, 0x70, 0x2c, 0xee, 0x39, 0x12, 0x79, 0x95, 0x63, 0xd9, 0x08, 0xa5, 0x18, 0x3c, 0x99, 0x56, 0xa0, 0x6a, 0xa7, 0x10, 0x85, 0xd8, 0x55, 0xdc, 0x7c, 0x80, 0x9e, 0xd6, 0xe2, 0x88, 0x95, 0x92, 0xb3, 0x61, 0xab, 0x3a, 0xb3, 0x90, 0x60, 0xf8, 0xe4, 0x19, 0x15, 0x21, 0x87, 0xa7, 0x94, 0xa1, 0x9c, 0x2a, 0x11, 0x28, 0x88, 0x22, 0x01, 0x90, 0x0e, 0xa2, 0xcd, 0x59, 0x78, 0x60, 0x67, 0x4b, 0xf7, 0x8d, 0x97, 0x20, 0x64, 0x3d, 0xf8, 0x70, 0x16, 0x76, 0x71, 0x8f, 0xd2, 0x01, 0xba, 0xed, 0x49, 0x35, 0xa8, 0x8e, 0x50, 0x55, 0x8d, 0xaf, 0x86, 0xed, 0xd0, 0x8a, 0x9a, 0xb2, 0x27, 0xac, 0x7a, 0xfa, 0xe5, 0x5c, 0x97, 0x4b, 0x68, 0xde, 0x8d, 0xac, 0xad, 0x4a, 0x4d, 0x79, 0xb1, 0x3e, 0xd6, 0xdf, 0xe7, 0x40, 0x17, 0xa4, 0xcb, 0x91, 0x48, 0xe0, 0x33, 0x43, 0x6f, 0xb6), - // tag: vec!(0x18, 0x40, 0x95, 0xb7, 0xa8, 0x19, 0x0a, 0xbe, 0xc0, 0x8b, 0xb7, 0x2d, 0x19, 0xee, 0xb1, 0x03) - // }, - // TestVector{ - // key: [0x55, 0xa4, 0xbe, 0x24, 0x48, 0xb4, 0x64, 0xc2, 0xea, 0x52, 0xa2, 0xf2, 0x66, 0x4e, 0xd6, 0xab, 0xa8, 0x65, 0xc1, 0x4e, 0xa1, 0xfe, 0xa7, 0x7f, 0x46, 0x89, 0x33, 0x1f, 0xd1, 0x05, 0xc8, 0xd4], - // nonce: [0xdb, 0x37, 0xc0, 0xa4, 0x05, 0xb4, 0x62, 0x6d], - // plain_text: vec!(0xd2, 0x66, 0xe6, 0x62, 0x72, 0xe5, 0xd3, 0x46, 0x20, 0x81, 0xb0, 0x04, 0xcb, 0x42, 0x42, 0x9c, 0x8b, 0x97, 0x41, 0xe9, 0xf6, 0x78, 0x15, 0x37, 0x54, 0xd7, 0x26, 0xf6, 0xf9, 0xaa, 0x51, 0x34, 0x64, 0x76, 0x3c, 0x5e, 0x79, 0x3b, 0x48, 0x2f, 0xe5, 0x12, 0xfe, 0xce, 0x97, 0x58, 0x5f, 0x14, 0x26, 0x12, 0x0d, 0x4c, 0xef, 0xb3, 0xd0, 0xa8, 0xcc, 0x0a, 0x8d, 0xb4, 0xbd, 0xe9, 0x3f, 0xc7, 0x2c, 0x78, 0xf4, 0x4d, 0x4f, 0xec, 0xca, 0x14, 0x65, 0x0c, 0x66, 0x0d, 0x3e, 0x28, 0x5b, 0x32, 0x7e, 0x7c, 0xdd, 0x81, 0x30, 0x63, 0xe7, 0xe8, 0x67, 0xb8, 0xa2, 0xd0, 0x59, 0xa4, 0x1b, 0xab, 0x70, 0x43, 0x2b, 0x7f, 0x85, 0x71, 0x99, 0x89, 0x4d, 0xa9, 0x0d, 0xca, 0x3f, 0xe5, 0x27, 0x2b, 0xae, 0x1e, 0xc6, 0x94, 0xa1, 0xa0, 0x7b, 0x60, 0xb0, 0x5d, 0xf2, 0x75, 0x78, 0x4d, 0x49, 0x75, 0x63, 0x7e, 0x46, 0x73, 0x10, 0x9f, 0x3b, 0xa8, 0x46, 0xdf, 0xd1, 0xa0, 0x48, 0xb2, 0x02, 0xed, 0x8e, 0x89, 0x97, 0x3b, 0xe6, 0x08, 0xb9, 0x1e, 0xe4, 0x74, 0x3b, 0x1e, 0x75, 0x99, 0x00, 0xf1, 0x44, 0x30, 0x38, 0x95, 0x1f, 0xe6, 0x18, 0x9e, 0x80, 0x66, 0x38, 0x98, 0x5f, 0x3c, 0x16, 0x33, 0x8c, 0x3c, 0x60, 0x69, 0x5d, 0xf5, 0x8e, 0x62, 0x11, 0x54, 0xd7, 0x9b, 0xb9, 0x73, 0x85, 0x9c, 0x45, 0x58, 0xe9, 0xdc, 0xa9, 0x04, 0x70, 0xf7, 0x7c, 0x73, 0xf0, 0x04, 0x44, 0x3a, 0xd5, 0xdb, 0x07, 0x17, 0xab, 0xbe, 0x43, 0x26, 0x6f, 0x90, 0xe5, 0x73, 0x97, 0xb8, 0x3a, 0xc3, 0x4d, 0x1f, 0xef, 0x2e, 0x89, 0x7e, 0x24, 0x83, 0xd5, 0xbc, 0xdc, 0xb6, 0x27, 0xab, 0xd6, 0x4b, 0x0d, 0x1a, 0xef, 0x52, 0x58, 0x35, 0xf2, 0x5e, 0x76, 0xd6, 0xe9, 0x15, 0x82, 0x32, 0xcd, 0xde, 0x6d, 0xce, 0x97, 0x0b, 0x59, 0xf5, 0x8d, 0xe8, 0xa9, 0x8e, 0x65, 0x3b, 0xe3, 0x2f, 0xb5, 0x8e, 0xda, 0xbb, 0xce, 0xfa, 0x50, 0x65, 0xd7, 0x3a, 0xfd, 0xf1, 0xc9, 0xc4, 0xfb, 0xf5, 0x0c, 0x10, 0x22, 0xbd, 0x22, 0xbf, 0xcb, 0x98, 0xe4, 0xb4, 0x22), - // aad: vec!(0xfd, 0x6a, 0x3f, 0xdd, 0x87, 0x9f, 0x88, 0x80, 0x84, 0x3e, 0xac, 0x20, 0xae, 0x01, 0xc1, 0xb9, 0xdc, 0x34, 0x87, 0xd2, 0x70, 0xa8, 0x06, 0x57, 0x20, 0x88, 0xef, 0x2d, 0xdc, 0x1f, 0x1e, 0x0d, 0xe4, 0x95, 0xe7, 0x1d, 0x48, 0x13, 0xbf, 0x5c, 0x50, 0x1a, 0xd3, 0x1e, 0x5d, 0x79, 0x1c, 0x4b, 0x5b, 0x3a, 0x0a, 0x71, 0xb6, 0x3f, 0xdd, 0xdc, 0xc8, 0xde, 0x4b, 0x05, 0x60, 0x64, 0xef, 0x46, 0x79, 0x89, 0xec, 0xcc, 0xc5, 0xd0, 0x16, 0x0d, 0x40, 0x3b, 0xf3, 0xa0, 0x25, 0xd4, 0x89, 0x2b, 0x3b, 0x1d, 0xe3, 0xe0, 0x62, 0xbc, 0x35, 0x81, 0xd4, 0x41, 0x0f, 0x27, 0x33, 0x38, 0x31, 0x1e, 0xb4, 0x63, 0x75, 0x29, 0xe4, 0xa6, 0x80, 0xa6, 0xe4, 0xa5, 0xe2, 0x6e, 0x30, 0x86, 0x30, 0xa5, 0xb6, 0xd4, 0x9e, 0xad, 0x6d, 0x54, 0x3f, 0x8f, 0x2b, 0xf9, 0x05, 0x0a, 0xa9, 0x4c, 0xe0, 0x91, 0x31, 0x87, 0x21, 0xe1, 0xd8, 0xb9, 0x6e, 0x27, 0x9f, 0x34, 0xb9, 0x75, 0x9b, 0x65, 0x03, 0x7b, 0xec, 0x4b, 0xf6, 0xcc, 0xda, 0x69, 0x29, 0x70, 0x5a, 0xee, 0xee, 0xbe, 0x49, 0xe3, 0x27, 0xe4, 0xd7, 0xa9, 0x16, 0x62, 0x0c, 0x9f, 0xaf, 0x37, 0x65, 0x12, 0x06, 0x58, 0xaf, 0x34, 0xc5, 0x3f, 0xbb, 0x97, 0xec, 0x07, 0x65, 0x7b, 0x3f, 0x08, 0x8f, 0xcb, 0xdc, 0x40, 0x1a, 0xa7, 0x94, 0x9d, 0xde, 0xda, 0x34, 0xd8, 0x85, 0x01, 0x8c, 0x2c, 0x23, 0xf4, 0xf0, 0xbb, 0x82, 0x18, 0xbf, 0x0d, 0x4f, 0xc9, 0x06, 0x43, 0x65, 0x8b, 0x4d, 0x88, 0x34, 0xf4, 0xa8, 0xc0, 0x8e, 0x59, 0x0c, 0x2a, 0x79, 0x09, 0x95, 0xba, 0xa9, 0xe7, 0x76, 0x27, 0xc3, 0x42, 0xd2, 0x83, 0xe4, 0x54, 0xf8, 0x4f, 0xcc, 0x05, 0xbe, 0x15, 0xe9, 0x62, 0x7a, 0x2d, 0x9b, 0xe3, 0x40, 0xc9, 0xd7, 0x2f, 0x22, 0x2b, 0xbd, 0xfc, 0x47, 0x90, 0x5f, 0x56, 0x61, 0x6c, 0xd9, 0xf9, 0x36, 0xd4, 0x9e, 0x47, 0x32, 0xf3, 0x19, 0xf0, 0x20, 0x51, 0x33, 0x40, 0xfb, 0x8b, 0x22, 0x82, 0x8d, 0xb2, 0x51, 0xb1, 0x02, 0xb6, 0xb1, 0x37, 0xc9, 0x53, 0x39, 0x36, 0xd6), - // cipher_text: vec!(0xbd, 0x11, 0xed, 0x07, 0xb7, 0xb4, 0xb3, 0x0e, 0xea, 0xf2, 0x5d, 0x6a, 0x41, 0xa5, 0x49, 0xcc, 0xa0, 0xa5, 0xae, 0xe7, 0x1f, 0x99, 0x0a, 0xc5, 0x66, 0xa3, 0x72, 0x65, 0xd7, 0xaf, 0x2c, 0xe3, 0xc0, 0x37, 0x03, 0x42, 0x7e, 0xe0, 0xb2, 0x75, 0x5c, 0x2b, 0xdf, 0xc2, 0x9f, 0x9d, 0x82, 0x6a, 0xec, 0x6e, 0xe4, 0xad, 0x28, 0xaf, 0x48, 0x07, 0x9a, 0xc2, 0x3d, 0xb1, 0x65, 0x80, 0xb9, 0x74, 0x24, 0xf3, 0xa4, 0xe3, 0x5c, 0xc2, 0x36, 0x25, 0xd3, 0x9f, 0x95, 0x69, 0x9d, 0x9f, 0xf5, 0x14, 0x3e, 0x9a, 0x2b, 0xc2, 0x6f, 0xcf, 0xee, 0x4f, 0x12, 0x5f, 0x5a, 0xa2, 0xd9, 0x68, 0xcc, 0xfc, 0x2f, 0xaa, 0xf9, 0xdb, 0x3c, 0x28, 0x85, 0x0f, 0x67, 0x57, 0xf7, 0x35, 0xcb, 0xc5, 0x0c, 0x94, 0xc4, 0x98, 0xbc, 0xde, 0x4f, 0x23, 0xbf, 0xfa, 0xfa, 0x8d, 0xd5, 0xf7, 0x0d, 0x1a, 0x01, 0x1e, 0x35, 0xeb, 0x26, 0xe9, 0x05, 0xd4, 0xe6, 0x88, 0x48, 0xfe, 0xde, 0xbe, 0xb1, 0x97, 0xbe, 0x59, 0x5c, 0x08, 0x5b, 0xa3, 0x3f, 0x11, 0xba, 0x83, 0x98, 0x25, 0x84, 0x45, 0x05, 0x17, 0x51, 0x88, 0x8e, 0x9b, 0xba, 0x11, 0x1f, 0x80, 0x0f, 0x31, 0xb3, 0x7c, 0x44, 0x70, 0x74, 0xca, 0x6d, 0xce, 0x6d, 0x54, 0xb4, 0xdf, 0xad, 0x6c, 0xee, 0x51, 0x38, 0x64, 0x3d, 0x4f, 0x6a, 0xc0, 0x45, 0xe8, 0x04, 0x72, 0x48, 0x92, 0x4e, 0x88, 0xea, 0x42, 0x94, 0xc7, 0x87, 0x8b, 0xc2, 0x2c, 0x9b, 0x41, 0x92, 0x4c, 0xe3, 0x01, 0xf2, 0x26, 0x93, 0xc3, 0x37, 0x33, 0x10, 0x7b, 0xf1, 0xba, 0x85, 0xe3, 0x48, 0x06, 0xc5, 0xe4, 0x36, 0x6e, 0xa6, 0x6f, 0xc5, 0x2a, 0x5f, 0x89, 0xdd, 0x9b, 0xf2, 0x13, 0x23, 0x91, 0x58, 0xb3, 0xd4, 0xd2, 0x60, 0x0d, 0xde, 0x69, 0x6c, 0x61, 0xd7, 0x6c, 0x39, 0x8b, 0x9b, 0xf1, 0x0d, 0xe9, 0x11, 0x8e, 0x81, 0x2e, 0x89, 0x1c, 0x8f, 0x33, 0x55, 0xc0, 0xec, 0xc6, 0x40, 0x5f, 0x79, 0xbc, 0x32, 0xa5, 0x89, 0x05, 0xe3, 0x78, 0x88, 0xa1, 0xd8, 0x39, 0x5f, 0xbe, 0xdc, 0x3a, 0xc5, 0x4e, 0xca, 0x56, 0x9f), - // tag: vec!(0xf7, 0xd3, 0xb5, 0x8a, 0x34, 0xa8, 0x6e, 0x99, 0x26, 0x7e, 0x5d, 0xb2, 0x06, 0xf1, 0x7b, 0xbe) - // }, - // TestVector{ - // key: [0x33, 0x04, 0xe4, 0x91, 0x7a, 0xd7, 0x77, 0x7b, 0x86, 0xc2, 0x6a, 0x63, 0x62, 0x92, 0xc9, 0xcc, 0x4c, 0x10, 0xd3, 0x20, 0x03, 0xc4, 0x9e, 0x07, 0x20, 0x9e, 0xb0, 0xef, 0x85, 0x05, 0x03, 0x1a], - // nonce: [0x4d, 0x57, 0x2d, 0x11, 0x6f, 0xbd, 0x8c, 0x4d], - // plain_text: vec!(0x2f, 0x24, 0x2c, 0x2b, 0xa3, 0x37, 0x90, 0xec, 0xef, 0x86, 0x2b, 0x0e, 0x07, 0x7f, 0xf8, 0xb1, 0x5e, 0xb9, 0xd1, 0x0c, 0xf2, 0xff, 0x62, 0x1e, 0xd6, 0x59, 0x02, 0x49, 0x44, 0x31, 0xdc, 0xbd), - // aad: vec!(0xe6, 0x99, 0xbb, 0xf2, 0x50, 0xcd, 0xd9, 0x3d, 0x22, 0x9d, 0x07, 0x40, 0xe4, 0x33, 0x89, 0x7e, 0x2d, 0x19, 0x13, 0x2e, 0x2b, 0x72, 0x2d, 0xf8, 0xb6, 0x9b, 0xb6, 0xa7, 0xc2, 0xcf, 0x3b, 0x93), - // cipher_text: vec!(0xfb, 0x81, 0xe3, 0x04, 0x36, 0xe4, 0x37, 0xc7, 0xf6, 0x86, 0xf8, 0x6b, 0x1b, 0x65, 0xc7, 0x35, 0x49, 0xa9, 0xd0, 0x9d, 0xb8, 0x10, 0xd3, 0x20, 0x78, 0x5c, 0x36, 0x34, 0x93, 0x41, 0x50, 0xb3), - // tag: vec!(0x8b) - // }, - // TestVector{ - // key: [0xed, 0x60, 0x57, 0xbb, 0x16, 0x3f, 0x16, 0x09, 0xff, 0x28, 0xb9, 0x38, 0x12, 0x2f, 0x49, 0x5e, 0x3d, 0x5a, 0xe4, 0xec, 0x3d, 0xbd, 0x74, 0x56, 0xc9, 0xb5, 0xc8, 0x2e, 0x28, 0xe9, 0x52, 0xdc], - // nonce: [0xe6, 0xff, 0x68, 0x52, 0xf3, 0xa3, 0xaf, 0xde], - // plain_text: vec!(0x3c, 0x50, 0xed, 0xc9, 0x67, 0xeb, 0x0b, 0x3b, 0x23, 0x55, 0xf6, 0x40, 0x0e, 0x0a, 0x03, 0x6e, 0x79, 0x6c, 0x8b, 0x7d, 0x72, 0xc5, 0xe5, 0x83, 0xa8, 0x6e, 0x82, 0x0d, 0x53, 0xe7, 0x6c, 0x43), - // aad: vec!(0x24, 0x41, 0xdb, 0x55, 0x14, 0x8e, 0x14, 0xe9, 0xe2, 0x41, 0xd6, 0x82, 0x96, 0xeb, 0x60, 0xd5, 0x29, 0x40, 0x8f, 0x05, 0x34, 0x14, 0x30, 0x89, 0x67, 0x1b, 0xce, 0x54, 0x6d, 0xb9, 0x6d, 0x88), - // cipher_text: vec!(0x6e, 0xca, 0xbc, 0xce, 0xe3, 0x15, 0x19, 0x37, 0x4d, 0x4b, 0xed, 0x11, 0x29, 0x6e, 0x74, 0x83, 0xd1, 0xcb, 0x75, 0x9b, 0xea, 0x3f, 0x44, 0x46, 0xa9, 0x6b, 0xda, 0x8b, 0x4c, 0xa6, 0xd7, 0xac), - // tag: vec!(0x35, 0x5f) - // }, - // TestVector{ - // key: [0x73, 0x56, 0x81, 0x83, 0xc1, 0xf9, 0x72, 0x5a, 0xf3, 0x0e, 0x0f, 0x20, 0x67, 0x60, 0x6c, 0xe8, 0x02, 0xc3, 0xfe, 0x3a, 0xb5, 0xcf, 0xf8, 0xd0, 0x2b, 0x3d, 0xb8, 0xc3, 0x51, 0x76, 0xee, 0x0d], - // nonce: [0x0b, 0xc9, 0xe1, 0x93, 0x21, 0xb3, 0xd0, 0x0a], - // plain_text: vec!(0xec, 0x25, 0x90, 0xaf, 0x5c, 0xcd, 0x22, 0x6a, 0x32, 0xff, 0x75, 0x0c, 0x1b, 0x02, 0x9c, 0x11, 0xe3, 0xdd, 0x76, 0xc4, 0x69, 0xa5, 0x57, 0x9d, 0xa9, 0x41, 0x8e, 0x4c, 0x3f, 0xdc, 0x0d, 0x41), - // aad: vec!(0xdf, 0x30, 0x16, 0x0a, 0xe0, 0xcb, 0xf2, 0xcf, 0x89, 0x92, 0x22, 0x1b, 0xd6, 0x2d, 0xff, 0xe6, 0x91, 0xdd, 0x60, 0x2a, 0xfa, 0x78, 0x4c, 0xa6, 0x91, 0x47, 0x9e, 0x95, 0x7a, 0xf3, 0xac, 0xf1), - // cipher_text: vec!(0x9e, 0x8d, 0x8a, 0xc3, 0x06, 0x26, 0xf8, 0xb8, 0x31, 0x44, 0x8d, 0x69, 0x76, 0x93, 0x3a, 0xa5, 0xbb, 0x8c, 0x6d, 0xbc, 0x79, 0x4e, 0x1f, 0x4b, 0x7e, 0xeb, 0x0e, 0x4a, 0x59, 0x34, 0x2c, 0x07), - // tag: vec!(0x9f, 0xd3, 0x6a) - // }, - // TestVector{ - // key: [0x27, 0x3b, 0xcb, 0x3f, 0x8c, 0x06, 0x7d, 0xa4, 0xec, 0x34, 0x18, 0x79, 0x9a, 0xd4, 0x0e, 0x7e, 0x4a, 0xee, 0x74, 0xad, 0x7e, 0x62, 0x94, 0x99, 0xd6, 0x46, 0xdf, 0x4a, 0x7e, 0x58, 0x50, 0x25], - // nonce: [0xf6, 0x0b, 0xe3, 0xeb, 0x89, 0x4b, 0x40, 0x30], - // plain_text: vec!(0x69, 0x74, 0x98, 0xba, 0x96, 0x4d, 0x5e, 0xf4, 0x01, 0xda, 0x4d, 0x94, 0x84, 0x4f, 0xab, 0x1e, 0xfc, 0x63, 0x5e, 0x71, 0x57, 0xd0, 0x83, 0x1a, 0x32, 0x5b, 0xb5, 0xa4, 0xcf, 0x1f, 0xbd, 0x34), - // aad: vec!(0x91, 0x29, 0x71, 0x5d, 0xea, 0xb1, 0x4f, 0x02, 0xc7, 0x6b, 0xa8, 0x17, 0x25, 0x71, 0xb1, 0xfa, 0x9d, 0x50, 0x36, 0x5c, 0xd7, 0x95, 0xbf, 0xcc, 0xdf, 0xc2, 0x8e, 0x7e, 0x7b, 0x4f, 0x66, 0xfc), - // cipher_text: vec!(0xbd, 0x4c, 0xd5, 0xaf, 0x83, 0xbe, 0x1c, 0x13, 0x93, 0x33, 0x02, 0x67, 0x5d, 0x9f, 0xca, 0xf1, 0xc4, 0xca, 0xcd, 0xf2, 0x69, 0xf6, 0xff, 0x44, 0x1d, 0x1e, 0xa2, 0x21, 0x1c, 0x54, 0xe7, 0xed), - // tag: vec!(0x7a, 0xb1, 0x2a, 0x37) - // }, - // TestVector{ - // key: [0xad, 0x39, 0x61, 0x0c, 0x2e, 0x6a, 0x6d, 0x09, 0x61, 0x20, 0x73, 0x90, 0xe0, 0x76, 0xe9, 0x72, 0xc2, 0xed, 0xad, 0xca, 0x88, 0x5c, 0x92, 0x96, 0x5f, 0xa6, 0x48, 0xb2, 0xce, 0x34, 0xfd, 0xbf], - // nonce: [0xa9, 0x0d, 0xb6, 0x90, 0xbb, 0xa8, 0x3b, 0x78], - // plain_text: vec!(0x31, 0xc4, 0x9e, 0x3c, 0xd3, 0xd8, 0x0a, 0x82, 0xe6, 0xb9, 0x03, 0x16, 0xdf, 0xb9, 0x4b, 0x38, 0xb8, 0xa2, 0x30, 0x42, 0x51, 0x9b, 0xf4, 0x0c, 0x81, 0x81, 0xfe, 0xc8, 0x73, 0xc9, 0x90, 0x02), - // aad: vec!(0xdd, 0xbd, 0x7d, 0x82, 0x1d, 0x18, 0xd4, 0x4c, 0x66, 0x29, 0x5a, 0xbf, 0x24, 0x5b, 0x22, 0x7b, 0x5c, 0xf4, 0x36, 0x68, 0x11, 0xb7, 0xb3, 0x4c, 0x07, 0x67, 0x96, 0x00, 0xab, 0xdb, 0xfc, 0x29), - // cipher_text: vec!(0x94, 0x62, 0x8f, 0xc3, 0x03, 0xa0, 0x54, 0x6e, 0xdd, 0x51, 0xe9, 0x66, 0xf2, 0xbd, 0x87, 0x96, 0x8f, 0x37, 0x80, 0x0c, 0x60, 0x7d, 0x5e, 0x5a, 0x91, 0xf7, 0x27, 0xfc, 0x1f, 0xec, 0x40, 0x6f), - // tag: vec!(0xc2, 0x2e, 0xc4, 0xe4, 0xc8) - // }, - // TestVector{ - // key: [0x29, 0x98, 0x49, 0x54, 0x06, 0x0b, 0xa0, 0x6e, 0xce, 0x1b, 0xcf, 0xc0, 0xe5, 0x01, 0x95, 0xf4, 0x63, 0x2c, 0x6d, 0xf4, 0x8d, 0xa1, 0xe0, 0x2a, 0xe6, 0xc1, 0x4f, 0x70, 0x65, 0x66, 0x89, 0x71], - // nonce: [0xcc, 0xe5, 0x3a, 0x25, 0xae, 0xea, 0xf7, 0x47], - // plain_text: vec!(0xb9, 0xb8, 0x74, 0x33, 0xa9, 0x89, 0x4f, 0x3c, 0x9c, 0xa8, 0x21, 0x26, 0x23, 0xd6, 0x23, 0x69, 0xa5, 0x65, 0xa2, 0xed, 0xcd, 0xdd, 0x27, 0x6e, 0x07, 0xd6, 0x11, 0xed, 0xa3, 0x59, 0x74, 0x26), - // aad: vec!(0x19, 0xfa, 0x9a, 0xa5, 0x96, 0x97, 0x55, 0x9d, 0x8b, 0x46, 0xd9, 0xcd, 0x49, 0xc3, 0xb7, 0x63, 0xc0, 0xb7, 0x3b, 0x26, 0xb9, 0xe3, 0x34, 0xa3, 0xee, 0xac, 0x2c, 0x86, 0xfd, 0xba, 0xca, 0x8d), - // cipher_text: vec!(0xb6, 0x8c, 0x83, 0x39, 0x77, 0x70, 0xc3, 0x6f, 0x07, 0x37, 0x10, 0x88, 0x2f, 0xa8, 0x6d, 0x43, 0xb0, 0xe5, 0x4e, 0x8e, 0xfe, 0xf0, 0xff, 0x75, 0x07, 0x56, 0x04, 0xd0, 0xd7, 0xec, 0x4e, 0x1b), - // tag: vec!(0x40, 0xd4, 0xab, 0x75, 0x2f, 0x3d) - // }, - // TestVector{ - // key: [0x5c, 0x3b, 0x83, 0x8b, 0x84, 0x10, 0x0b, 0x2a, 0x81, 0x8c, 0x08, 0x42, 0xe9, 0xfe, 0x19, 0xa7, 0xc5, 0x0c, 0xf5, 0xf3, 0xea, 0x73, 0x36, 0x4c, 0x81, 0x6e, 0xf5, 0x88, 0xe5, 0x00, 0xff, 0x3f], - // nonce: [0xfd, 0xf6, 0xb0, 0x22, 0x9e, 0x4b, 0xcc, 0x2a], - // plain_text: vec!(0x2b, 0xa9, 0x19, 0x04, 0xc1, 0x43, 0xbe, 0x99, 0x29, 0x7b, 0x39, 0xf5, 0x28, 0x56, 0x90, 0x4a, 0xf4, 0x17, 0x05, 0xc1, 0x76, 0xc8, 0xc6, 0x55, 0x4b, 0x6b, 0xc8, 0x9b, 0xdd, 0xff, 0xbc, 0xc1), - // aad: vec!(0x35, 0x39, 0xd9, 0xdd, 0x82, 0x1f, 0x00, 0x4f, 0x4c, 0xed, 0x16, 0x37, 0x07, 0x1f, 0x4b, 0xe6, 0xab, 0xd7, 0xfe, 0x98, 0xf0, 0x17, 0xf0, 0xa8, 0xce, 0x3f, 0x49, 0xdc, 0x8d, 0x49, 0x6f, 0x46), - // cipher_text: vec!(0xff, 0x9d, 0x6d, 0x92, 0x4e, 0x73, 0x7a, 0x1d, 0xf8, 0xc2, 0xbd, 0x30, 0x47, 0xe4, 0x0a, 0xb4, 0x01, 0xf9, 0x03, 0xaa, 0x0e, 0x5b, 0x51, 0xac, 0xb9, 0x91, 0xba, 0xc3, 0x8a, 0xc2, 0xcc, 0x4d), - // tag: vec!(0x1b, 0xca, 0xa4, 0x15, 0xa6, 0xa3, 0xc7) - // }, - TestVector{ - key: [0x6d, 0x65, 0xe6, 0x27, 0xca, 0xb6, 0xd5, 0xeb, 0x1a, 0x08, 0x8b, 0x25, 0xbd, 0x6c, 0x3a, 0x8a, 0x00, 0x4a, 0x7a, 0x19, 0xcc, 0xca, 0xe9, 0x09, 0xd6, 0x2f, 0xed, 0x35, 0x59, 0xc8, 0x12, 0xf7], - nonce: [0x7f, 0xf0, 0x0a, 0x87, 0x98, 0xb7, 0x92, 0xde], - plain_text: vec!(0x68, 0x48, 0xee, 0x4a, 0xc8, 0x20, 0x29, 0x1a, 0x2e, 0x1d, 0xc3, 0xba, 0xad, 0x97, 0xf1, 0xad, 0x8b, 0x71, 0x60, 0xdf, 0xea, 0xa1, 0xbc, 0x83, 0xb2, 0x70, 0x0a, 0xe4, 0x2b, 0x5a, 0x36, 0x6b), - aad: vec!(0xd2, 0x43, 0x7b, 0x13, 0x06, 0xbf, 0x0e, 0xa2, 0x11, 0x44, 0x9f, 0xac, 0x86, 0x3c, 0xa0, 0xd1, 0x07, 0x4d, 0x84, 0xca, 0xee, 0x90, 0x09, 0xc5, 0xd5, 0x4b, 0x9e, 0x9b, 0xdc, 0x8d, 0xe6, 0xb1), - cipher_text: vec!(0x2d, 0xa0, 0xab, 0xe2, 0xa7, 0x1e, 0x1c, 0x0b, 0x1a, 0xb3, 0x09, 0xc1, 0x60, 0xa8, 0xce, 0xbe, 0x45, 0xc6, 0xe1, 0x61, 0x70, 0xaa, 0x55, 0x61, 0x80, 0x64, 0x84, 0xba, 0x2b, 0x5b, 0x9a, 0x9a), - tag: vec!(0x56, 0x60, 0x03, 0xe1, 0xf7, 0x8d, 0x2a, 0x90) - }, - TestVector{ - key: [0x63, 0x40, 0x10, 0x46, 0xa9, 0x6e, 0xfb, 0xc8, 0xc6, 0x48, 0x3a, 0x2c, 0x39, 0x6b, 0x2a, 0x59, 0x3d, 0x3f, 0xae, 0x0d, 0xb5, 0x65, 0x52, 0x5b, 0x85, 0x99, 0x9f, 0xae, 0x13, 0xa4, 0x6b, 0x6a], - nonce: [0x05, 0x13, 0x93, 0xd7, 0x75, 0xe6, 0x35, 0xee], - plain_text: vec!(0x2b, 0x4b, 0x64, 0x77, 0x58, 0x03, 0x82, 0xaa, 0xe7, 0x82, 0xf8, 0xb5, 0x77, 0x2c, 0x09, 0x48, 0xa4, 0x44, 0xd8, 0xd9, 0x5c, 0xaa, 0xcd, 0x85, 0xc0, 0x85, 0x6c, 0x7e, 0x43, 0x93, 0xfe, 0x09), - aad: vec!(0x3d, 0x84, 0xd2, 0xe7, 0x0e, 0x9c, 0x06, 0x2d, 0x1f, 0x51, 0x1e, 0xb6, 0x85, 0xa9, 0xa9, 0x0c, 0x8d, 0x5f, 0xa5, 0x0e, 0xad, 0xf8, 0x45, 0x5c, 0x71, 0x48, 0x66, 0x6b, 0x3e, 0x71, 0x55, 0xe0), - cipher_text: vec!(0x88, 0x0c, 0x11, 0x23, 0xe5, 0x4f, 0xd8, 0xff, 0xb3, 0xc2, 0x93, 0x72, 0x0d, 0xd1, 0x74, 0x91, 0x35, 0x72, 0xe6, 0x19, 0xef, 0x46, 0x50, 0x4c, 0xda, 0xa6, 0x4f, 0xc4, 0x51, 0xb0, 0xec, 0x1c), - tag: vec!(0x33, 0x92, 0x74, 0x33, 0x9c, 0x88, 0xd5, 0x0a, 0xc0) - }, - TestVector{ - key: [0x29, 0x1f, 0xcc, 0xfc, 0xe0, 0x78, 0x2f, 0x17, 0x87, 0xd6, 0x2d, 0x4b, 0x92, 0x93, 0xd2, 0xad, 0xa4, 0xc0, 0x4d, 0x37, 0xa8, 0x28, 0x8b, 0xa9, 0xba, 0x9a, 0xae, 0x0d, 0x31, 0xaa, 0xd2, 0x04], - nonce: [0x74, 0x50, 0xbb, 0xd6, 0x2e, 0x4a, 0xba, 0x7b], - plain_text: vec!(0xad, 0xc2, 0x51, 0xe7, 0x93, 0x18, 0x1e, 0x5d, 0x4c, 0x4b, 0xd9, 0x83, 0xb8, 0x53, 0xeb, 0x13, 0xf2, 0x09, 0x6c, 0xcb, 0x34, 0x09, 0x96, 0xb6, 0xec, 0xa4, 0xcd, 0x21, 0x57, 0xef, 0xce, 0xc7), - aad: vec!(0x4c, 0x59, 0x8f, 0x6d, 0xee, 0xdc, 0x8c, 0x1d, 0x97, 0xda, 0x33, 0x65, 0x47, 0x63, 0x49, 0x5c, 0xca, 0x35, 0x17, 0x43, 0x0e, 0xec, 0x4e, 0xdb, 0x00, 0x6b, 0x10, 0xc9, 0x5e, 0x03, 0x1a, 0xe6), - cipher_text: vec!(0x28, 0xbd, 0xa2, 0x2e, 0x49, 0x22, 0xcd, 0x8f, 0xf6, 0x73, 0x9c, 0xd8, 0xa6, 0xbd, 0xaf, 0xce, 0x03, 0x6d, 0x9c, 0x61, 0xa1, 0x45, 0xa6, 0x5c, 0xa1, 0xb8, 0x6f, 0x6d, 0x4d, 0x32, 0x06, 0xa1), - tag: vec!(0xd9, 0x8f, 0xd4, 0x3f, 0xe7, 0xac, 0x74, 0xd4, 0xb0, 0x16) - }, - TestVector{ - key: [0xfa, 0x3a, 0x96, 0x74, 0xd4, 0xa0, 0xeb, 0x36, 0xb2, 0xf7, 0x54, 0x7c, 0x95, 0x64, 0x43, 0xd0, 0x9e, 0x6b, 0x4e, 0x4a, 0xcf, 0xc9, 0xde, 0xda, 0x83, 0x8e, 0xb7, 0xeb, 0xdb, 0x99, 0x9a, 0x8d], - nonce: [0x0a, 0x25, 0x72, 0x59, 0x2c, 0x3b, 0xbb, 0xf6], - plain_text: vec!(0xae, 0x27, 0xf7, 0x0f, 0xda, 0x9f, 0x5a, 0x5b, 0xe0, 0xf7, 0x04, 0xa2, 0x7f, 0x0b, 0x8a, 0x9c, 0x04, 0xce, 0x83, 0xd3, 0xc2, 0xe0, 0xd7, 0xec, 0x15, 0x2d, 0xa2, 0x5f, 0x47, 0x3b, 0x0c, 0x8a), - aad: vec!(0x6e, 0xe8, 0x70, 0x5a, 0x9a, 0x36, 0x55, 0xd1, 0x98, 0x49, 0x7a, 0xd4, 0x10, 0xda, 0x02, 0x00, 0x58, 0x72, 0xec, 0xbe, 0x39, 0x78, 0x24, 0x85, 0x1b, 0x80, 0xf4, 0x05, 0x0b, 0xfd, 0xd3, 0x11), - cipher_text: vec!(0xf3, 0x56, 0xcb, 0xd8, 0x8e, 0x4e, 0x2a, 0xff, 0x62, 0xd9, 0x1e, 0x3f, 0x91, 0x40, 0x32, 0x08, 0x53, 0x88, 0x95, 0x5b, 0xbb, 0xa9, 0x95, 0xfd, 0xe0, 0x13, 0x75, 0x8b, 0x87, 0x02, 0xe3, 0x8f), - tag: vec!(0x00, 0x32, 0x4c, 0x76, 0xfe, 0xcd, 0x3f, 0x50, 0xe1, 0xe3, 0xb8) - }, - TestVector{ - key: [0x47, 0x1e, 0xc8, 0x7b, 0x99, 0x2b, 0x10, 0x4d, 0x36, 0x97, 0x48, 0xd9, 0x68, 0x56, 0xb5, 0xf6, 0x61, 0x49, 0xcb, 0x45, 0xca, 0x05, 0xc1, 0x7f, 0x29, 0xd2, 0x4e, 0xb9, 0x52, 0x6f, 0xe6, 0xdb], - nonce: [0x23, 0xa2, 0xdf, 0x9e, 0xd0, 0xb4, 0x74, 0x39], - plain_text: vec!(0x2b, 0x94, 0x52, 0xbc, 0xa0, 0xf4, 0x8e, 0x55, 0x19, 0xec, 0x3d, 0x07, 0x36, 0x59, 0x76, 0x08, 0xdf, 0x6a, 0xd9, 0xce, 0x79, 0x9e, 0xba, 0x91, 0x3c, 0xff, 0x71, 0x57, 0x3d, 0x79, 0xc0, 0x92), - aad: vec!(0xa5, 0x67, 0x22, 0xdd, 0xfa, 0xee, 0x5f, 0x1b, 0x64, 0x39, 0x8c, 0x22, 0x5e, 0xe8, 0xbc, 0xdc, 0xfd, 0xe5, 0xc2, 0x12, 0x71, 0x01, 0xc3, 0x63, 0xbf, 0xac, 0x52, 0xbc, 0x40, 0x9c, 0x10, 0x82), - cipher_text: vec!(0x7b, 0xbc, 0x46, 0x4a, 0xac, 0x5d, 0xd2, 0x9c, 0x25, 0x26, 0x2f, 0xe0, 0xb1, 0x16, 0xc1, 0x76, 0xd8, 0x27, 0xc2, 0xcc, 0x8d, 0xd6, 0x34, 0x28, 0x39, 0x3b, 0x0a, 0x91, 0x10, 0xf3, 0xc1, 0x94), - tag: vec!(0x2e, 0x87, 0xf4, 0xa6, 0x66, 0x3a, 0x62, 0xe4, 0x7c, 0x7e, 0x19, 0x7f) - }, - TestVector{ - key: [0xa2, 0x9d, 0x1c, 0xfd, 0x4c, 0xcd, 0xc1, 0x88, 0x03, 0xfb, 0xca, 0x95, 0x00, 0xf4, 0xbb, 0x29, 0xce, 0x99, 0xcf, 0xcb, 0xf8, 0xac, 0xc4, 0x1b, 0x82, 0x08, 0xda, 0xe4, 0xb7, 0xee, 0x5d, 0x64], - nonce: [0x63, 0x4f, 0x99, 0xe8, 0x8e, 0x23, 0x7e, 0xf0], - plain_text: vec!(0x09, 0xee, 0x59, 0x82, 0xc5, 0x74, 0x3f, 0x39, 0x6d, 0x0c, 0x29, 0xc1, 0x3e, 0x3f, 0xbb, 0x8f, 0xb8, 0x9f, 0x61, 0x70, 0x5d, 0xa0, 0x54, 0x66, 0x29, 0x1e, 0x01, 0x0e, 0xff, 0xd5, 0x1a, 0x5c), - aad: vec!(0x56, 0x4d, 0xdd, 0xfc, 0xc3, 0x22, 0x7b, 0x41, 0x32, 0x44, 0xf1, 0x10, 0x5b, 0x61, 0x0f, 0x19, 0x2d, 0xec, 0xf1, 0x5c, 0x4c, 0xfa, 0x06, 0x7f, 0x4d, 0x7f, 0xcd, 0x6b, 0xd7, 0xaf, 0x11, 0xb8), - cipher_text: vec!(0x32, 0x91, 0x6b, 0x67, 0xa6, 0xf3, 0x27, 0x33, 0x62, 0x33, 0x44, 0xc9, 0x8c, 0x49, 0x77, 0x3f, 0x3e, 0x72, 0x1d, 0xc2, 0xde, 0xd1, 0x05, 0xfb, 0x24, 0x57, 0x99, 0x52, 0x5b, 0xc9, 0xc8, 0x4c), - tag: vec!(0xff, 0x46, 0x3c, 0x07, 0xe7, 0xef, 0x83, 0x13, 0x21, 0xd3, 0xfd, 0x77, 0x5f) - }, - TestVector{ - key: [0x08, 0xba, 0x23, 0x61, 0x6d, 0x91, 0x11, 0x88, 0xf9, 0x1d, 0xa0, 0x63, 0x27, 0x8b, 0xef, 0x12, 0x37, 0xdc, 0xbf, 0x17, 0xf5, 0x25, 0x85, 0xe5, 0x3c, 0x2c, 0x4b, 0x6c, 0xf3, 0xac, 0x9f, 0x0d], - nonce: [0x98, 0x9a, 0xe5, 0x93, 0xed, 0xdd, 0x38, 0x74], - plain_text: vec!(0x74, 0x91, 0x52, 0xc9, 0x47, 0x89, 0x44, 0xc8, 0x27, 0x1c, 0x0c, 0x11, 0xe0, 0x7b, 0xc1, 0xc5, 0x69, 0xee, 0xc0, 0x14, 0x93, 0xe6, 0x5b, 0x3b, 0x94, 0x84, 0x2a, 0x1b, 0xf5, 0xd7, 0x21, 0xf8), - aad: vec!(0xa1, 0x2d, 0x1a, 0x45, 0xb7, 0xc9, 0xb9, 0x1a, 0xb0, 0x87, 0x51, 0xa7, 0x0b, 0x75, 0x37, 0x14, 0x05, 0x2a, 0xd2, 0x4e, 0x0b, 0x26, 0x19, 0xfe, 0x8c, 0x3b, 0xe3, 0x03, 0xc6, 0x5f, 0x2d, 0xbc), - cipher_text: vec!(0x34, 0xc4, 0x05, 0x38, 0xee, 0x1d, 0x22, 0xdd, 0xf8, 0xac, 0x29, 0x0d, 0xd7, 0xd4, 0x23, 0xdf, 0xc6, 0x22, 0xb5, 0xcf, 0x8f, 0x34, 0x12, 0xa5, 0x34, 0x3e, 0x27, 0x78, 0x22, 0xae, 0xa7, 0x13), - tag: vec!(0x01, 0x4c, 0x7c, 0x67, 0x8e, 0x09, 0x49, 0xe8, 0x80, 0x71, 0xd1, 0xfe, 0x35, 0x31) - }, - TestVector{ - key: [0xc2, 0xba, 0x8b, 0xed, 0x86, 0x34, 0x15, 0x6a, 0xfc, 0x6b, 0xfe, 0x37, 0x54, 0xc9, 0x17, 0x44, 0xd4, 0x13, 0x1d, 0xe3, 0x9d, 0x05, 0x9f, 0x3a, 0x86, 0x63, 0x99, 0xf9, 0x16, 0x55, 0x3b, 0x5c], - nonce: [0x80, 0xfb, 0xf7, 0xb4, 0x33, 0xa4, 0xcd, 0x9c], - plain_text: vec!(0x41, 0x9b, 0xe6, 0x62, 0x3e, 0x79, 0x64, 0xf9, 0xf2, 0x60, 0x68, 0xdd, 0x96, 0x9e, 0x4a, 0x13, 0x96, 0x17, 0xe6, 0x7c, 0x5f, 0xfb, 0x26, 0x9b, 0x30, 0x13, 0xc4, 0x33, 0xfe, 0x77, 0x1c, 0x77), - aad: vec!(0x39, 0x37, 0x59, 0x2d, 0xb7, 0x8a, 0x61, 0xff, 0x46, 0x96, 0x91, 0xb6, 0x80, 0x07, 0x92, 0x01, 0x9b, 0xc2, 0xb3, 0xd4, 0x25, 0x12, 0xf2, 0x3c, 0x1b, 0x1a, 0x66, 0xa8, 0x27, 0x44, 0x95, 0xcb), - cipher_text: vec!(0x9d, 0x5b, 0xd1, 0xc7, 0xe7, 0x66, 0x76, 0x3e, 0xb0, 0x06, 0x84, 0xc0, 0x38, 0x04, 0x31, 0x11, 0xd8, 0xc6, 0x39, 0x0a, 0x8d, 0x6e, 0x17, 0xa1, 0x5e, 0xf9, 0x7c, 0x02, 0xab, 0x16, 0xf0, 0x9c), - tag: vec!(0xa6, 0x4d, 0x0e, 0xeb, 0x4a, 0x01, 0x48, 0x1e, 0xc0, 0xce, 0xe8, 0xc1, 0xc3, 0x57, 0xe3) - } - ) - } -} - -#[cfg(all(test, feature = "with-bench"))] -mod bench { - use test::Bencher; - use chacha20poly1305::ChaCha20Poly1305; - use aead::{AeadEncryptor, AeadDecryptor}; - - #[bench] - pub fn chacha20poly1305_10(bh: & mut Bencher) { - let input = [1u8; 10]; - let aad = [3u8; 10]; - bh.iter( || { - let mut cipher = ChaCha20Poly1305::new(&[0; 32], &[0; 8], &aad); - let mut decipher = ChaCha20Poly1305::new(&[0; 32], &[0; 8], &aad); - - let mut output = [0u8; 10]; - let mut tag = [0u8; 16]; - let mut output2 = [0u8; 10]; - cipher.encrypt(&input, &mut output, &mut tag); - decipher.decrypt(&output, &mut output2, &tag); - - }); - bh.bytes = 10u64; - } - - - #[bench] - pub fn chacha20poly1305_1k(bh: & mut Bencher) { - let input = [1u8; 1024]; - let aad = [3u8; 1024]; - bh.iter( || { - let mut cipher = ChaCha20Poly1305::new(&[0; 32], &[0; 8], &aad); - let mut decipher = ChaCha20Poly1305::new(&[0; 32], &[0; 8], &aad); - - let mut output = [0u8; 1024]; - let mut tag = [0u8; 16]; - let mut output2 = [0u8; 1024]; - - cipher.encrypt(&input, &mut output, &mut tag); - decipher.decrypt(&output, &mut output2, &tag); - }); - bh.bytes = 1024u64; - - } - - #[bench] - pub fn chacha20poly1305_64k(bh: & mut Bencher) { - let input = [1u8; 65536]; - let aad = [3u8; 65536]; - bh.iter( || { - let mut cipher = ChaCha20Poly1305::new(&[0; 32], &[0; 8], &aad); - let mut decipher = ChaCha20Poly1305::new(&[0; 32], &[0; 8], &aad); - - let mut output = [0u8; 65536]; - let mut tag = [0u8; 16]; - let mut output2 = [0u8; 65536]; - - cipher.encrypt(&input, &mut output, &mut tag); - decipher.decrypt(&output, &mut output2, &tag); - - }); - bh.bytes = 65536u64; - - } -} diff --git a/rcw/src/cryptoutil.rs b/rcw/src/cryptoutil.rs deleted file mode 100644 index 6184086..0000000 --- a/rcw/src/cryptoutil.rs +++ /dev/null @@ -1,593 +0,0 @@ -// Copyright 2012-2013 The Rust Project Developers. See the COPYRIGHT -// file at the top-level directory of this distribution and at -// http://rust-lang.org/COPYRIGHT. -// -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use std; -use std::{io, mem}; -use std::ptr; - -use buffer::{ReadBuffer, WriteBuffer, BufferResult}; -use buffer::BufferResult::{BufferUnderflow, BufferOverflow}; -use symmetriccipher::{SynchronousStreamCipher, SymmetricCipherError}; - -/// Write a u64 into a vector, which must be 8 bytes long. The value is written in big-endian -/// format. -pub fn write_u64_be(dst: &mut[u8], mut input: u64) { - assert!(dst.len() == 8); - input = input.to_be(); - unsafe { - let tmp = &input as *const _ as *const u8; - ptr::copy_nonoverlapping(tmp, dst.get_unchecked_mut(0), 8); - } -} - -/// Write a u64 into a vector, which must be 8 bytes long. The value is written in little-endian -/// format. -pub fn write_u64_le(dst: &mut[u8], mut input: u64) { - assert!(dst.len() == 8); - input = input.to_le(); - unsafe { - let tmp = &input as *const _ as *const u8; - ptr::copy_nonoverlapping(tmp, dst.get_unchecked_mut(0), 8); - } -} - -/// Write a vector of u64s into a vector of bytes. The values are written in little-endian format. -pub fn write_u64v_le(dst: &mut[u8], input: &[u64]) { - assert!(dst.len() == 8 * input.len()); - unsafe { - let mut x: *mut u8 = dst.get_unchecked_mut(0); - let mut y: *const u64 = input.get_unchecked(0); - for _ in 0..input.len() { - let tmp = (*y).to_le(); - ptr::copy_nonoverlapping(&tmp as *const _ as *const u8, x, 8); - x = x.offset(8); - y = y.offset(1); - } - } -} - -/// Write a u32 into a vector, which must be 4 bytes long. The value is written in big-endian -/// format. -pub fn write_u32_be(dst: &mut [u8], mut input: u32) { - assert!(dst.len() == 4); - input = input.to_be(); - unsafe { - let tmp = &input as *const _ as *const u8; - ptr::copy_nonoverlapping(tmp, dst.get_unchecked_mut(0), 4); - } -} - -/// Write a u32 into a vector, which must be 4 bytes long. The value is written in little-endian -/// format. -pub fn write_u32_le(dst: &mut[u8], mut input: u32) { - assert!(dst.len() == 4); - input = input.to_le(); - unsafe { - let tmp = &input as *const _ as *const u8; - ptr::copy_nonoverlapping(tmp, dst.get_unchecked_mut(0), 4); - } -} - -/// Write a vector of u32s into a vector of bytes. The values are written in little-endian format. -pub fn write_u32v_le (dst: &mut[u8], input: &[u32]) { - assert!(dst.len() == 4 * input.len()); - unsafe { - let mut x: *mut u8 = dst.get_unchecked_mut(0); - let mut y: *const u32 = input.get_unchecked(0); - for _ in 0..input.len() { - let tmp = (*y).to_le(); - ptr::copy_nonoverlapping(&tmp as *const _ as *const u8, x, 4); - x = x.offset(4); - y = y.offset(1); - } - } -} - -/// Read a vector of bytes into a vector of u64s. The values are read in big-endian format. -pub fn read_u64v_be(dst: &mut[u64], input: &[u8]) { - assert!(dst.len() * 8 == input.len()); - unsafe { - let mut x: *mut u64 = dst.get_unchecked_mut(0); - let mut y: *const u8 = input.get_unchecked(0); - for _ in 0..dst.len() { - let mut tmp: u64 = mem::uninitialized(); - ptr::copy_nonoverlapping(y, &mut tmp as *mut _ as *mut u8, 8); - *x = u64::from_be(tmp); - x = x.offset(1); - y = y.offset(8); - } - } -} - -/// Read a vector of bytes into a vector of u64s. The values are read in little-endian format. -pub fn read_u64v_le(dst: &mut[u64], input: &[u8]) { - assert!(dst.len() * 8 == input.len()); - unsafe { - let mut x: *mut u64 = dst.get_unchecked_mut(0); - let mut y: *const u8 = input.get_unchecked(0); - for _ in 0..dst.len() { - let mut tmp: u64 = mem::uninitialized(); - ptr::copy_nonoverlapping(y, &mut tmp as *mut _ as *mut u8, 8); - *x = u64::from_le(tmp); - x = x.offset(1); - y = y.offset(8); - } - } -} - -/// Read a vector of bytes into a vector of u32s. The values are read in big-endian format. -pub fn read_u32v_be(dst: &mut[u32], input: &[u8]) { - assert!(dst.len() * 4 == input.len()); - unsafe { - let mut x: *mut u32 = dst.get_unchecked_mut(0); - let mut y: *const u8 = input.get_unchecked(0); - for _ in 0..dst.len() { - let mut tmp: u32 = mem::uninitialized(); - ptr::copy_nonoverlapping(y, &mut tmp as *mut _ as *mut u8, 4); - *x = u32::from_be(tmp); - x = x.offset(1); - y = y.offset(4); - } - } -} - -/// Read a vector of bytes into a vector of u32s. The values are read in little-endian format. -pub fn read_u32v_le(dst: &mut[u32], input: &[u8]) { - assert!(dst.len() * 4 == input.len()); - unsafe { - let mut x: *mut u32 = dst.get_unchecked_mut(0); - let mut y: *const u8 = input.get_unchecked(0); - for _ in 0..dst.len() { - let mut tmp: u32 = mem::uninitialized(); - ptr::copy_nonoverlapping(y, &mut tmp as *mut _ as *mut u8, 4); - *x = u32::from_le(tmp); - x = x.offset(1); - y = y.offset(4); - } - } -} - -/// Read the value of a vector of bytes as a u32 value in little-endian format. -pub fn read_u32_le(input: &[u8]) -> u32 { - assert!(input.len() == 4); - unsafe { - let mut tmp: u32 = mem::uninitialized(); - ptr::copy_nonoverlapping(input.get_unchecked(0), &mut tmp as *mut _ as *mut u8, 4); - u32::from_le(tmp) - } -} - -/// Read the value of a vector of bytes as a u32 value in big-endian format. -pub fn read_u32_be(input: &[u8]) -> u32 { - assert!(input.len() == 4); - unsafe { - let mut tmp: u32 = mem::uninitialized(); - ptr::copy_nonoverlapping(input.get_unchecked(0), &mut tmp as *mut _ as *mut u8, 4); - u32::from_be(tmp) - } -} - -/// XOR plaintext and keystream, storing the result in dst. -pub fn xor_keystream(dst: &mut[u8], plaintext: &[u8], keystream: &[u8]) { - assert!(dst.len() == plaintext.len()); - assert!(plaintext.len() <= keystream.len()); - - // Do one byte at a time, using unsafe to skip bounds checking. - let p = plaintext.as_ptr(); - let k = keystream.as_ptr(); - let d = dst.as_mut_ptr(); - for i in 0isize..plaintext.len() as isize { - unsafe{ *d.offset(i) = *p.offset(i) ^ *k.offset(i) }; - } -} - -/// Copy bytes from src to dest -#[inline] -pub fn copy_memory(src: &[u8], dst: &mut [u8]) { - assert!(dst.len() >= src.len()); - unsafe { - let srcp = src.as_ptr(); - let dstp = dst.as_mut_ptr(); - ptr::copy_nonoverlapping(srcp, dstp, src.len()); - } -} - -/// Zero all bytes in dst -#[inline] -pub fn zero(dst: &mut [u8]) { - unsafe { - ptr::write_bytes(dst.as_mut_ptr(), 0, dst.len()); - } -} - -/// An extension trait to implement a few useful serialization -/// methods on types that implement Write -pub trait WriteExt { - fn write_u8(&mut self, val: u8) -> io::Result<()>; - fn write_u32_le(&mut self, val: u32) -> io::Result<()>; - fn write_u32_be(&mut self, val: u32) -> io::Result<()>; - fn write_u64_le(&mut self, val: u64) -> io::Result<()>; - fn write_u64_be(&mut self, val: u64) -> io::Result<()>; -} - -impl WriteExt for T where T: io::Write { - fn write_u8(&mut self, val: u8) -> io::Result<()> { - let buff = [val]; - self.write_all(&buff) - } - fn write_u32_le(&mut self, val: u32) -> io::Result<()> { - let mut buff = [0u8; 4]; - write_u32_le(&mut buff, val); - self.write_all(&buff) - } - fn write_u32_be(&mut self, val: u32) -> io::Result<()> { - let mut buff = [0u8; 4]; - write_u32_be(&mut buff, val); - self.write_all(&buff) - } - fn write_u64_le(&mut self, val: u64) -> io::Result<()> { - let mut buff = [0u8; 8]; - write_u64_le(&mut buff, val); - self.write_all(&buff) - } - fn write_u64_be(&mut self, val: u64) -> io::Result<()> { - let mut buff = [0u8; 8]; - write_u64_be(&mut buff, val); - self.write_all(&buff) - } -} - -/// symm_enc_or_dec() implements the necessary functionality to turn a SynchronousStreamCipher into -/// an Encryptor or Decryptor -pub fn symm_enc_or_dec( - c: &mut S, - input: &mut R, - output: &mut W) -> - Result { - let count = std::cmp::min(input.remaining(), output.remaining()); - c.process(input.take_next(count), output.take_next(count)); - if input.is_empty() { - Ok(BufferUnderflow) - } else { - Ok(BufferOverflow) - } -} - -/// Convert the value in bytes to the number of bits, a tuple where the 1st item is the -/// high-order value and the 2nd item is the low order value. -fn to_bits(x: u64) -> (u64, u64) { - (x >> 61, x << 3) -} - -/// Adds the specified number of bytes to the bit count. panic!() if this would cause numeric -/// overflow. -pub fn add_bytes_to_bits(bits: u64, bytes: u64) -> u64 { - let (new_high_bits, new_low_bits) = to_bits(bytes); - - if new_high_bits > 0 { - panic!("Numeric overflow occured.") - } - - bits.checked_add(new_low_bits).expect("Numeric overflow occured.") -} - -/// Adds the specified number of bytes to the bit count, which is a tuple where the first element is -/// the high order value. panic!() if this would cause numeric overflow. -pub fn add_bytes_to_bits_tuple - (bits: (u64, u64), bytes: u64) -> (u64, u64) { - let (new_high_bits, new_low_bits) = to_bits(bytes); - let (hi, low) = bits; - - // Add the low order value - if there is no overflow, then add the high order values - // If the addition of the low order values causes overflow, add one to the high order values - // before adding them. - match low.checked_add(new_low_bits) { - Some(x) => { - if new_high_bits == 0 { - // This is the fast path - every other alternative will rarely occur in practice - // considering how large an input would need to be for those paths to be used. - return (hi, x); - } else { - match hi.checked_add(new_high_bits) { - Some(y) => return (y, x), - None => panic!("Numeric overflow occured.") - } - } - }, - None => { - let z = match new_high_bits.checked_add(1) { - Some(w) => w, - None => panic!("Numeric overflow occured.") - }; - match hi.checked_add(z) { - // This re-executes the addition that was already performed earlier when overflow - // occured, this time allowing the overflow to happen. Technically, this could be - // avoided by using the checked add intrinsic directly, but that involves using - // unsafe code and is not really worthwhile considering how infrequently code will - // run in practice. This is the reason that this function requires that the type T - // be UnsignedInt - overflow is not defined for Signed types. This function could - // be implemented for signed types as well if that were needed. - Some(y) => return (y, low.wrapping_add(new_low_bits)), - None => panic!("Numeric overflow occured.") - } - } - } -} - - -/// A FixedBuffer, likes its name implies, is a fixed size buffer. When the buffer becomes full, it -/// must be processed. The input() method takes care of processing and then clearing the buffer -/// automatically. However, other methods do not and require the caller to process the buffer. Any -/// method that modifies the buffer directory or provides the caller with bytes that can be modifies -/// results in those bytes being marked as used by the buffer. -pub trait FixedBuffer { - /// Input a vector of bytes. If the buffer becomes full, process it with the provided - /// function and then clear the buffer. - fn input(&mut self, input: &[u8], func: F); - - /// Reset the buffer. - fn reset(&mut self); - - /// Zero the buffer up until the specified index. The buffer position currently must not be - /// greater than that index. - fn zero_until(&mut self, idx: usize); - - /// Get a slice of the buffer of the specified size. There must be at least that many bytes - /// remaining in the buffer. - fn next<'s>(&'s mut self, len: usize) -> &'s mut [u8]; - - /// Get the current buffer. The buffer must already be full. This clears the buffer as well. - fn full_buffer<'s>(&'s mut self) -> &'s [u8]; - - /// Get the current buffer. - fn current_buffer<'s>(&'s mut self) -> &'s [u8]; - - /// Get the current position of the buffer. - fn position(&self) -> usize; - - /// Get the number of bytes remaining in the buffer until it is full. - fn remaining(&self) -> usize; - - /// Get the size of the buffer - fn size(&self) -> usize; -} - -macro_rules! impl_fixed_buffer( ($name:ident, $size:expr) => ( - impl FixedBuffer for $name { - fn input(&mut self, input: &[u8], mut func: F) { - let mut i = 0; - - // FIXME: #6304 - This local variable shouldn't be necessary. - let size = $size; - - // If there is already data in the buffer, copy as much as we can into it and process - // the data if the buffer becomes full. - if self.buffer_idx != 0 { - let buffer_remaining = size - self.buffer_idx; - if input.len() >= buffer_remaining { - copy_memory( - &input[..buffer_remaining], - &mut self.buffer[self.buffer_idx..size]); - self.buffer_idx = 0; - func(&self.buffer); - i += buffer_remaining; - } else { - copy_memory( - input, - &mut self.buffer[self.buffer_idx..self.buffer_idx + input.len()]); - self.buffer_idx += input.len(); - return; - } - } - - // While we have at least a full buffer size chunks's worth of data, process that data - // without copying it into the buffer - while input.len() - i >= size { - func(&input[i..i + size]); - i += size; - } - - // Copy any input data into the buffer. At this point in the method, the ammount of - // data left in the input vector will be less than the buffer size and the buffer will - // be empty. - let input_remaining = input.len() - i; - copy_memory( - &input[i..], - &mut self.buffer[0..input_remaining]); - self.buffer_idx += input_remaining; - } - - fn reset(&mut self) { - self.buffer_idx = 0; - } - - fn zero_until(&mut self, idx: usize) { - assert!(idx >= self.buffer_idx); - zero(&mut self.buffer[self.buffer_idx..idx]); - self.buffer_idx = idx; - } - - fn next<'s>(&'s mut self, len: usize) -> &'s mut [u8] { - self.buffer_idx += len; - &mut self.buffer[self.buffer_idx - len..self.buffer_idx] - } - - fn full_buffer<'s>(&'s mut self) -> &'s [u8] { - assert!(self.buffer_idx == $size); - self.buffer_idx = 0; - &self.buffer[..$size] - } - - fn current_buffer<'s>(&'s mut self) -> &'s [u8] { - let tmp = self.buffer_idx; - self.buffer_idx = 0; - &self.buffer[..tmp] - } - - fn position(&self) -> usize { self.buffer_idx } - - fn remaining(&self) -> usize { $size - self.buffer_idx } - - fn size(&self) -> usize { $size } - } -)); - -/// A fixed size buffer of 64 bytes useful for cryptographic operations. -#[derive(Copy)] -pub struct FixedBuffer64 { - buffer: [u8; 64], - buffer_idx: usize, -} - -impl Clone for FixedBuffer64 { fn clone(&self) -> FixedBuffer64 { *self } } - -impl FixedBuffer64 { - /// Create a new buffer - pub fn new() -> FixedBuffer64 { - FixedBuffer64 { - buffer: [0u8; 64], - buffer_idx: 0 - } - } -} - -impl_fixed_buffer!(FixedBuffer64, 64); - -/// A fixed size buffer of 128 bytes useful for cryptographic operations. -#[derive(Copy)] -pub struct FixedBuffer128 { - buffer: [u8; 128], - buffer_idx: usize, -} - -impl Clone for FixedBuffer128 { fn clone(&self) -> FixedBuffer128 { *self } } - -impl FixedBuffer128 { - /// Create a new buffer - pub fn new() -> FixedBuffer128 { - FixedBuffer128 { - buffer: [0u8; 128], - buffer_idx: 0 - } - } -} - -impl_fixed_buffer!(FixedBuffer128, 128); - - -/// The StandardPadding trait adds a method useful for various hash algorithms to a FixedBuffer -/// struct. -pub trait StandardPadding { - /// Add standard padding to the buffer. The buffer must not be full when this method is called - /// and is guaranteed to have exactly rem remaining bytes when it returns. If there are not at - /// least rem bytes available, the buffer will be zero padded, processed, cleared, and then - /// filled with zeros again until only rem bytes are remaining. - fn standard_padding(&mut self, rem: usize, func: F); -} - -impl StandardPadding for T { - fn standard_padding(&mut self, rem: usize, mut func: F) { - let size = self.size(); - - self.next(1)[0] = 128; - - if self.remaining() < rem { - self.zero_until(size); - func(self.full_buffer()); - } - - self.zero_until(size - rem); - } -} - - -#[cfg(test)] -pub mod test { - use std; - use std::iter::repeat; - - //use rand::IsaacRng; - //use rand::distributions::{IndependentSample, Range}; - - use cryptoutil::{add_bytes_to_bits, add_bytes_to_bits_tuple}; - use digest::Digest; - - /// Feed 1,000,000 'a's into the digest with varying input sizes and check that the result is - /// correct. - pub fn test_digest_1million_random(digest: &mut D, blocksize: usize, expected: &str) { - let total_size = 1000000; - let buffer: Vec = repeat('a' as u8).take(blocksize * 2).collect(); - //let mut rng = IsaacRng::new_unseeded(); - //let range = Range::new(0, 2 * blocksize + 1); - let mut count = 0; - - digest.reset(); - - while count < total_size { - //let next = range.ind_sample(&mut rng); - let next = 10; - let remaining = total_size - count; - let size = if next > remaining { remaining } else { next }; - digest.input(&buffer[..size]); - count += size; - } - - let result_str = digest.result_str(); - - assert!(expected == &result_str[..]); - } - - // A normal addition - no overflow occurs - #[test] - fn test_add_bytes_to_bits_ok() { - assert!(add_bytes_to_bits(100, 10) == 180); - } - - // A simple failure case - adding 1 to the max value - #[test] - #[should_panic] - fn test_add_bytes_to_bits_overflow() { - add_bytes_to_bits(std::u64::MAX, 1); - } - - // A normal addition - no overflow occurs (fast path) - #[test] - fn test_add_bytes_to_bits_tuple_ok() { - assert!(add_bytes_to_bits_tuple((5, 100), 10) == (5, 180)); - } - - // The low order value overflows into the high order value - #[test] - fn test_add_bytes_to_bits_tuple_ok2() { - assert!(add_bytes_to_bits_tuple((5, std::u64::MAX), 1) == (6, 7)); - } - - // The value to add is too large to be converted into bits without overflowing its type - #[test] - fn test_add_bytes_to_bits_tuple_ok3() { - assert!(add_bytes_to_bits_tuple((5, 0), 0x4000000000000001) == (7, 8)); - } - - // A simple failure case - adding 1 to the max value - #[test] - #[should_panic] - fn test_add_bytes_to_bits_tuple_overflow() { - add_bytes_to_bits_tuple((std::u64::MAX, std::u64::MAX), 1); - } - - // The value to add is too large to convert to bytes without overflowing its type, but the high - // order value from this conversion overflows when added to the existing high order value - #[test] - #[should_panic] - fn test_add_bytes_to_bits_tuple_overflow2() { - let value: u64 = std::u64::MAX; - add_bytes_to_bits_tuple((value - 1, 0), 0x8000000000000000); - } -} diff --git a/rcw/src/curve25519.rs b/rcw/src/curve25519.rs deleted file mode 100644 index b219f87..0000000 --- a/rcw/src/curve25519.rs +++ /dev/null @@ -1,3642 +0,0 @@ -use std::ops::{Add, Sub, Mul}; -use std::cmp::{Eq, PartialEq,min}; -use util::{fixed_time_eq}; -use step_by::RangeExt; - -/* -fe means field element. -Here the field is \Z/(2^255-19). -An element t, entries t[0]...t[9], represents the integer -t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. -Bounds on each t[i] vary depending on context. -*/ - -#[derive(Clone, Copy)] -pub struct Fe(pub [i32; 10]); - -impl PartialEq for Fe { - fn eq(&self, other: &Fe) -> bool { - let &Fe(self_elems) = self; - let &Fe(other_elems) = other; - self_elems.to_vec() == other_elems.to_vec() - } -} -impl Eq for Fe { } - -static FE_ZERO : Fe = Fe([0,0,0,0,0,0,0,0,0,0]); -static FE_ONE : Fe = Fe([1,0,0,0,0,0,0,0,0,0]); -static FE_SQRTM1 : Fe = Fe([-32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482]); -static FE_D : Fe = Fe([-10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116]); -static FE_D2 : Fe = Fe([-21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199]); - - -fn load_4u(s: &[u8]) -> u64 { - (s[0] as u64) - | ((s[1] as u64)<<8) - | ((s[2] as u64)<<16) - | ((s[3] as u64)<<24) -} -fn load_4i(s: &[u8]) -> i64 { - load_4u(s) as i64 -} -fn load_3u(s: &[u8]) -> u64 { - (s[0] as u64) - | ((s[1] as u64)<<8) - | ((s[2] as u64)<<16) -} -fn load_3i(s: &[u8]) -> i64 { - load_3u(s) as i64 -} - -impl Add for Fe { - type Output = Fe; - - /* - h = f + g - Can overlap h with f or g. - - Preconditions: - |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - - Postconditions: - |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - */ - fn add(self, _rhs: Fe) -> Fe { - let Fe(f) = self; - let Fe(g) = _rhs; - - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let g0 = g[0]; - let g1 = g[1]; - let g2 = g[2]; - let g3 = g[3]; - let g4 = g[4]; - let g5 = g[5]; - let g6 = g[6]; - let g7 = g[7]; - let g8 = g[8]; - let g9 = g[9]; - let h0 = f0 + g0; - let h1 = f1 + g1; - let h2 = f2 + g2; - let h3 = f3 + g3; - let h4 = f4 + g4; - let h5 = f5 + g5; - let h6 = f6 + g6; - let h7 = f7 + g7; - let h8 = f8 + g8; - let h9 = f9 + g9; - Fe([h0, h1, h2, h3, h4, h5, h6, h7, h8, h9]) - } -} - -impl Sub for Fe { - type Output = Fe; - - /* - h = f - g - Can overlap h with f or g. - - Preconditions: - |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - - Postconditions: - |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - */ - fn sub(self, _rhs: Fe) -> Fe { - let Fe(f) = self; - let Fe(g) = _rhs; - - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let g0 = g[0]; - let g1 = g[1]; - let g2 = g[2]; - let g3 = g[3]; - let g4 = g[4]; - let g5 = g[5]; - let g6 = g[6]; - let g7 = g[7]; - let g8 = g[8]; - let g9 = g[9]; - let h0 = f0 - g0; - let h1 = f1 - g1; - let h2 = f2 - g2; - let h3 = f3 - g3; - let h4 = f4 - g4; - let h5 = f5 - g5; - let h6 = f6 - g6; - let h7 = f7 - g7; - let h8 = f8 - g8; - let h9 = f9 - g9; - Fe([h0, h1, h2, h3, h4, h5, h6, h7, h8, h9]) - } -} - -impl Mul for Fe { - type Output = Fe; - - /* - h = f * g - Can overlap h with f or g. - - Preconditions: - |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - - Postconditions: - |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - */ - - /* - Notes on implementation strategy: - - Using schoolbook multiplication. - Karatsuba would save a little in some cost models. - - Most multiplications by 2 and 19 are 32-bit precomputations; - cheaper than 64-bit postcomputations. - - There is one remaining multiplication by 19 in the carry chain; - one *19 precomputation can be merged into this, - but the resulting data flow is considerably less clean. - - There are 12 carries below. - 10 of them are 2-way parallelizable and vectorizable. - Can get away with 11 carries, but then data flow is much deeper. - - With tighter constraints on inputs can squeeze carries into int32. - */ - - fn mul(self, _rhs: Fe) -> Fe { - let Fe(f) = self; - let Fe(g) = _rhs; - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let g0 = g[0]; - let g1 = g[1]; - let g2 = g[2]; - let g3 = g[3]; - let g4 = g[4]; - let g5 = g[5]; - let g6 = g[6]; - let g7 = g[7]; - let g8 = g[8]; - let g9 = g[9]; - let g1_19 = 19 * g1; /* 1.4*2^29 */ - let g2_19 = 19 * g2; /* 1.4*2^30; still ok */ - let g3_19 = 19 * g3; - let g4_19 = 19 * g4; - let g5_19 = 19 * g5; - let g6_19 = 19 * g6; - let g7_19 = 19 * g7; - let g8_19 = 19 * g8; - let g9_19 = 19 * g9; - let f1_2 = 2 * f1; - let f3_2 = 2 * f3; - let f5_2 = 2 * f5; - let f7_2 = 2 * f7; - let f9_2 = 2 * f9; - let f0g0 = (f0 as i64) * (g0 as i64); - let f0g1 = (f0 as i64) * (g1 as i64); - let f0g2 = (f0 as i64) * (g2 as i64); - let f0g3 = (f0 as i64) * (g3 as i64); - let f0g4 = (f0 as i64) * (g4 as i64); - let f0g5 = (f0 as i64) * (g5 as i64); - let f0g6 = (f0 as i64) * (g6 as i64); - let f0g7 = (f0 as i64) * (g7 as i64); - let f0g8 = (f0 as i64) * (g8 as i64); - let f0g9 = (f0 as i64) * (g9 as i64); - let f1g0 = (f1 as i64) * (g0 as i64); - let f1g1_2 = (f1_2 as i64) * (g1 as i64); - let f1g2 = (f1 as i64) * (g2 as i64); - let f1g3_2 = (f1_2 as i64) * (g3 as i64); - let f1g4 = (f1 as i64) * (g4 as i64); - let f1g5_2 = (f1_2 as i64) * (g5 as i64); - let f1g6 = (f1 as i64) * (g6 as i64); - let f1g7_2 = (f1_2 as i64) * (g7 as i64); - let f1g8 = (f1 as i64) * (g8 as i64); - let f1g9_38 = (f1_2 as i64) * (g9_19 as i64); - let f2g0 = (f2 as i64) * (g0 as i64); - let f2g1 = (f2 as i64) * (g1 as i64); - let f2g2 = (f2 as i64) * (g2 as i64); - let f2g3 = (f2 as i64) * (g3 as i64); - let f2g4 = (f2 as i64) * (g4 as i64); - let f2g5 = (f2 as i64) * (g5 as i64); - let f2g6 = (f2 as i64) * (g6 as i64); - let f2g7 = (f2 as i64) * (g7 as i64); - let f2g8_19 = (f2 as i64) * (g8_19 as i64); - let f2g9_19 = (f2 as i64) * (g9_19 as i64); - let f3g0 = (f3 as i64) * (g0 as i64); - let f3g1_2 = (f3_2 as i64) * (g1 as i64); - let f3g2 = (f3 as i64) * (g2 as i64); - let f3g3_2 = (f3_2 as i64) * (g3 as i64); - let f3g4 = (f3 as i64) * (g4 as i64); - let f3g5_2 = (f3_2 as i64) * (g5 as i64); - let f3g6 = (f3 as i64) * (g6 as i64); - let f3g7_38 = (f3_2 as i64) * (g7_19 as i64); - let f3g8_19 = (f3 as i64) * (g8_19 as i64); - let f3g9_38 = (f3_2 as i64) * (g9_19 as i64); - let f4g0 = (f4 as i64) * (g0 as i64); - let f4g1 = (f4 as i64) * (g1 as i64); - let f4g2 = (f4 as i64) * (g2 as i64); - let f4g3 = (f4 as i64) * (g3 as i64); - let f4g4 = (f4 as i64) * (g4 as i64); - let f4g5 = (f4 as i64) * (g5 as i64); - let f4g6_19 = (f4 as i64) * (g6_19 as i64); - let f4g7_19 = (f4 as i64) * (g7_19 as i64); - let f4g8_19 = (f4 as i64) * (g8_19 as i64); - let f4g9_19 = (f4 as i64) * (g9_19 as i64); - let f5g0 = (f5 as i64) * (g0 as i64); - let f5g1_2 = (f5_2 as i64) * (g1 as i64); - let f5g2 = (f5 as i64) * (g2 as i64); - let f5g3_2 = (f5_2 as i64) * (g3 as i64); - let f5g4 = (f5 as i64) * (g4 as i64); - let f5g5_38 = (f5_2 as i64) * (g5_19 as i64); - let f5g6_19 = (f5 as i64) * (g6_19 as i64); - let f5g7_38 = (f5_2 as i64) * (g7_19 as i64); - let f5g8_19 = (f5 as i64) * (g8_19 as i64); - let f5g9_38 = (f5_2 as i64) * (g9_19 as i64); - let f6g0 = (f6 as i64) * (g0 as i64); - let f6g1 = (f6 as i64) * (g1 as i64); - let f6g2 = (f6 as i64) * (g2 as i64); - let f6g3 = (f6 as i64) * (g3 as i64); - let f6g4_19 = (f6 as i64) * (g4_19 as i64); - let f6g5_19 = (f6 as i64) * (g5_19 as i64); - let f6g6_19 = (f6 as i64) * (g6_19 as i64); - let f6g7_19 = (f6 as i64) * (g7_19 as i64); - let f6g8_19 = (f6 as i64) * (g8_19 as i64); - let f6g9_19 = (f6 as i64) * (g9_19 as i64); - let f7g0 = (f7 as i64) * (g0 as i64); - let f7g1_2 = (f7_2 as i64) * (g1 as i64); - let f7g2 = (f7 as i64) * (g2 as i64); - let f7g3_38 = (f7_2 as i64) * (g3_19 as i64); - let f7g4_19 = (f7 as i64) * (g4_19 as i64); - let f7g5_38 = (f7_2 as i64) * (g5_19 as i64); - let f7g6_19 = (f7 as i64) * (g6_19 as i64); - let f7g7_38 = (f7_2 as i64) * (g7_19 as i64); - let f7g8_19 = (f7 as i64) * (g8_19 as i64); - let f7g9_38 = (f7_2 as i64) * (g9_19 as i64); - let f8g0 = (f8 as i64) * (g0 as i64); - let f8g1 = (f8 as i64) * (g1 as i64); - let f8g2_19 = (f8 as i64) * (g2_19 as i64); - let f8g3_19 = (f8 as i64) * (g3_19 as i64); - let f8g4_19 = (f8 as i64) * (g4_19 as i64); - let f8g5_19 = (f8 as i64) * (g5_19 as i64); - let f8g6_19 = (f8 as i64) * (g6_19 as i64); - let f8g7_19 = (f8 as i64) * (g7_19 as i64); - let f8g8_19 = (f8 as i64) * (g8_19 as i64); - let f8g9_19 = (f8 as i64) * (g9_19 as i64); - let f9g0 = (f9 as i64) * (g0 as i64); - let f9g1_38 = (f9_2 as i64) * (g1_19 as i64); - let f9g2_19 = (f9 as i64) * (g2_19 as i64); - let f9g3_38 = (f9_2 as i64) * (g3_19 as i64); - let f9g4_19 = (f9 as i64) * (g4_19 as i64); - let f9g5_38 = (f9_2 as i64) * (g5_19 as i64); - let f9g6_19 = (f9 as i64) * (g6_19 as i64); - let f9g7_38 = (f9_2 as i64) * (g7_19 as i64); - let f9g8_19 = (f9 as i64) * (g8_19 as i64); - let f9g9_38 = (f9_2 as i64) * (g9_19 as i64); - let mut h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; - let mut h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; - let mut h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; - let mut h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19; - let mut h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38; - let mut h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19; - let mut h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38; - let mut h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19; - let mut h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38; - let mut h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ; - let mut carry0; - let carry1; - let carry2; - let carry3; - let mut carry4; - let carry5; - let carry6; - let carry7; - let carry8; - let carry9; - - /* - |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38)) - i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8 - |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19)) - i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9 - */ - - carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - /* |h0| <= 2^25 */ - /* |h4| <= 2^25 */ - /* |h1| <= 1.51*2^58 */ - /* |h5| <= 1.51*2^58 */ - - carry1 = (h1 + (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - /* |h1| <= 2^24; from now on fits into int32 */ - /* |h5| <= 2^24; from now on fits into int32 */ - /* |h2| <= 1.21*2^59 */ - /* |h6| <= 1.21*2^59 */ - - carry2 = (h2 + (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - /* |h2| <= 2^25; from now on fits into int32 unchanged */ - /* |h6| <= 2^25; from now on fits into int32 unchanged */ - /* |h3| <= 1.51*2^58 */ - /* |h7| <= 1.51*2^58 */ - - carry3 = (h3 + (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - /* |h3| <= 2^24; from now on fits into int32 unchanged */ - /* |h7| <= 2^24; from now on fits into int32 unchanged */ - /* |h4| <= 1.52*2^33 */ - /* |h8| <= 1.52*2^33 */ - - carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - /* |h4| <= 2^25; from now on fits into int32 unchanged */ - /* |h8| <= 2^25; from now on fits into int32 unchanged */ - /* |h5| <= 1.01*2^24 */ - /* |h9| <= 1.51*2^58 */ - - carry9 = (h9 + (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - /* |h9| <= 2^24; from now on fits into int32 unchanged */ - /* |h0| <= 1.8*2^37 */ - - carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - /* |h0| <= 2^25; from now on fits into int32 unchanged */ - /* |h1| <= 1.01*2^24 */ - - Fe([h0 as i32, h1 as i32, h2 as i32, h3 as i32, h4 as i32, - h5 as i32, h6 as i32, h7 as i32, h8 as i32, h9 as i32]) - } -} - -impl Fe { - pub fn from_bytes(s: &[u8]) -> Fe { - let mut h0 = load_4i(&s[0..4]); - let mut h1 = load_3i(&s[4..7]) << 6; - let mut h2 = load_3i(&s[7..10]) << 5; - let mut h3 = load_3i(&s[10..13]) << 3; - let mut h4 = load_3i(&s[13..16]) << 2; - let mut h5 = load_4i(&s[16..20]); - let mut h6 = load_3i(&s[20..23]) << 7; - let mut h7 = load_3i(&s[23..26]) << 5; - let mut h8 = load_3i(&s[26..29]) << 4; - let mut h9 = (load_3i(&s[29..32]) & 8388607) << 2; - - let carry9 = (h9 + (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - let carry1 = (h1 + (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - let carry3 = (h3 + (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - let carry5 = (h5 + (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - let carry7 = (h7 + (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - - let carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - let carry2 = (h2 + (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - let carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - let carry6 = (h6 + (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - let carry8 = (h8 + (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - - Fe([h0 as i32, h1 as i32, h2 as i32, h3 as i32, h4 as i32, - h5 as i32, h6 as i32, h7 as i32, h8 as i32, h9 as i32]) - } - - /* - Preconditions: - |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - - Write p=2^255-19; q=floor(h/p). - Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). - - Proof: - Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. - Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4. - - Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). - Then 0 [u8; 32] { - let &Fe(es) = self; - let mut h0 = es[0]; - let mut h1 = es[1]; - let mut h2 = es[2]; - let mut h3 = es[3]; - let mut h4 = es[4]; - let mut h5 = es[5]; - let mut h6 = es[6]; - let mut h7 = es[7]; - let mut h8 = es[8]; - let mut h9 = es[9]; - let mut q; - - q = (19 * h9 + (1 << 24)) >> 25; - q = (h0 + q) >> 26; - q = (h1 + q) >> 25; - q = (h2 + q) >> 26; - q = (h3 + q) >> 25; - q = (h4 + q) >> 26; - q = (h5 + q) >> 25; - q = (h6 + q) >> 26; - q = (h7 + q) >> 25; - q = (h8 + q) >> 26; - q = (h9 + q) >> 25; - - /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ - h0 += 19 * q; - /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ - - let carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26; - let carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25; - let carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26; - let carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25; - let carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26; - let carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25; - let carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26; - let carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25; - let carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26; - let carry9 = h9 >> 25; h9 -= carry9 << 25; - /* h10 = carry9 */ - - /* - Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. - Have h0+...+2^230 h9 between 0 and 2^255-1; - evidently 2^255 h10-2^255 q = 0. - Goal: Output h0+...+2^230 h9. - */ - [ - (h0 >> 0) as u8, - (h0 >> 8) as u8, - (h0 >> 16) as u8, - ((h0 >> 24) | (h1 << 2)) as u8, - (h1 >> 6) as u8, - (h1 >> 14) as u8, - ((h1 >> 22) | (h2 << 3)) as u8, - (h2 >> 5) as u8, - (h2 >> 13) as u8, - ((h2 >> 21) | (h3 << 5)) as u8, - (h3 >> 3) as u8, - (h3 >> 11) as u8, - ((h3 >> 19) | (h4 << 6)) as u8, - (h4 >> 2) as u8, - (h4 >> 10) as u8, - (h4 >> 18) as u8, - (h5 >> 0) as u8, - (h5 >> 8) as u8, - (h5 >> 16) as u8, - ((h5 >> 24) | (h6 << 1)) as u8, - (h6 >> 7) as u8, - (h6 >> 15) as u8, - ((h6 >> 23) | (h7 << 3)) as u8, - (h7 >> 5) as u8, - (h7 >> 13) as u8, - ((h7 >> 21) | (h8 << 4)) as u8, - (h8 >> 4) as u8, - (h8 >> 12) as u8, - ((h8 >> 20) | (h9 << 6)) as u8, - (h9 >> 2) as u8, - (h9 >> 10) as u8, - (h9 >> 18) as u8, - ] - } - - pub fn maybe_swap_with(&mut self, other: &mut Fe, do_swap: i32) { - let &mut Fe(f) = self; - let &mut Fe(g) = other; - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let g0 = g[0]; - let g1 = g[1]; - let g2 = g[2]; - let g3 = g[3]; - let g4 = g[4]; - let g5 = g[5]; - let g6 = g[6]; - let g7 = g[7]; - let g8 = g[8]; - let g9 = g[9]; - let mut x0 = f0 ^ g0; - let mut x1 = f1 ^ g1; - let mut x2 = f2 ^ g2; - let mut x3 = f3 ^ g3; - let mut x4 = f4 ^ g4; - let mut x5 = f5 ^ g5; - let mut x6 = f6 ^ g6; - let mut x7 = f7 ^ g7; - let mut x8 = f8 ^ g8; - let mut x9 = f9 ^ g9; - let b = -do_swap; - x0 &= b; - x1 &= b; - x2 &= b; - x3 &= b; - x4 &= b; - x5 &= b; - x6 &= b; - x7 &= b; - x8 &= b; - x9 &= b; - *self = Fe([f0^x0, f1^x1, f2^x2, f3^x3, f4^x4, - f5^x5, f6^x6, f7^x7, f8^x8, f9^x9]); - *other = Fe([g0^x0, g1^x1, g2^x2, g3^x3, g4^x4, - g5^x5, g6^x6, g7^x7, g8^x8, g9^x9]); - } - - pub fn maybe_set(&mut self, other: &Fe, do_swap: i32) { - let &mut Fe(f) = self; - let &Fe(g) = other; - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let g0 = g[0]; - let g1 = g[1]; - let g2 = g[2]; - let g3 = g[3]; - let g4 = g[4]; - let g5 = g[5]; - let g6 = g[6]; - let g7 = g[7]; - let g8 = g[8]; - let g9 = g[9]; - let mut x0 = f0 ^ g0; - let mut x1 = f1 ^ g1; - let mut x2 = f2 ^ g2; - let mut x3 = f3 ^ g3; - let mut x4 = f4 ^ g4; - let mut x5 = f5 ^ g5; - let mut x6 = f6 ^ g6; - let mut x7 = f7 ^ g7; - let mut x8 = f8 ^ g8; - let mut x9 = f9 ^ g9; - let b = -do_swap; - x0 &= b; - x1 &= b; - x2 &= b; - x3 &= b; - x4 &= b; - x5 &= b; - x6 &= b; - x7 &= b; - x8 &= b; - x9 &= b; - *self = Fe([f0^x0, f1^x1, f2^x2, f3^x3, f4^x4, - f5^x5, f6^x6, f7^x7, f8^x8, f9^x9]); - } - - /* - h = f * 121666 - Can overlap h with f. - - Preconditions: - |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - - Postconditions: - |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - */ - - fn mul_121666(&self) -> Fe { - let &Fe(f) = self; - - let mut h0 = (f[0] as i64) * 121666; - let mut h1 = (f[1] as i64) * 121666; - let mut h2 = (f[2] as i64) * 121666; - let mut h3 = (f[3] as i64) * 121666; - let mut h4 = (f[4] as i64) * 121666; - let mut h5 = (f[5] as i64) * 121666; - let mut h6 = (f[6] as i64) * 121666; - let mut h7 = (f[7] as i64) * 121666; - let mut h8 = (f[8] as i64) * 121666; - let mut h9 = (f[9] as i64) * 121666; - - let carry9 = (h9 + (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - let carry1 = (h1 + (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - let carry3 = (h3 + (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - let carry5 = (h5 + (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - let carry7 = (h7 + (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - - let carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - let carry2 = (h2 + (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - let carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - let carry6 = (h6 + (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - let carry8 = (h8 + (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - - Fe([h0 as i32, h1 as i32, h2 as i32, h3 as i32, h4 as i32, - h5 as i32, h6 as i32, h7 as i32, h8 as i32, h9 as i32]) - } - - - /* - h = f * f - Can overlap h with f. - - Preconditions: - |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - - Postconditions: - |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - */ - - /* - See fe_mul.c for discussion of implementation strategy. - */ - fn square(&self) -> Fe { - let &Fe(f) = self; - - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let f0_2 = 2 * f0; - let f1_2 = 2 * f1; - let f2_2 = 2 * f2; - let f3_2 = 2 * f3; - let f4_2 = 2 * f4; - let f5_2 = 2 * f5; - let f6_2 = 2 * f6; - let f7_2 = 2 * f7; - let f5_38 = 38 * f5; /* 1.31*2^30 */ - let f6_19 = 19 * f6; /* 1.31*2^30 */ - let f7_38 = 38 * f7; /* 1.31*2^30 */ - let f8_19 = 19 * f8; /* 1.31*2^30 */ - let f9_38 = 38 * f9; /* 1.31*2^30 */ - let f0f0 = (f0 as i64) * (f0 as i64); - let f0f1_2 = (f0_2 as i64) * (f1 as i64); - let f0f2_2 = (f0_2 as i64) * (f2 as i64); - let f0f3_2 = (f0_2 as i64) * (f3 as i64); - let f0f4_2 = (f0_2 as i64) * (f4 as i64); - let f0f5_2 = (f0_2 as i64) * (f5 as i64); - let f0f6_2 = (f0_2 as i64) * (f6 as i64); - let f0f7_2 = (f0_2 as i64) * (f7 as i64); - let f0f8_2 = (f0_2 as i64) * (f8 as i64); - let f0f9_2 = (f0_2 as i64) * (f9 as i64); - let f1f1_2 = (f1_2 as i64) * (f1 as i64); - let f1f2_2 = (f1_2 as i64) * (f2 as i64); - let f1f3_4 = (f1_2 as i64) * (f3_2 as i64); - let f1f4_2 = (f1_2 as i64) * (f4 as i64); - let f1f5_4 = (f1_2 as i64) * (f5_2 as i64); - let f1f6_2 = (f1_2 as i64) * (f6 as i64); - let f1f7_4 = (f1_2 as i64) * (f7_2 as i64); - let f1f8_2 = (f1_2 as i64) * (f8 as i64); - let f1f9_76 = (f1_2 as i64) * (f9_38 as i64); - let f2f2 = (f2 as i64) * (f2 as i64); - let f2f3_2 = (f2_2 as i64) * (f3 as i64); - let f2f4_2 = (f2_2 as i64) * (f4 as i64); - let f2f5_2 = (f2_2 as i64) * (f5 as i64); - let f2f6_2 = (f2_2 as i64) * (f6 as i64); - let f2f7_2 = (f2_2 as i64) * (f7 as i64); - let f2f8_38 = (f2_2 as i64) * (f8_19 as i64); - let f2f9_38 = (f2 as i64) * (f9_38 as i64); - let f3f3_2 = (f3_2 as i64) * (f3 as i64); - let f3f4_2 = (f3_2 as i64) * (f4 as i64); - let f3f5_4 = (f3_2 as i64) * (f5_2 as i64); - let f3f6_2 = (f3_2 as i64) * (f6 as i64); - let f3f7_76 = (f3_2 as i64) * (f7_38 as i64); - let f3f8_38 = (f3_2 as i64) * (f8_19 as i64); - let f3f9_76 = (f3_2 as i64) * (f9_38 as i64); - let f4f4 = (f4 as i64) * (f4 as i64); - let f4f5_2 = (f4_2 as i64) * (f5 as i64); - let f4f6_38 = (f4_2 as i64) * (f6_19 as i64); - let f4f7_38 = (f4 as i64) * (f7_38 as i64); - let f4f8_38 = (f4_2 as i64) * (f8_19 as i64); - let f4f9_38 = (f4 as i64) * (f9_38 as i64); - let f5f5_38 = (f5 as i64) * (f5_38 as i64); - let f5f6_38 = (f5_2 as i64) * (f6_19 as i64); - let f5f7_76 = (f5_2 as i64) * (f7_38 as i64); - let f5f8_38 = (f5_2 as i64) * (f8_19 as i64); - let f5f9_76 = (f5_2 as i64) * (f9_38 as i64); - let f6f6_19 = (f6 as i64) * (f6_19 as i64); - let f6f7_38 = (f6 as i64) * (f7_38 as i64); - let f6f8_38 = (f6_2 as i64) * (f8_19 as i64); - let f6f9_38 = (f6 as i64) * (f9_38 as i64); - let f7f7_38 = (f7 as i64) * (f7_38 as i64); - let f7f8_38 = (f7_2 as i64) * (f8_19 as i64); - let f7f9_76 = (f7_2 as i64) * (f9_38 as i64); - let f8f8_19 = (f8 as i64) * (f8_19 as i64); - let f8f9_38 = (f8 as i64) * (f9_38 as i64); - let f9f9_38 = (f9 as i64) * (f9_38 as i64); - let mut h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; - let mut h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; - let mut h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; - let mut h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; - let mut h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; - let mut h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; - let mut h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; - let mut h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; - let mut h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; - let mut h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - - let carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - let carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - - let carry1 = (h1 + (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - let carry5 = (h5 + (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - - let carry2 = (h2 + (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - let carry6 = (h6 + (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - - let carry3 = (h3 + (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - let carry7 = (h7 + (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - - let carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - let carry8 = (h8 + (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - - let carry9 = (h9 + (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - - let carrya = (h0 + (1<<25)) >> 26; h1 += carrya; h0 -= carrya << 26; - - Fe([h0 as i32, h1 as i32, h2 as i32, h3 as i32, h4 as i32, - h5 as i32, h6 as i32, h7 as i32, h8 as i32, h9 as i32]) - } - - fn square_and_double(&self) -> Fe { - let &Fe(f) = self; - - let f0 = f[0]; - let f1 = f[1]; - let f2 = f[2]; - let f3 = f[3]; - let f4 = f[4]; - let f5 = f[5]; - let f6 = f[6]; - let f7 = f[7]; - let f8 = f[8]; - let f9 = f[9]; - let f0_2 = 2 * f0; - let f1_2 = 2 * f1; - let f2_2 = 2 * f2; - let f3_2 = 2 * f3; - let f4_2 = 2 * f4; - let f5_2 = 2 * f5; - let f6_2 = 2 * f6; - let f7_2 = 2 * f7; - let f5_38 = 38 * f5; /* 1.959375*2^30 */ - let f6_19 = 19 * f6; /* 1.959375*2^30 */ - let f7_38 = 38 * f7; /* 1.959375*2^30 */ - let f8_19 = 19 * f8; /* 1.959375*2^30 */ - let f9_38 = 38 * f9; /* 1.959375*2^30 */ - let f0f0 = (f0 as i64) * (f0 as i64); - let f0f1_2 = (f0_2 as i64) * (f1 as i64); - let f0f2_2 = (f0_2 as i64) * (f2 as i64); - let f0f3_2 = (f0_2 as i64) * (f3 as i64); - let f0f4_2 = (f0_2 as i64) * (f4 as i64); - let f0f5_2 = (f0_2 as i64) * (f5 as i64); - let f0f6_2 = (f0_2 as i64) * (f6 as i64); - let f0f7_2 = (f0_2 as i64) * (f7 as i64); - let f0f8_2 = (f0_2 as i64) * (f8 as i64); - let f0f9_2 = (f0_2 as i64) * (f9 as i64); - let f1f1_2 = (f1_2 as i64) * (f1 as i64); - let f1f2_2 = (f1_2 as i64) * (f2 as i64); - let f1f3_4 = (f1_2 as i64) * (f3_2 as i64); - let f1f4_2 = (f1_2 as i64) * (f4 as i64); - let f1f5_4 = (f1_2 as i64) * (f5_2 as i64); - let f1f6_2 = (f1_2 as i64) * (f6 as i64); - let f1f7_4 = (f1_2 as i64) * (f7_2 as i64); - let f1f8_2 = (f1_2 as i64) * (f8 as i64); - let f1f9_76 = (f1_2 as i64) * (f9_38 as i64); - let f2f2 = (f2 as i64) * (f2 as i64); - let f2f3_2 = (f2_2 as i64) * (f3 as i64); - let f2f4_2 = (f2_2 as i64) * (f4 as i64); - let f2f5_2 = (f2_2 as i64) * (f5 as i64); - let f2f6_2 = (f2_2 as i64) * (f6 as i64); - let f2f7_2 = (f2_2 as i64) * (f7 as i64); - let f2f8_38 = (f2_2 as i64) * (f8_19 as i64); - let f2f9_38 = (f2 as i64) * (f9_38 as i64); - let f3f3_2 = (f3_2 as i64) * (f3 as i64); - let f3f4_2 = (f3_2 as i64) * (f4 as i64); - let f3f5_4 = (f3_2 as i64) * (f5_2 as i64); - let f3f6_2 = (f3_2 as i64) * (f6 as i64); - let f3f7_76 = (f3_2 as i64) * (f7_38 as i64); - let f3f8_38 = (f3_2 as i64) * (f8_19 as i64); - let f3f9_76 = (f3_2 as i64) * (f9_38 as i64); - let f4f4 = (f4 as i64) * (f4 as i64); - let f4f5_2 = (f4_2 as i64) * (f5 as i64); - let f4f6_38 = (f4_2 as i64) * (f6_19 as i64); - let f4f7_38 = (f4 as i64) * (f7_38 as i64); - let f4f8_38 = (f4_2 as i64) * (f8_19 as i64); - let f4f9_38 = (f4 as i64) * (f9_38 as i64); - let f5f5_38 = (f5 as i64) * (f5_38 as i64); - let f5f6_38 = (f5_2 as i64) * (f6_19 as i64); - let f5f7_76 = (f5_2 as i64) * (f7_38 as i64); - let f5f8_38 = (f5_2 as i64) * (f8_19 as i64); - let f5f9_76 = (f5_2 as i64) * (f9_38 as i64); - let f6f6_19 = (f6 as i64) * (f6_19 as i64); - let f6f7_38 = (f6 as i64) * (f7_38 as i64); - let f6f8_38 = (f6_2 as i64) * (f8_19 as i64); - let f6f9_38 = (f6 as i64) * (f9_38 as i64); - let f7f7_38 = (f7 as i64) * (f7_38 as i64); - let f7f8_38 = (f7_2 as i64) * (f8_19 as i64); - let f7f9_76 = (f7_2 as i64) * (f9_38 as i64); - let f8f8_19 = (f8 as i64) * (f8_19 as i64); - let f8f9_38 = (f8 as i64) * (f9_38 as i64); - let f9f9_38 = (f9 as i64) * (f9_38 as i64); - let mut h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; - let mut h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; - let mut h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; - let mut h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; - let mut h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; - let mut h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; - let mut h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; - let mut h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; - let mut h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; - let mut h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; - let mut carry0: i64; - let carry1: i64; - let carry2: i64; - let carry3: i64; - let mut carry4: i64; - let carry5: i64; - let carry6: i64; - let carry7: i64; - let carry8: i64; - let carry9: i64; - - h0 += h0; - h1 += h1; - h2 += h2; - h3 += h3; - h4 += h4; - h5 += h5; - h6 += h6; - h7 += h7; - h8 += h8; - h9 += h9; - - carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - - carry1 = (h1 + (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - - carry2 = (h2 + (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - - carry3 = (h3 + (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - - carry4 = (h4 + (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - - carry9 = (h9 + (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - - carry0 = (h0 + (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - - Fe([h0 as i32, h1 as i32, h2 as i32, h3 as i32, h4 as i32, - h5 as i32, h6 as i32, h7 as i32, h8 as i32, h9 as i32]) - } - - pub fn invert(&self) -> Fe { - let z1 = *self; - - /* qhasm: z2 = z1^2^1 */ - let z2 = z1.square(); - /* qhasm: z8 = z2^2^2 */ - let z8 = z2.square().square(); - /* qhasm: z9 = z1*z8 */ - let z9 = z1*z8; - - /* qhasm: z11 = z2*z9 */ - let z11 = z2*z9; - - /* qhasm: z22 = z11^2^1 */ - let z22 = z11.square(); - - /* qhasm: z_5_0 = z9*z22 */ - let z_5_0 = z9*z22; - - /* qhasm: z_10_5 = z_5_0^2^5 */ - let z_10_5 = (0..5).fold(z_5_0, |z_5_n, _| z_5_n.square()); - - /* qhasm: z_10_0 = z_10_5*z_5_0 */ - let z_10_0 = z_10_5*z_5_0; - - /* qhasm: z_20_10 = z_10_0^2^10 */ - let z_20_10 = (0..10).fold(z_10_0, |x, _| x.square()); - - /* qhasm: z_20_0 = z_20_10*z_10_0 */ - let z_20_0 = z_20_10*z_10_0; - - /* qhasm: z_40_20 = z_20_0^2^20 */ - let z_40_20 = (0..20).fold(z_20_0, |x, _| x.square()); - - /* qhasm: z_40_0 = z_40_20*z_20_0 */ - let z_40_0 = z_40_20*z_20_0; - - /* qhasm: z_50_10 = z_40_0^2^10 */ - let z_50_10 = (0..10).fold(z_40_0, |x, _| x.square()); - - /* qhasm: z_50_0 = z_50_10*z_10_0 */ - let z_50_0 = z_50_10*z_10_0; - - /* qhasm: z_100_50 = z_50_0^2^50 */ - let z_100_50 = (0..50).fold(z_50_0, |x, _| x.square()); - - /* qhasm: z_100_0 = z_100_50*z_50_0 */ - let z_100_0 = z_100_50*z_50_0; - - /* qhasm: z_200_100 = z_100_0^2^100 */ - let z_200_100 = (0..100).fold(z_100_0, |x, _| x.square()); - - /* qhasm: z_200_0 = z_200_100*z_100_0 */ - /* asm 1: fe_mul(>z_200_0=fe#3,z_200_0=t2,z_255_21=fe#12,z_255_21=out, bool { - let bs = self.to_bytes(); - let zero = [0; 32]; - !fixed_time_eq(bs.as_ref(), zero.as_ref()) - } - - fn is_negative(&self) -> bool { - (self.to_bytes()[0] & 1) != 0 - } - - fn neg(&self) -> Fe { - let &Fe(f) = self; - Fe([-f[0], -f[1], -f[2], -f[3], -f[4], - -f[5], -f[6], -f[7], -f[8], -f[9]]) - } - - fn pow25523(&self) -> Fe { - let z2 = self.square(); - let z8 = (0..2).fold(z2, |x, _| x.square()); - let z9 = *self * z8; - let z11 = z2 * z9; - let z22 = z11.square(); - let z_5_0 = z9 * z22; - let z_10_5 = (0..5).fold(z_5_0, |x, _| x.square()); - let z_10_0 = z_10_5 * z_5_0; - let z_20_10 = (0..10).fold(z_10_0, |x, _| x.square()); - let z_20_0 = z_20_10 * z_10_0; - let z_40_20 = (0..20).fold(z_20_0, |x, _| x.square()); - let z_40_0 = z_40_20 * z_20_0; - let z_50_10 = (0..10).fold(z_40_0, |x, _| x.square()); - let z_50_0 = z_50_10 * z_10_0; - let z_100_50 = (0..50).fold(z_50_0, |x, _| x.square()); - let z_100_0 = z_100_50 * z_50_0; - let z_200_100 = (0..100).fold(z_100_0, |x, _| x.square()); - let z_200_0 = z_200_100 * z_100_0; - let z_250_50 = (0..50).fold(z_200_0, |x, _| x.square()); - let z_250_0 = z_250_50 * z_50_0; - let z_252_2 = (0..2).fold(z_250_0, |x, _| x.square()); - let z_252_3 = z_252_2 * *self; - - z_252_3 - } -} - -#[derive(Clone, Copy)] -pub struct GeP2 { - x: Fe, - y: Fe, - z: Fe, -} - -#[derive(Clone, Copy)] -pub struct GeP3 { - x: Fe, - y: Fe, - z: Fe, - t: Fe, -} - -#[derive(Clone, Copy)] -pub struct GeP1P1 { - x: Fe, - y: Fe, - z: Fe, - t: Fe, -} - -#[derive(Clone, Copy)] -pub struct GePrecomp { - y_plus_x: Fe, - y_minus_x: Fe, - xy2d: Fe, -} - -#[derive(Clone, Copy)] -pub struct GeCached { - y_plus_x: Fe, - y_minus_x: Fe, - z: Fe, - t2d: Fe, -} - -impl GeP1P1 { - pub fn to_p2(&self) -> GeP2 { - GeP2 { - x: self.x * self.t, - y: self.y * self.z, - z: self.z * self.t, - } - } - - - fn to_p3(&self) -> GeP3 { - GeP3 { - x: self.x * self.t, - y: self.y * self.z, - z: self.z * self.t, - t: self.x * self.y, - } - } - -} - -impl GeP2 { - fn zero() -> GeP2 { - GeP2 { - x: FE_ZERO, - y: FE_ONE, - z: FE_ONE, - } - } - - pub fn to_bytes(&self) -> [u8; 32] { - let recip = self.z.invert(); - let x = self.x * recip; - let y = self.y * recip; - let mut bs = y.to_bytes(); - bs[31] ^= (if x.is_negative() { 1 } else { 0 }) << 7; - bs - } - - fn dbl(&self) -> GeP1P1 { - let xx = self.x.square(); - let yy = self.y.square(); - let b = self.z.square_and_double(); - let a = self.x + self.y; - let aa = a.square(); - let y3 = yy + xx; - let z3 = yy - xx; - let x3 = aa - y3; - let t3 = b - z3; - - GeP1P1 { x: x3, y: y3, z: z3, t: t3 } - } - - fn slide(a: &[u8]) -> [i8; 256] { - let mut r = [0i8; 256]; - for i in 0..256 { - r[i] = (1 & (a[i >> 3] >> (i & 7))) as i8; - } - for i in 0..256 { - if r[i]!=0 { - for b in 1..min(7, 256-i) { - if r[i + b] != 0 { - if r[i] + (r[i + b] << b) <= 15 { - r[i] += r[i + b] << b; r[i + b] = 0; - } else if r[i] - (r[i + b] << b) >= -15 { - r[i] -= r[i + b] << b; - for k in i+b..256 { - if r[k]==0 { - r[k] = 1; - break; - } - r[k] = 0; - } - } else { - break; - } - } - } - } - } - - r - } - - /* - r = a * A + b * B - where a = a[0]+256*a[1]+...+256^31 a[31]. - and b = b[0]+256*b[1]+...+256^31 b[31]. - B is the Ed25519 base point (x,4/5) with x positive. - */ - pub fn double_scalarmult_vartime(a_scalar: &[u8], a_point: GeP3, b_scalar: &[u8]) -> GeP2 { - let aslide = GeP2::slide(a_scalar); - let bslide = GeP2::slide(b_scalar); - - let mut ai = [GeCached{y_plus_x:FE_ZERO, y_minus_x: FE_ZERO, z: FE_ZERO, t2d: FE_ZERO}; 8]; /* A,3A,5A,7A,9A,11A,13A,15A */ - ai[0] = a_point.to_cached(); - let a2 = a_point.dbl().to_p3(); - ai[1] = (a2 + ai[0]).to_p3().to_cached(); - ai[2] = (a2 + ai[1]).to_p3().to_cached(); - ai[3] = (a2 + ai[2]).to_p3().to_cached(); - ai[4] = (a2 + ai[3]).to_p3().to_cached(); - ai[5] = (a2 + ai[4]).to_p3().to_cached(); - ai[6] = (a2 + ai[5]).to_p3().to_cached(); - ai[7] = (a2 + ai[6]).to_p3().to_cached(); - - let mut r = GeP2::zero(); - - let mut i: usize = 255; - loop { - if aslide[i]!=0 || bslide[i]!=0 { - break; - } - if i==0 { - return r; - } - i -= 1; - } - - loop { - let mut t = r.dbl(); - if aslide[i] > 0 { - t = t.to_p3() + ai[(aslide[i]/2) as usize]; - } else if aslide[i] < 0 { - t = t.to_p3() - ai[(-aslide[i]/2) as usize]; - } - - if bslide[i] > 0 { - t = t.to_p3() + BI[(bslide[i]/2) as usize]; - } else if bslide[i] < 0 { - t = t.to_p3() - BI[(-bslide[i]/2) as usize]; - } - - r = t.to_p2(); - - if i==0 { - return r; - } - i -= 1; - } - } - -} - -impl GeP3 { - pub fn from_bytes_negate_vartime(s: &[u8]) -> Option { - let y = Fe::from_bytes(s); - let z = FE_ONE; - let y_squared = y.square(); - let u = y_squared - FE_ONE; - let v = (y_squared * FE_D) + FE_ONE; - let v_raise_3 = v.square() * v; - let v_raise_7 = v_raise_3.square() * v; - let uv7 = v_raise_7 * u;// Is this commutative? u comes second in the code, but not in the notation... - - let mut x = uv7.pow25523() * v_raise_3 * u; - - let vxx = x.square() * v; - let check = vxx - u; - if check.is_nonzero() { - let check2 = vxx + u; - if check2.is_nonzero() { - return None; - } - x = x * FE_SQRTM1; - } - - if x.is_negative() == ((s[31]>>7)!=0) { - x = x.neg(); - } - - let t = x * y; - - Some(GeP3{x: x, y: y, z: z, t: t}) - } - - fn to_p2(&self) -> GeP2 { - GeP2 { - x: self.x, - y: self.y, - z: self.z, - } - } - - pub fn to_cached(&self) -> GeCached { - GeCached { - y_plus_x: self.y + self.x, - y_minus_x: self.y - self.x, - z: self.z, - t2d: self.t * FE_D2 - } - } - - fn zero() -> GeP3 { - GeP3 { - x: FE_ZERO, - y: FE_ONE, - z: FE_ONE, - t: FE_ZERO, - } - } - - fn dbl(&self) -> GeP1P1 { - self.to_p2().dbl() - } - - pub fn to_bytes(&self) -> [u8; 32] { - let recip = self.z.invert(); - let x = self.x * recip; - let y = self.y * recip; - let mut bs = y.to_bytes(); - bs[31] ^= (if x.is_negative() { 1 } else { 0 }) << 7; - bs - } - - -} - -impl Add for GeP3 { - type Output = GeP1P1; - - fn add(self, _rhs: GeCached) -> GeP1P1 { - let y1_plus_x1 = self.y + self.x; - let y1_minus_x1 = self.y - self.x; - let a = y1_plus_x1 * _rhs.y_plus_x; - let b = y1_minus_x1 * _rhs.y_minus_x; - let c = _rhs.t2d * self.t; - let zz = self.z * _rhs.z; - let d = zz + zz; - let x3 = a - b; - let y3 = a + b; - let z3 = d + c; - let t3 = d - c; - - GeP1P1 { x: x3, y: y3, z: z3, t: t3 } - } -} - -impl Add for GeP3 { - type Output = GeP1P1; - - fn add(self, _rhs: GePrecomp) -> GeP1P1 { - let y1_plus_x1 = self.y + self.x; - let y1_minus_x1 = self.y - self.x; - let a = y1_plus_x1 * _rhs.y_plus_x; - let b = y1_minus_x1 * _rhs.y_minus_x; - let c = _rhs.xy2d * self.t; - let d = self.z + self.z; - let x3 = a - b; - let y3 = a + b; - let z3 = d + c; - let t3 = d - c; - - GeP1P1 { x: x3, y: y3, z: z3, t: t3 } - } -} - -impl Sub for GeP3 { - type Output = GeP1P1; - - fn sub(self, _rhs: GeCached) -> GeP1P1 { - let y1_plus_x1 = self.y + self.x; - let y1_minus_x1 = self.y - self.x; - let a = y1_plus_x1 * _rhs.y_minus_x; - let b = y1_minus_x1 * _rhs.y_plus_x; - let c = _rhs.t2d * self.t; - let zz = self.z * _rhs.z; - let d = zz + zz; - let x3 = a - b; - let y3 = a + b; - let z3 = d - c; - let t3 = d + c; - - GeP1P1 { x: x3, y: y3, z: z3, t: t3 } - } -} - -impl Sub for GeP3 { - type Output = GeP1P1; - - fn sub(self, _rhs: GePrecomp) -> GeP1P1 { - let y1_plus_x1 = self.y + self.x; - let y1_minus_x1 = self.y - self.x; - let a = y1_plus_x1 * _rhs.y_minus_x; - let b = y1_minus_x1 * _rhs.y_plus_x; - let c = _rhs.xy2d * self.t; - let d = self.z + self.z; - let x3 = a - b; - let y3 = a + b; - let z3 = d - c; - let t3 = d + c; - - GeP1P1 { x: x3, y: y3, z: z3, t: t3 } - } -} - -fn equal(b: u8, c: u8) -> i32 { - let x = b ^ c; /* 0: yes; 1..255: no */ - let mut y = x as u32; /* 0: yes; 1..255: no */ - y = y.wrapping_sub(1); /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ - y as i32 -} - - - -impl GePrecomp { - fn zero() -> GePrecomp { - GePrecomp { - y_plus_x: FE_ONE, - y_minus_x: FE_ONE, - xy2d: FE_ZERO, - } - } - - pub fn maybe_set(&mut self, other: &GePrecomp, do_swap: i32) { - self.y_plus_x.maybe_set(&other.y_plus_x, do_swap); - self.y_minus_x.maybe_set(&other.y_minus_x, do_swap); - self.xy2d.maybe_set(&other.xy2d, do_swap); - } - - pub fn select(pos: usize, b: i8) -> GePrecomp { - let bnegative = (b as u8) >> 7; - let babs: u8 = (b - (((-(bnegative as i8)) & b) << 1)) as u8; - let mut t = GePrecomp::zero(); - t.maybe_set(&GE_PRECOMP_BASE[pos][0], equal(babs, 1)); - t.maybe_set(&GE_PRECOMP_BASE[pos][1], equal(babs, 2)); - t.maybe_set(&GE_PRECOMP_BASE[pos][2], equal(babs, 3)); - t.maybe_set(&GE_PRECOMP_BASE[pos][3], equal(babs, 4)); - t.maybe_set(&GE_PRECOMP_BASE[pos][4], equal(babs, 5)); - t.maybe_set(&GE_PRECOMP_BASE[pos][5], equal(babs, 6)); - t.maybe_set(&GE_PRECOMP_BASE[pos][6], equal(babs, 7)); - t.maybe_set(&GE_PRECOMP_BASE[pos][7], equal(babs, 8)); - let minus_t = GePrecomp { - y_plus_x: t.y_minus_x, - y_minus_x: t.y_plus_x, - xy2d: t.xy2d.neg(), - }; - t.maybe_set(&minus_t, bnegative as i32); - t - } -} - -/* -h = a * B -where a = a[0]+256*a[1]+...+256^31 a[31] -B is the Ed25519 base point (x,4/5) with x positive. - -Preconditions: - a[31] <= 127 -*/ -pub fn ge_scalarmult_base(a: &[u8]) -> GeP3 { - let mut es: [i8; 64] = [0; 64]; - let mut r: GeP1P1; - let mut s: GeP2; - let mut t: GePrecomp; - - for i in 0..32 { - es[2 * i + 0] = ((a[i] >> 0) & 15) as i8; - es[2 * i + 1] = ((a[i] >> 4) & 15) as i8; - } - /* each es[i] is between 0 and 15 */ - /* es[63] is between 0 and 7 */ - - let mut carry: i8 = 0; - for i in 0..63 { - es[i] += carry; - carry = es[i] + 8; - carry >>= 4; - es[i] -= carry << 4; - } - es[63] += carry; - /* each es[i] is between -8 and 8 */ - - let mut h = GeP3::zero(); - for i in (1..64).step_up(2) { - t = GePrecomp::select(i/2, es[i]); - r = h + t; - h = r.to_p3(); - } - - r = h.dbl(); s = r.to_p2(); - r = s.dbl(); s = r.to_p2(); - r = s.dbl(); s = r.to_p2(); - r = s.dbl(); h = r.to_p3(); - - for i in (0..64).step_up(2) { - t = GePrecomp::select(i/2, es[i]); - r = h + t; - h = r.to_p3(); - } - - h -} -/* -Input: - s[0]+256*s[1]+...+256^63*s[63] = s - -Output: - s[0]+256*s[1]+...+256^31*s[31] = s mod l - where l = 2^252 + 27742317777372353535851937790883648493. - Overwrites s in place. -*/ -pub fn sc_reduce(s: &mut [u8]) { - let mut s0: i64 = 2097151 & load_3i(s); - let mut s1: i64 = 2097151 & (load_4i(&s[2..6]) >> 5); - let mut s2: i64 = 2097151 & (load_3i(&s[5..8]) >> 2); - let mut s3: i64 = 2097151 & (load_4i(&s[7..11]) >> 7); - let mut s4: i64 = 2097151 & (load_4i(&s[10..14]) >> 4); - let mut s5: i64 = 2097151 & (load_3i(&s[13..16]) >> 1); - let mut s6: i64 = 2097151 & (load_4i(&s[15..19]) >> 6); - let mut s7: i64 = 2097151 & (load_3i(&s[18..21]) >> 3); - let mut s8: i64 = 2097151 & load_3i(&s[21..24]); - let mut s9: i64 = 2097151 & (load_4i(&s[23..27]) >> 5); - let mut s10: i64 = 2097151 & (load_3i(&s[26..29]) >> 2); - let mut s11: i64 = 2097151 & (load_4i(&s[28..32]) >> 7); - let mut s12: i64 = 2097151 & (load_4i(&s[31..35]) >> 4); - let mut s13: i64 = 2097151 & (load_3i(&s[34..37]) >> 1); - let mut s14: i64 = 2097151 & (load_4i(&s[36..40]) >> 6); - let mut s15: i64 = 2097151 & (load_3i(&s[39..42]) >> 3); - let mut s16: i64 = 2097151 & load_3i(&s[42..45]); - let mut s17: i64 = 2097151 & (load_4i(&s[44..48]) >> 5); - let s18: i64 = 2097151 & (load_3i(&s[47..50]) >> 2); - let s19: i64 = 2097151 & (load_4i(&s[49..53]) >> 7); - let s20: i64 = 2097151 & (load_4i(&s[52..56]) >> 4); - let s21: i64 = 2097151 & (load_3i(&s[55..58]) >> 1); - let s22: i64 = 2097151 & (load_4i(&s[57..61]) >> 6); - let s23: i64 = load_4i(&s[60..64]) >> 3; - let mut carry0: i64; - let mut carry1: i64; - let mut carry2: i64; - let mut carry3: i64; - let mut carry4: i64; - let mut carry5: i64; - let mut carry6: i64; - let mut carry7: i64; - let mut carry8: i64; - let mut carry9: i64; - let mut carry10: i64; - let mut carry11: i64; - let carry12: i64; - let carry13: i64; - let carry14: i64; - let carry15: i64; - let carry16: i64; - - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - - - carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21; - carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21; - carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21; - carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21; - - carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; - carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21; - carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21; - - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21; - carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21; - carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21; - carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21; - - carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21; - carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21; - carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21; - carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; - carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; - carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; - carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; - carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; - carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; - carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; - carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; - carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; - carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; - carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; - carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - - - carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; - carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; - carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; - carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; - carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; - carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; - carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; - carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; - carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; - carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; - carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; - - s[0] = (s0 >> 0) as u8; - s[1] = (s0 >> 8) as u8; - s[2] = ((s0 >> 16) | (s1 << 5)) as u8; - s[3] = (s1 >> 3) as u8; - s[4] = (s1 >> 11) as u8; - s[5] = ((s1 >> 19) | (s2 << 2)) as u8; - s[6] = (s2 >> 6) as u8; - s[7] = ((s2 >> 14) | (s3 << 7)) as u8; - s[8] = (s3 >> 1) as u8; - s[9] = (s3 >> 9) as u8; - s[10] = ((s3 >> 17) | (s4 << 4)) as u8; - s[11] = (s4 >> 4) as u8; - s[12] = (s4 >> 12) as u8; - s[13] = ((s4 >> 20) | (s5 << 1)) as u8; - s[14] = (s5 >> 7) as u8; - s[15] = ((s5 >> 15) | (s6 << 6)) as u8; - s[16] = (s6 >> 2) as u8; - s[17] = (s6 >> 10) as u8; - s[18] = ((s6 >> 18) | (s7 << 3)) as u8; - s[19] = (s7 >> 5) as u8; - s[20] = (s7 >> 13) as u8; - s[21] = (s8 >> 0) as u8; - s[22] = (s8 >> 8) as u8; - s[23] = ((s8 >> 16) | (s9 << 5)) as u8; - s[24] = (s9 >> 3) as u8; - s[25] = (s9 >> 11) as u8; - s[26] = ((s9 >> 19) | (s10 << 2)) as u8; - s[27] = (s10 >> 6) as u8; - s[28] = ((s10 >> 14) | (s11 << 7)) as u8; - s[29] = (s11 >> 1) as u8; - s[30] = (s11 >> 9) as u8; - s[31] = (s11 >> 17) as u8; -} - - -/* -Input: - a[0]+256*a[1]+...+256^31*a[31] = a - b[0]+256*b[1]+...+256^31*b[31] = b - c[0]+256*c[1]+...+256^31*c[31] = c - -Output: - s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l - where l = 2^252 + 27742317777372353535851937790883648493. -*/ -pub fn sc_muladd(s: &mut[u8], a: &[u8], b: &[u8], c: &[u8]) { - let a0 = 2097151 & load_3i(&a[0..3]); - let a1 = 2097151 & (load_4i(&a[2..6]) >> 5); - let a2 = 2097151 & (load_3i(&a[5..8]) >> 2); - let a3 = 2097151 & (load_4i(&a[7..11]) >> 7); - let a4 = 2097151 & (load_4i(&a[10..14]) >> 4); - let a5 = 2097151 & (load_3i(&a[13..16]) >> 1); - let a6 = 2097151 & (load_4i(&a[15..19]) >> 6); - let a7 = 2097151 & (load_3i(&a[18..21]) >> 3); - let a8 = 2097151 & load_3i(&a[21..24]); - let a9 = 2097151 & (load_4i(&a[23..27]) >> 5); - let a10 = 2097151 & (load_3i(&a[26..29]) >> 2); - let a11 = load_4i(&a[28..32]) >> 7; - let b0 = 2097151 & load_3i(&b[0..3]); - let b1 = 2097151 & (load_4i(&b[2..6]) >> 5); - let b2 = 2097151 & (load_3i(&b[5..8]) >> 2); - let b3 = 2097151 & (load_4i(&b[7..11]) >> 7); - let b4 = 2097151 & (load_4i(&b[10..14]) >> 4); - let b5 = 2097151 & (load_3i(&b[13..16]) >> 1); - let b6 = 2097151 & (load_4i(&b[15..19]) >> 6); - let b7 = 2097151 & (load_3i(&b[18..21]) >> 3); - let b8 = 2097151 & load_3i(&b[21..24]); - let b9 = 2097151 & (load_4i(&b[23..27]) >> 5); - let b10 = 2097151 & (load_3i(&b[26..29]) >> 2); - let b11 = load_4i(&b[28..32]) >> 7; - let c0 = 2097151 & load_3i(&c[0..3]); - let c1 = 2097151 & (load_4i(&c[2..6]) >> 5); - let c2 = 2097151 & (load_3i(&c[5..8]) >> 2); - let c3 = 2097151 & (load_4i(&c[7..11]) >> 7); - let c4 = 2097151 & (load_4i(&c[10..14]) >> 4); - let c5 = 2097151 & (load_3i(&c[13..16]) >> 1); - let c6 = 2097151 & (load_4i(&c[15..19]) >> 6); - let c7 = 2097151 & (load_3i(&c[18..21]) >> 3); - let c8 = 2097151 & load_3i(&c[21..24]); - let c9 = 2097151 & (load_4i(&c[23..27]) >> 5); - let c10 = 2097151 & (load_3i(&c[26..29]) >> 2); - let c11 = load_4i(&c[28..32]) >> 7; - let mut s0: i64; - let mut s1: i64; - let mut s2: i64; - let mut s3: i64; - let mut s4: i64; - let mut s5: i64; - let mut s6: i64; - let mut s7: i64; - let mut s8: i64; - let mut s9: i64; - let mut s10: i64; - let mut s11: i64; - let mut s12: i64; - let mut s13: i64; - let mut s14: i64; - let mut s15: i64; - let mut s16: i64; - let mut s17: i64; - let mut s18: i64; - let mut s19: i64; - let mut s20: i64; - let mut s21: i64; - let mut s22: i64; - let mut s23: i64; - let mut carry0: i64; - let mut carry1: i64; - let mut carry2: i64; - let mut carry3: i64; - let mut carry4: i64; - let mut carry5: i64; - let mut carry6: i64; - let mut carry7: i64; - let mut carry8: i64; - let mut carry9: i64; - let mut carry10: i64; - let mut carry11: i64; - let mut carry12: i64; - let mut carry13: i64; - let mut carry14: i64; - let mut carry15: i64; - let mut carry16: i64; - let carry17: i64; - let carry18: i64; - let carry19: i64; - let carry20: i64; - let carry21: i64; - let carry22: i64; - - s0 = c0 + a0*b0; - s1 = c1 + a0*b1 + a1*b0; - s2 = c2 + a0*b2 + a1*b1 + a2*b0; - s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0; - s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0; - s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0; - s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0; - s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0; - s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0; - s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0; - s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0; - s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0; - s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1; - s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2; - s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3; - s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4; - s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5; - s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6; - s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7; - s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8; - s20 = a9*b11 + a10*b10 + a11*b9; - s21 = a10*b11 + a11*b10; - s22 = a11*b11; - s23 = 0; - - carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21; - carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21; - carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21; - carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21; - carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21; - carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21; - carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21; - carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21; - carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21; - carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21; - - carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21; - carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21; - carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21; - carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; - carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21; - carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21; - carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21; - carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21; - carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21; - - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - - - carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21; - carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21; - carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21; - carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21; - - carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; - carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21; - carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21; - - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21; - carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21; - carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21; - carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21; - carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21; - carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21; - - carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21; - carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21; - carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21; - carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21; - carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21; - carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; - carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; - carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; - carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; - carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; - carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; - carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; - carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; - carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; - carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; - carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; - carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - - - carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21; - carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21; - carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21; - carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21; - carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21; - carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21; - carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21; - carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21; - carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21; - carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21; - carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21; - - s[0] = (s0 >> 0) as u8; - s[1] = (s0 >> 8) as u8; - s[2] = ((s0 >> 16) | (s1 << 5)) as u8; - s[3] = (s1 >> 3) as u8; - s[4] = (s1 >> 11) as u8; - s[5] = ((s1 >> 19) | (s2 << 2)) as u8; - s[6] = (s2 >> 6) as u8; - s[7] = ((s2 >> 14) | (s3 << 7)) as u8; - s[8] = (s3 >> 1) as u8; - s[9] = (s3 >> 9) as u8; - s[10] = ((s3 >> 17) | (s4 << 4)) as u8; - s[11] = (s4 >> 4) as u8; - s[12] = (s4 >> 12) as u8; - s[13] = ((s4 >> 20) | (s5 << 1)) as u8; - s[14] = (s5 >> 7) as u8; - s[15] = ((s5 >> 15) | (s6 << 6)) as u8; - s[16] = (s6 >> 2) as u8; - s[17] = (s6 >> 10) as u8; - s[18] = ((s6 >> 18) | (s7 << 3)) as u8; - s[19] = (s7 >> 5) as u8; - s[20] = (s7 >> 13) as u8; - s[21] = (s8 >> 0) as u8; - s[22] = (s8 >> 8) as u8; - s[23] = ((s8 >> 16) | (s9 << 5)) as u8; - s[24] = (s9 >> 3) as u8; - s[25] = (s9 >> 11) as u8; - s[26] = ((s9 >> 19) | (s10 << 2)) as u8; - s[27] = (s10 >> 6) as u8; - s[28] = ((s10 >> 14) | (s11 << 7)) as u8; - s[29] = (s11 >> 1) as u8; - s[30] = (s11 >> 9) as u8; - s[31] = (s11 >> 17) as u8; -} - - -pub fn curve25519(n: &[u8], p: &[u8]) -> [u8; 32] { - let mut e = [0u8; 32]; - let mut x2; - let mut z2; - let mut x3; - let mut z3; - let mut swap: i32; - let mut b: i32; - - for (d,s) in e.iter_mut().zip(n.iter()) { - *d = *s; - } - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - let x1 = Fe::from_bytes(p); - x2 = FE_ONE; - z2 = FE_ZERO; - x3 = x1; - z3 = FE_ONE; - - swap = 0; - // pos starts at 254 and goes down to 0 - for pos in (0usize..255).rev() { - b = (e[pos / 8] >> (pos & 7)) as i32; - b &= 1; - swap ^= b; - x2.maybe_swap_with(&mut x3, swap); - z2.maybe_swap_with(&mut z3, swap); - swap = b; - - let d = x3 - z3; - let b = x2 - z2; - let a = x2 + z2; - let c = x3 + z3; - let da = d * a; - let cb = c * b; - let bb = b.square(); - let aa = a.square(); - let t0 = da + cb; - let t1 = da - cb; - let x4 = aa*bb; - let e = aa - bb; - let t2 = t1.square(); - let t3 = e.mul_121666(); - let x5 = t0.square(); - let t4 = bb + t3; - let z5 = x1 * t2; - let z4 = e*t4; - - z2 = z4; - z3 = z5; - x2 = x4; - x3 = x5; - } - x2.maybe_swap_with(&mut x3, swap); - z2.maybe_swap_with(&mut z3, swap); - - (z2.invert() * x2).to_bytes() -} - -pub fn curve25519_base(x: &[u8]) -> [u8; 32] { - let mut base : [u8; 32] = [0; 32]; - base[0] = 9; - curve25519(x, base.as_ref()) -} - -#[cfg(test)] -mod tests { - use curve25519::{Fe, curve25519_base}; - - #[test] - fn from_to_bytes_preserves() { - for i in 0..50 { - let mut e: Vec = (0u32..32).map(|idx| (idx*(1289+i*761)) as u8).collect(); - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - let fe = Fe::from_bytes(e.as_ref()); - let e_preserved = fe.to_bytes(); - assert!(e == e_preserved.to_vec()); - } - } - - #[test] - fn swap_test() { - let mut f = Fe([10,20,30,40,50,60,70,80,90,100]); - let mut g = Fe([11,21,31,41,51,61,71,81,91,101]); - let f_initial = f; - let g_initial = g; - f.maybe_swap_with(&mut g, 0); - assert!(f == f_initial); - assert!(g == g_initial); - - f.maybe_swap_with(&mut g, 1); - assert!(f == g_initial); - assert!(g == f_initial); - } - - struct CurveGen { - which: u32 - } - impl CurveGen { - fn new(seed: u32) -> CurveGen { - CurveGen{which: seed} - } - } - impl Iterator for CurveGen { - type Item = Fe; - - fn next(&mut self) -> Option { - let mut e: Vec = (0..32).map(|idx| (idx*(1289+self.which*761)) as u8).collect(); - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - Some(Fe::from_bytes(e.as_ref())) - } - } - - #[test] - fn mul_commutes() { - for (x,y) in CurveGen::new(1).zip(CurveGen::new(2)).take(40) { - assert!(x*y == y*x); - }; - } - - #[test] - fn mul_assoc() { - for (x,(y,z)) in CurveGen::new(1).zip(CurveGen::new(2).zip(CurveGen::new(3))).take(40) { - assert!((x*y)*z == x*(y*z)); - }; - } - - #[test] - fn invert_inverts() { - for x in CurveGen::new(1).take(40) { - assert!(x.invert().invert() == x); - }; - } - - #[test] - fn square_by_mul() { - for x in CurveGen::new(1).take(40) { - assert!(x*x == x.square()); - }; - } - - #[test] - fn base_example() { - let sk : [u8; 32] = [ - 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, - 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, - 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a ]; - let pk = curve25519_base(sk.as_ref()); - let correct : [u8; 32] = [ - 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54 - ,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a - ,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4 - ,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a ]; - assert_eq!(pk.to_vec(), correct.to_vec()); - } -} - -static BI: [GePrecomp; 8] = [ - GePrecomp { - y_plus_x: Fe([ 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 ]), - y_minus_x: Fe([ -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 ]), - xy2d: Fe([ -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 ]), - }, - GePrecomp { - y_plus_x: Fe([ 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 ]), - y_minus_x: Fe([ 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 ]), - xy2d: Fe([ 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 ]), - }, - GePrecomp { - y_plus_x: Fe([ 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 ]), - y_minus_x: Fe([ 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 ]), - xy2d: Fe([ 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 ]), - }, - GePrecomp { - y_plus_x: Fe([ 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 ]), - y_minus_x: Fe([ -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 ]), - xy2d: Fe([ 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 ]), - }, - GePrecomp { - y_plus_x: Fe([ -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 ]), - y_minus_x: Fe([ -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 ]), - xy2d: Fe([ 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 ]), - }, - GePrecomp { - y_plus_x: Fe([ -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 ]), - y_minus_x: Fe([ 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 ]), - xy2d: Fe([ 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 ]), - }, - GePrecomp { - y_plus_x: Fe([ -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 ]), - y_minus_x: Fe([ -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 ]), - xy2d: Fe([ -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 ]), - }, - GePrecomp { - y_plus_x: Fe([ -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 ]), - y_minus_x: Fe([ -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 ]), - xy2d: Fe([ -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 ]), - }, -]; - -static GE_PRECOMP_BASE : [[GePrecomp; 8]; 32] = [ -[ - GePrecomp { - y_plus_x: Fe([25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605]), - y_minus_x: Fe([-12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378]), - xy2d: Fe([-8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546]), - }, - GePrecomp { - y_plus_x: Fe([-12815894,-12976347,-21581243,11784320,-25355658,-2750717,-11717903,-3814571,-358445,-10211303]), - y_minus_x: Fe([-21703237,6903825,27185491,6451973,-29577724,-9554005,-15616551,11189268,-26829678,-5319081]), - xy2d: Fe([26966642,11152617,32442495,15396054,14353839,-12752335,-3128826,-9541118,-15472047,-4166697]), - }, - GePrecomp { - y_plus_x: Fe([15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024]), - y_minus_x: Fe([16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574]), - xy2d: Fe([30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357]), - }, - GePrecomp { - y_plus_x: Fe([-17036878,13921892,10945806,-6033431,27105052,-16084379,-28926210,15006023,3284568,-6276540]), - y_minus_x: Fe([23599295,-8306047,-11193664,-7687416,13236774,10506355,7464579,9656445,13059162,10374397]), - xy2d: Fe([7798556,16710257,3033922,2874086,28997861,2835604,32406664,-3839045,-641708,-101325]), - }, - GePrecomp { - y_plus_x: Fe([10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380]), - y_minus_x: Fe([4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306]), - xy2d: Fe([19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942]), - }, - GePrecomp { - y_plus_x: Fe([-15371964,-12862754,32573250,4720197,-26436522,5875511,-19188627,-15224819,-9818940,-12085777]), - y_minus_x: Fe([-8549212,109983,15149363,2178705,22900618,4543417,3044240,-15689887,1762328,14866737]), - xy2d: Fe([-18199695,-15951423,-10473290,1707278,-17185920,3916101,-28236412,3959421,27914454,4383652]), - }, - GePrecomp { - y_plus_x: Fe([5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766]), - y_minus_x: Fe([-30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701]), - xy2d: Fe([28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300]), - }, - GePrecomp { - y_plus_x: Fe([14499471,-2729599,-33191113,-4254652,28494862,14271267,30290735,10876454,-33154098,2381726]), - y_minus_x: Fe([-7195431,-2655363,-14730155,462251,-27724326,3941372,-6236617,3696005,-32300832,15351955]), - xy2d: Fe([27431194,8222322,16448760,-3907995,-18707002,11938355,-32961401,-2970515,29551813,10109425]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-13657040,-13155431,-31283750,11777098,21447386,6519384,-2378284,-1627556,10092783,-4764171]), - y_minus_x: Fe([27939166,14210322,4677035,16277044,-22964462,-12398139,-32508754,12005538,-17810127,12803510]), - xy2d: Fe([17228999,-15661624,-1233527,300140,-1224870,-11714777,30364213,-9038194,18016357,4397660]), - }, - GePrecomp { - y_plus_x: Fe([-10958843,-7690207,4776341,-14954238,27850028,-15602212,-26619106,14544525,-17477504,982639]), - y_minus_x: Fe([29253598,15796703,-2863982,-9908884,10057023,3163536,7332899,-4120128,-21047696,9934963]), - xy2d: Fe([5793303,16271923,-24131614,-10116404,29188560,1206517,-14747930,4559895,-30123922,-10897950]), - }, - GePrecomp { - y_plus_x: Fe([-27643952,-11493006,16282657,-11036493,28414021,-15012264,24191034,4541697,-13338309,5500568]), - y_minus_x: Fe([12650548,-1497113,9052871,11355358,-17680037,-8400164,-17430592,12264343,10874051,13524335]), - xy2d: Fe([25556948,-3045990,714651,2510400,23394682,-10415330,33119038,5080568,-22528059,5376628]), - }, - GePrecomp { - y_plus_x: Fe([-26088264,-4011052,-17013699,-3537628,-6726793,1920897,-22321305,-9447443,4535768,1569007]), - y_minus_x: Fe([-2255422,14606630,-21692440,-8039818,28430649,8775819,-30494562,3044290,31848280,12543772]), - xy2d: Fe([-22028579,2943893,-31857513,6777306,13784462,-4292203,-27377195,-2062731,7718482,14474653]), - }, - GePrecomp { - y_plus_x: Fe([2385315,2454213,-22631320,46603,-4437935,-15680415,656965,-7236665,24316168,-5253567]), - y_minus_x: Fe([13741529,10911568,-33233417,-8603737,-20177830,-1033297,33040651,-13424532,-20729456,8321686]), - xy2d: Fe([21060490,-2212744,15712757,-4336099,1639040,10656336,23845965,-11874838,-9984458,608372]), - }, - GePrecomp { - y_plus_x: Fe([-13672732,-15087586,-10889693,-7557059,-6036909,11305547,1123968,-6780577,27229399,23887]), - y_minus_x: Fe([-23244140,-294205,-11744728,14712571,-29465699,-2029617,12797024,-6440308,-1633405,16678954]), - xy2d: Fe([-29500620,4770662,-16054387,14001338,7830047,9564805,-1508144,-4795045,-17169265,4904953]), - }, - GePrecomp { - y_plus_x: Fe([24059557,14617003,19037157,-15039908,19766093,-14906429,5169211,16191880,2128236,-4326833]), - y_minus_x: Fe([-16981152,4124966,-8540610,-10653797,30336522,-14105247,-29806336,916033,-6882542,-2986532]), - xy2d: Fe([-22630907,12419372,-7134229,-7473371,-16478904,16739175,285431,2763829,15736322,4143876]), - }, - GePrecomp { - y_plus_x: Fe([2379352,11839345,-4110402,-5988665,11274298,794957,212801,-14594663,23527084,-16458268]), - y_minus_x: Fe([33431127,-11130478,-17838966,-15626900,8909499,8376530,-32625340,4087881,-15188911,-14416214]), - xy2d: Fe([1767683,7197987,-13205226,-2022635,-13091350,448826,5799055,4357868,-4774191,-16323038]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([6721966,13833823,-23523388,-1551314,26354293,-11863321,23365147,-3949732,7390890,2759800]), - y_minus_x: Fe([4409041,2052381,23373853,10530217,7676779,-12885954,21302353,-4264057,1244380,-12919645]), - xy2d: Fe([-4421239,7169619,4982368,-2957590,30256825,-2777540,14086413,9208236,15886429,16489664]), - }, - GePrecomp { - y_plus_x: Fe([1996075,10375649,14346367,13311202,-6874135,-16438411,-13693198,398369,-30606455,-712933]), - y_minus_x: Fe([-25307465,9795880,-2777414,14878809,-33531835,14780363,13348553,12076947,-30836462,5113182]), - xy2d: Fe([-17770784,11797796,31950843,13929123,-25888302,12288344,-30341101,-7336386,13847711,5387222]), - }, - GePrecomp { - y_plus_x: Fe([-18582163,-3416217,17824843,-2340966,22744343,-10442611,8763061,3617786,-19600662,10370991]), - y_minus_x: Fe([20246567,-14369378,22358229,-543712,18507283,-10413996,14554437,-8746092,32232924,16763880]), - xy2d: Fe([9648505,10094563,26416693,14745928,-30374318,-6472621,11094161,15689506,3140038,-16510092]), - }, - GePrecomp { - y_plus_x: Fe([-16160072,5472695,31895588,4744994,8823515,10365685,-27224800,9448613,-28774454,366295]), - y_minus_x: Fe([19153450,11523972,-11096490,-6503142,-24647631,5420647,28344573,8041113,719605,11671788]), - xy2d: Fe([8678025,2694440,-6808014,2517372,4964326,11152271,-15432916,-15266516,27000813,-10195553]), - }, - GePrecomp { - y_plus_x: Fe([-15157904,7134312,8639287,-2814877,-7235688,10421742,564065,5336097,6750977,-14521026]), - y_minus_x: Fe([11836410,-3979488,26297894,16080799,23455045,15735944,1695823,-8819122,8169720,16220347]), - xy2d: Fe([-18115838,8653647,17578566,-6092619,-8025777,-16012763,-11144307,-2627664,-5990708,-14166033]), - }, - GePrecomp { - y_plus_x: Fe([-23308498,-10968312,15213228,-10081214,-30853605,-11050004,27884329,2847284,2655861,1738395]), - y_minus_x: Fe([-27537433,-14253021,-25336301,-8002780,-9370762,8129821,21651608,-3239336,-19087449,-11005278]), - xy2d: Fe([1533110,3437855,23735889,459276,29970501,11335377,26030092,5821408,10478196,8544890]), - }, - GePrecomp { - y_plus_x: Fe([32173121,-16129311,24896207,3921497,22579056,-3410854,19270449,12217473,17789017,-3395995]), - y_minus_x: Fe([-30552961,-2228401,-15578829,-10147201,13243889,517024,15479401,-3853233,30460520,1052596]), - xy2d: Fe([-11614875,13323618,32618793,8175907,-15230173,12596687,27491595,-4612359,3179268,-9478891]), - }, - GePrecomp { - y_plus_x: Fe([31947069,-14366651,-4640583,-15339921,-15125977,-6039709,-14756777,-16411740,19072640,-9511060]), - y_minus_x: Fe([11685058,11822410,3158003,-13952594,33402194,-4165066,5977896,-5215017,473099,5040608]), - xy2d: Fe([-20290863,8198642,-27410132,11602123,1290375,-2799760,28326862,1721092,-19558642,-3131606]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([7881532,10687937,7578723,7738378,-18951012,-2553952,21820786,8076149,-27868496,11538389]), - y_minus_x: Fe([-19935666,3899861,18283497,-6801568,-15728660,-11249211,8754525,7446702,-5676054,5797016]), - xy2d: Fe([-11295600,-3793569,-15782110,-7964573,12708869,-8456199,2014099,-9050574,-2369172,-5877341]), - }, - GePrecomp { - y_plus_x: Fe([-22472376,-11568741,-27682020,1146375,18956691,16640559,1192730,-3714199,15123619,10811505]), - y_minus_x: Fe([14352098,-3419715,-18942044,10822655,32750596,4699007,-70363,15776356,-28886779,-11974553]), - xy2d: Fe([-28241164,-8072475,-4978962,-5315317,29416931,1847569,-20654173,-16484855,4714547,-9600655]), - }, - GePrecomp { - y_plus_x: Fe([15200332,8368572,19679101,15970074,-31872674,1959451,24611599,-4543832,-11745876,12340220]), - y_minus_x: Fe([12876937,-10480056,33134381,6590940,-6307776,14872440,9613953,8241152,15370987,9608631]), - xy2d: Fe([-4143277,-12014408,8446281,-391603,4407738,13629032,-7724868,15866074,-28210621,-8814099]), - }, - GePrecomp { - y_plus_x: Fe([26660628,-15677655,8393734,358047,-7401291,992988,-23904233,858697,20571223,8420556]), - y_minus_x: Fe([14620715,13067227,-15447274,8264467,14106269,15080814,33531827,12516406,-21574435,-12476749]), - xy2d: Fe([236881,10476226,57258,-14677024,6472998,2466984,17258519,7256740,8791136,15069930]), - }, - GePrecomp { - y_plus_x: Fe([1276410,-9371918,22949635,-16322807,-23493039,-5702186,14711875,4874229,-30663140,-2331391]), - y_minus_x: Fe([5855666,4990204,-13711848,7294284,-7804282,1924647,-1423175,-7912378,-33069337,9234253]), - xy2d: Fe([20590503,-9018988,31529744,-7352666,-2706834,10650548,31559055,-11609587,18979186,13396066]), - }, - GePrecomp { - y_plus_x: Fe([24474287,4968103,22267082,4407354,24063882,-8325180,-18816887,13594782,33514650,7021958]), - y_minus_x: Fe([-11566906,-6565505,-21365085,15928892,-26158305,4315421,-25948728,-3916677,-21480480,12868082]), - xy2d: Fe([-28635013,13504661,19988037,-2132761,21078225,6443208,-21446107,2244500,-12455797,-8089383]), - }, - GePrecomp { - y_plus_x: Fe([-30595528,13793479,-5852820,319136,-25723172,-6263899,33086546,8957937,-15233648,5540521]), - y_minus_x: Fe([-11630176,-11503902,-8119500,-7643073,2620056,1022908,-23710744,-1568984,-16128528,-14962807]), - xy2d: Fe([23152971,775386,27395463,14006635,-9701118,4649512,1689819,892185,-11513277,-15205948]), - }, - GePrecomp { - y_plus_x: Fe([9770129,9586738,26496094,4324120,1556511,-3550024,27453819,4763127,-19179614,5867134]), - y_minus_x: Fe([-32765025,1927590,31726409,-4753295,23962434,-16019500,27846559,5931263,-29749703,-16108455]), - xy2d: Fe([27461885,-2977536,22380810,1815854,-23033753,-3031938,7283490,-15148073,-19526700,7734629]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-8010264,-9590817,-11120403,6196038,29344158,-13430885,7585295,-3176626,18549497,15302069]), - y_minus_x: Fe([-32658337,-6171222,-7672793,-11051681,6258878,13504381,10458790,-6418461,-8872242,8424746]), - xy2d: Fe([24687205,8613276,-30667046,-3233545,1863892,-1830544,19206234,7134917,-11284482,-828919]), - }, - GePrecomp { - y_plus_x: Fe([11334899,-9218022,8025293,12707519,17523892,-10476071,10243738,-14685461,-5066034,16498837]), - y_minus_x: Fe([8911542,6887158,-9584260,-6958590,11145641,-9543680,17303925,-14124238,6536641,10543906]), - xy2d: Fe([-28946384,15479763,-17466835,568876,-1497683,11223454,-2669190,-16625574,-27235709,8876771]), - }, - GePrecomp { - y_plus_x: Fe([-25742899,-12566864,-15649966,-846607,-33026686,-796288,-33481822,15824474,-604426,-9039817]), - y_minus_x: Fe([10330056,70051,7957388,-9002667,9764902,15609756,27698697,-4890037,1657394,3084098]), - xy2d: Fe([10477963,-7470260,12119566,-13250805,29016247,-5365589,31280319,14396151,-30233575,15272409]), - }, - GePrecomp { - y_plus_x: Fe([-12288309,3169463,28813183,16658753,25116432,-5630466,-25173957,-12636138,-25014757,1950504]), - y_minus_x: Fe([-26180358,9489187,11053416,-14746161,-31053720,5825630,-8384306,-8767532,15341279,8373727]), - xy2d: Fe([28685821,7759505,-14378516,-12002860,-31971820,4079242,298136,-10232602,-2878207,15190420]), - }, - GePrecomp { - y_plus_x: Fe([-32932876,13806336,-14337485,-15794431,-24004620,10940928,8669718,2742393,-26033313,-6875003]), - y_minus_x: Fe([-1580388,-11729417,-25979658,-11445023,-17411874,-10912854,9291594,-16247779,-12154742,6048605]), - xy2d: Fe([-30305315,14843444,1539301,11864366,20201677,1900163,13934231,5128323,11213262,9168384]), - }, - GePrecomp { - y_plus_x: Fe([-26280513,11007847,19408960,-940758,-18592965,-4328580,-5088060,-11105150,20470157,-16398701]), - y_minus_x: Fe([-23136053,9282192,14855179,-15390078,-7362815,-14408560,-22783952,14461608,14042978,5230683]), - xy2d: Fe([29969567,-2741594,-16711867,-8552442,9175486,-2468974,21556951,3506042,-5933891,-12449708]), - }, - GePrecomp { - y_plus_x: Fe([-3144746,8744661,19704003,4581278,-20430686,6830683,-21284170,8971513,-28539189,15326563]), - y_minus_x: Fe([-19464629,10110288,-17262528,-3503892,-23500387,1355669,-15523050,15300988,-20514118,9168260]), - xy2d: Fe([-5353335,4488613,-23803248,16314347,7780487,-15638939,-28948358,9601605,33087103,-9011387]), - }, - GePrecomp { - y_plus_x: Fe([-19443170,-15512900,-20797467,-12445323,-29824447,10229461,-27444329,-15000531,-5996870,15664672]), - y_minus_x: Fe([23294591,-16632613,-22650781,-8470978,27844204,11461195,13099750,-2460356,18151676,13417686]), - xy2d: Fe([-24722913,-4176517,-31150679,5988919,-26858785,6685065,1661597,-12551441,15271676,-15452665]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([11433042,-13228665,8239631,-5279517,-1985436,-725718,-18698764,2167544,-6921301,-13440182]), - y_minus_x: Fe([-31436171,15575146,30436815,12192228,-22463353,9395379,-9917708,-8638997,12215110,12028277]), - xy2d: Fe([14098400,6555944,23007258,5757252,-15427832,-12950502,30123440,4617780,-16900089,-655628]), - }, - GePrecomp { - y_plus_x: Fe([-4026201,-15240835,11893168,13718664,-14809462,1847385,-15819999,10154009,23973261,-12684474]), - y_minus_x: Fe([-26531820,-3695990,-1908898,2534301,-31870557,-16550355,18341390,-11419951,32013174,-10103539]), - xy2d: Fe([-25479301,10876443,-11771086,-14625140,-12369567,1838104,21911214,6354752,4425632,-837822]), - }, - GePrecomp { - y_plus_x: Fe([-10433389,-14612966,22229858,-3091047,-13191166,776729,-17415375,-12020462,4725005,14044970]), - y_minus_x: Fe([19268650,-7304421,1555349,8692754,-21474059,-9910664,6347390,-1411784,-19522291,-16109756]), - xy2d: Fe([-24864089,12986008,-10898878,-5558584,-11312371,-148526,19541418,8180106,9282262,10282508]), - }, - GePrecomp { - y_plus_x: Fe([-26205082,4428547,-8661196,-13194263,4098402,-14165257,15522535,8372215,5542595,-10702683]), - y_minus_x: Fe([-10562541,14895633,26814552,-16673850,-17480754,-2489360,-2781891,6993761,-18093885,10114655]), - xy2d: Fe([-20107055,-929418,31422704,10427861,-7110749,6150669,-29091755,-11529146,25953725,-106158]), - }, - GePrecomp { - y_plus_x: Fe([-4234397,-8039292,-9119125,3046000,2101609,-12607294,19390020,6094296,-3315279,12831125]), - y_minus_x: Fe([-15998678,7578152,5310217,14408357,-33548620,-224739,31575954,6326196,7381791,-2421839]), - xy2d: Fe([-20902779,3296811,24736065,-16328389,18374254,7318640,6295303,8082724,-15362489,12339664]), - }, - GePrecomp { - y_plus_x: Fe([27724736,2291157,6088201,-14184798,1792727,5857634,13848414,15768922,25091167,14856294]), - y_minus_x: Fe([-18866652,8331043,24373479,8541013,-701998,-9269457,12927300,-12695493,-22182473,-9012899]), - xy2d: Fe([-11423429,-5421590,11632845,3405020,30536730,-11674039,-27260765,13866390,30146206,9142070]), - }, - GePrecomp { - y_plus_x: Fe([3924129,-15307516,-13817122,-10054960,12291820,-668366,-27702774,9326384,-8237858,4171294]), - y_minus_x: Fe([-15921940,16037937,6713787,16606682,-21612135,2790944,26396185,3731949,345228,-5462949]), - xy2d: Fe([-21327538,13448259,25284571,1143661,20614966,-8849387,2031539,-12391231,-16253183,-13582083]), - }, - GePrecomp { - y_plus_x: Fe([31016211,-16722429,26371392,-14451233,-5027349,14854137,17477601,3842657,28012650,-16405420]), - y_minus_x: Fe([-5075835,9368966,-8562079,-4600902,-15249953,6970560,-9189873,16292057,-8867157,3507940]), - xy2d: Fe([29439664,3537914,23333589,6997794,-17555561,-11018068,-15209202,-15051267,-9164929,6580396]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-12185861,-7679788,16438269,10826160,-8696817,-6235611,17860444,-9273846,-2095802,9304567]), - y_minus_x: Fe([20714564,-4336911,29088195,7406487,11426967,-5095705,14792667,-14608617,5289421,-477127]), - xy2d: Fe([-16665533,-10650790,-6160345,-13305760,9192020,-1802462,17271490,12349094,26939669,-3752294]), - }, - GePrecomp { - y_plus_x: Fe([-12889898,9373458,31595848,16374215,21471720,13221525,-27283495,-12348559,-3698806,117887]), - y_minus_x: Fe([22263325,-6560050,3984570,-11174646,-15114008,-566785,28311253,5358056,-23319780,541964]), - xy2d: Fe([16259219,3261970,2309254,-15534474,-16885711,-4581916,24134070,-16705829,-13337066,-13552195]), - }, - GePrecomp { - y_plus_x: Fe([9378160,-13140186,-22845982,-12745264,28198281,-7244098,-2399684,-717351,690426,14876244]), - y_minus_x: Fe([24977353,-314384,-8223969,-13465086,28432343,-1176353,-13068804,-12297348,-22380984,6618999]), - xy2d: Fe([-1538174,11685646,12944378,13682314,-24389511,-14413193,8044829,-13817328,32239829,-5652762]), - }, - GePrecomp { - y_plus_x: Fe([-18603066,4762990,-926250,8885304,-28412480,-3187315,9781647,-10350059,32779359,5095274]), - y_minus_x: Fe([-33008130,-5214506,-32264887,-3685216,9460461,-9327423,-24601656,14506724,21639561,-2630236]), - xy2d: Fe([-16400943,-13112215,25239338,15531969,3987758,-4499318,-1289502,-6863535,17874574,558605]), - }, - GePrecomp { - y_plus_x: Fe([-13600129,10240081,9171883,16131053,-20869254,9599700,33499487,5080151,2085892,5119761]), - y_minus_x: Fe([-22205145,-2519528,-16381601,414691,-25019550,2170430,30634760,-8363614,-31999993,-5759884]), - xy2d: Fe([-6845704,15791202,8550074,-1312654,29928809,-12092256,27534430,-7192145,-22351378,12961482]), - }, - GePrecomp { - y_plus_x: Fe([-24492060,-9570771,10368194,11582341,-23397293,-2245287,16533930,8206996,-30194652,-5159638]), - y_minus_x: Fe([-11121496,-3382234,2307366,6362031,-135455,8868177,-16835630,7031275,7589640,8945490]), - xy2d: Fe([-32152748,8917967,6661220,-11677616,-1192060,-15793393,7251489,-11182180,24099109,-14456170]), - }, - GePrecomp { - y_plus_x: Fe([5019558,-7907470,4244127,-14714356,-26933272,6453165,-19118182,-13289025,-6231896,-10280736]), - y_minus_x: Fe([10853594,10721687,26480089,5861829,-22995819,1972175,-1866647,-10557898,-3363451,-6441124]), - xy2d: Fe([-17002408,5906790,221599,-6563147,7828208,-13248918,24362661,-2008168,-13866408,7421392]), - }, - GePrecomp { - y_plus_x: Fe([8139927,-6546497,32257646,-5890546,30375719,1886181,-21175108,15441252,28826358,-4123029]), - y_minus_x: Fe([6267086,9695052,7709135,-16603597,-32869068,-1886135,14795160,-7840124,13746021,-1742048]), - xy2d: Fe([28584902,7787108,-6732942,-15050729,22846041,-7571236,-3181936,-363524,4771362,-8419958]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([24949256,6376279,-27466481,-8174608,-18646154,-9930606,33543569,-12141695,3569627,11342593]), - y_minus_x: Fe([26514989,4740088,27912651,3697550,19331575,-11472339,6809886,4608608,7325975,-14801071]), - xy2d: Fe([-11618399,-14554430,-24321212,7655128,-1369274,5214312,-27400540,10258390,-17646694,-8186692]), - }, - GePrecomp { - y_plus_x: Fe([11431204,15823007,26570245,14329124,18029990,4796082,-31446179,15580664,9280358,-3973687]), - y_minus_x: Fe([-160783,-10326257,-22855316,-4304997,-20861367,-13621002,-32810901,-11181622,-15545091,4387441]), - xy2d: Fe([-20799378,12194512,3937617,-5805892,-27154820,9340370,-24513992,8548137,20617071,-7482001]), - }, - GePrecomp { - y_plus_x: Fe([-938825,-3930586,-8714311,16124718,24603125,-6225393,-13775352,-11875822,24345683,10325460]), - y_minus_x: Fe([-19855277,-1568885,-22202708,8714034,14007766,6928528,16318175,-1010689,4766743,3552007]), - xy2d: Fe([-21751364,-16730916,1351763,-803421,-4009670,3950935,3217514,14481909,10988822,-3994762]), - }, - GePrecomp { - y_plus_x: Fe([15564307,-14311570,3101243,5684148,30446780,-8051356,12677127,-6505343,-8295852,13296005]), - y_minus_x: Fe([-9442290,6624296,-30298964,-11913677,-4670981,-2057379,31521204,9614054,-30000824,12074674]), - xy2d: Fe([4771191,-135239,14290749,-13089852,27992298,14998318,-1413936,-1556716,29832613,-16391035]), - }, - GePrecomp { - y_plus_x: Fe([7064884,-7541174,-19161962,-5067537,-18891269,-2912736,25825242,5293297,-27122660,13101590]), - y_minus_x: Fe([-2298563,2439670,-7466610,1719965,-27267541,-16328445,32512469,-5317593,-30356070,-4190957]), - xy2d: Fe([-30006540,10162316,-33180176,3981723,-16482138,-13070044,14413974,9515896,19568978,9628812]), - }, - GePrecomp { - y_plus_x: Fe([33053803,199357,15894591,1583059,27380243,-4580435,-17838894,-6106839,-6291786,3437740]), - y_minus_x: Fe([-18978877,3884493,19469877,12726490,15913552,13614290,-22961733,70104,7463304,4176122]), - xy2d: Fe([-27124001,10659917,11482427,-16070381,12771467,-6635117,-32719404,-5322751,24216882,5944158]), - }, - GePrecomp { - y_plus_x: Fe([8894125,7450974,-2664149,-9765752,-28080517,-12389115,19345746,14680796,11632993,5847885]), - y_minus_x: Fe([26942781,-2315317,9129564,-4906607,26024105,11769399,-11518837,6367194,-9727230,4782140]), - xy2d: Fe([19916461,-4828410,-22910704,-11414391,25606324,-5972441,33253853,8220911,6358847,-1873857]), - }, - GePrecomp { - y_plus_x: Fe([801428,-2081702,16569428,11065167,29875704,96627,7908388,-4480480,-13538503,1387155]), - y_minus_x: Fe([19646058,5720633,-11416706,12814209,11607948,12749789,14147075,15156355,-21866831,11835260]), - xy2d: Fe([19299512,1155910,28703737,14890794,2925026,7269399,26121523,15467869,-26560550,5052483]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-3017432,10058206,1980837,3964243,22160966,12322533,-6431123,-12618185,12228557,-7003677]), - y_minus_x: Fe([32944382,14922211,-22844894,5188528,21913450,-8719943,4001465,13238564,-6114803,8653815]), - xy2d: Fe([22865569,-4652735,27603668,-12545395,14348958,8234005,24808405,5719875,28483275,2841751]), - }, - GePrecomp { - y_plus_x: Fe([-16420968,-1113305,-327719,-12107856,21886282,-15552774,-1887966,-315658,19932058,-12739203]), - y_minus_x: Fe([-11656086,10087521,-8864888,-5536143,-19278573,-3055912,3999228,13239134,-4777469,-13910208]), - xy2d: Fe([1382174,-11694719,17266790,9194690,-13324356,9720081,20403944,11284705,-14013818,3093230]), - }, - GePrecomp { - y_plus_x: Fe([16650921,-11037932,-1064178,1570629,-8329746,7352753,-302424,16271225,-24049421,-6691850]), - y_minus_x: Fe([-21911077,-5927941,-4611316,-5560156,-31744103,-10785293,24123614,15193618,-21652117,-16739389]), - xy2d: Fe([-9935934,-4289447,-25279823,4372842,2087473,10399484,31870908,14690798,17361620,11864968]), - }, - GePrecomp { - y_plus_x: Fe([-11307610,6210372,13206574,5806320,-29017692,-13967200,-12331205,-7486601,-25578460,-16240689]), - y_minus_x: Fe([14668462,-12270235,26039039,15305210,25515617,4542480,10453892,6577524,9145645,-6443880]), - xy2d: Fe([5974874,3053895,-9433049,-10385191,-31865124,3225009,-7972642,3936128,-5652273,-3050304]), - }, - GePrecomp { - y_plus_x: Fe([30625386,-4729400,-25555961,-12792866,-20484575,7695099,17097188,-16303496,-27999779,1803632]), - y_minus_x: Fe([-3553091,9865099,-5228566,4272701,-5673832,-16689700,14911344,12196514,-21405489,7047412]), - xy2d: Fe([20093277,9920966,-11138194,-5343857,13161587,12044805,-32856851,4124601,-32343828,-10257566]), - }, - GePrecomp { - y_plus_x: Fe([-20788824,14084654,-13531713,7842147,19119038,-13822605,4752377,-8714640,-21679658,2288038]), - y_minus_x: Fe([-26819236,-3283715,29965059,3039786,-14473765,2540457,29457502,14625692,-24819617,12570232]), - xy2d: Fe([-1063558,-11551823,16920318,12494842,1278292,-5869109,-21159943,-3498680,-11974704,4724943]), - }, - GePrecomp { - y_plus_x: Fe([17960970,-11775534,-4140968,-9702530,-8876562,-1410617,-12907383,-8659932,-29576300,1903856]), - y_minus_x: Fe([23134274,-14279132,-10681997,-1611936,20684485,15770816,-12989750,3190296,26955097,14109738]), - xy2d: Fe([15308788,5320727,-30113809,-14318877,22902008,7767164,29425325,-11277562,31960942,11934971]), - }, - GePrecomp { - y_plus_x: Fe([-27395711,8435796,4109644,12222639,-24627868,14818669,20638173,4875028,10491392,1379718]), - y_minus_x: Fe([-13159415,9197841,3875503,-8936108,-1383712,-5879801,33518459,16176658,21432314,12180697]), - xy2d: Fe([-11787308,11500838,13787581,-13832590,-22430679,10140205,1465425,12689540,-10301319,-13872883]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([5414091,-15386041,-21007664,9643570,12834970,1186149,-2622916,-1342231,26128231,6032912]), - y_minus_x: Fe([-26337395,-13766162,32496025,-13653919,17847801,-12669156,3604025,8316894,-25875034,-10437358]), - xy2d: Fe([3296484,6223048,24680646,-12246460,-23052020,5903205,-8862297,-4639164,12376617,3188849]), - }, - GePrecomp { - y_plus_x: Fe([29190488,-14659046,27549113,-1183516,3520066,-10697301,32049515,-7309113,-16109234,-9852307]), - y_minus_x: Fe([-14744486,-9309156,735818,-598978,-20407687,-5057904,25246078,-15795669,18640741,-960977]), - xy2d: Fe([-6928835,-16430795,10361374,5642961,4910474,12345252,-31638386,-494430,10530747,1053335]), - }, - GePrecomp { - y_plus_x: Fe([-29265967,-14186805,-13538216,-12117373,-19457059,-10655384,-31462369,-2948985,24018831,15026644]), - y_minus_x: Fe([-22592535,-3145277,-2289276,5953843,-13440189,9425631,25310643,13003497,-2314791,-15145616]), - xy2d: Fe([-27419985,-603321,-8043984,-1669117,-26092265,13987819,-27297622,187899,-23166419,-2531735]), - }, - GePrecomp { - y_plus_x: Fe([-21744398,-13810475,1844840,5021428,-10434399,-15911473,9716667,16266922,-5070217,726099]), - y_minus_x: Fe([29370922,-6053998,7334071,-15342259,9385287,2247707,-13661962,-4839461,30007388,-15823341]), - xy2d: Fe([-936379,16086691,23751945,-543318,-1167538,-5189036,9137109,730663,9835848,4555336]), - }, - GePrecomp { - y_plus_x: Fe([-23376435,1410446,-22253753,-12899614,30867635,15826977,17693930,544696,-11985298,12422646]), - y_minus_x: Fe([31117226,-12215734,-13502838,6561947,-9876867,-12757670,-5118685,-4096706,29120153,13924425]), - xy2d: Fe([-17400879,-14233209,19675799,-2734756,-11006962,-5858820,-9383939,-11317700,7240931,-237388]), - }, - GePrecomp { - y_plus_x: Fe([-31361739,-11346780,-15007447,-5856218,-22453340,-12152771,1222336,4389483,3293637,-15551743]), - y_minus_x: Fe([-16684801,-14444245,11038544,11054958,-13801175,-3338533,-24319580,7733547,12796905,-6335822]), - xy2d: Fe([-8759414,-10817836,-25418864,10783769,-30615557,-9746811,-28253339,3647836,3222231,-11160462]), - }, - GePrecomp { - y_plus_x: Fe([18606113,1693100,-25448386,-15170272,4112353,10045021,23603893,-2048234,-7550776,2484985]), - y_minus_x: Fe([9255317,-3131197,-12156162,-1004256,13098013,-9214866,16377220,-2102812,-19802075,-3034702]), - xy2d: Fe([-22729289,7496160,-5742199,11329249,19991973,-3347502,-31718148,9936966,-30097688,-10618797]), - }, - GePrecomp { - y_plus_x: Fe([21878590,-5001297,4338336,13643897,-3036865,13160960,19708896,5415497,-7360503,-4109293]), - y_minus_x: Fe([27736861,10103576,12500508,8502413,-3413016,-9633558,10436918,-1550276,-23659143,-8132100]), - xy2d: Fe([19492550,-12104365,-29681976,-852630,-3208171,12403437,30066266,8367329,13243957,8709688]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([12015105,2801261,28198131,10151021,24818120,-4743133,-11194191,-5645734,5150968,7274186]), - y_minus_x: Fe([2831366,-12492146,1478975,6122054,23825128,-12733586,31097299,6083058,31021603,-9793610]), - xy2d: Fe([-2529932,-2229646,445613,10720828,-13849527,-11505937,-23507731,16354465,15067285,-14147707]), - }, - GePrecomp { - y_plus_x: Fe([7840942,14037873,-33364863,15934016,-728213,-3642706,21403988,1057586,-19379462,-12403220]), - y_minus_x: Fe([915865,-16469274,15608285,-8789130,-24357026,6060030,-17371319,8410997,-7220461,16527025]), - xy2d: Fe([32922597,-556987,20336074,-16184568,10903705,-5384487,16957574,52992,23834301,6588044]), - }, - GePrecomp { - y_plus_x: Fe([32752030,11232950,3381995,-8714866,22652988,-10744103,17159699,16689107,-20314580,-1305992]), - y_minus_x: Fe([-4689649,9166776,-25710296,-10847306,11576752,12733943,7924251,-2752281,1976123,-7249027]), - xy2d: Fe([21251222,16309901,-2983015,-6783122,30810597,12967303,156041,-3371252,12331345,-8237197]), - }, - GePrecomp { - y_plus_x: Fe([8651614,-4477032,-16085636,-4996994,13002507,2950805,29054427,-5106970,10008136,-4667901]), - y_minus_x: Fe([31486080,15114593,-14261250,12951354,14369431,-7387845,16347321,-13662089,8684155,-10532952]), - xy2d: Fe([19443825,11385320,24468943,-9659068,-23919258,2187569,-26263207,-6086921,31316348,14219878]), - }, - GePrecomp { - y_plus_x: Fe([-28594490,1193785,32245219,11392485,31092169,15722801,27146014,6992409,29126555,9207390]), - y_minus_x: Fe([32382935,1110093,18477781,11028262,-27411763,-7548111,-4980517,10843782,-7957600,-14435730]), - xy2d: Fe([2814918,7836403,27519878,-7868156,-20894015,-11553689,-21494559,8550130,28346258,1994730]), - }, - GePrecomp { - y_plus_x: Fe([-19578299,8085545,-14000519,-3948622,2785838,-16231307,-19516951,7174894,22628102,8115180]), - y_minus_x: Fe([-30405132,955511,-11133838,-15078069,-32447087,-13278079,-25651578,3317160,-9943017,930272]), - xy2d: Fe([-15303681,-6833769,28856490,1357446,23421993,1057177,24091212,-1388970,-22765376,-10650715]), - }, - GePrecomp { - y_plus_x: Fe([-22751231,-5303997,-12907607,-12768866,-15811511,-7797053,-14839018,-16554220,-1867018,8398970]), - y_minus_x: Fe([-31969310,2106403,-4736360,1362501,12813763,16200670,22981545,-6291273,18009408,-15772772]), - xy2d: Fe([-17220923,-9545221,-27784654,14166835,29815394,7444469,29551787,-3727419,19288549,1325865]), - }, - GePrecomp { - y_plus_x: Fe([15100157,-15835752,-23923978,-1005098,-26450192,15509408,12376730,-3479146,33166107,-8042750]), - y_minus_x: Fe([20909231,13023121,-9209752,16251778,-5778415,-8094914,12412151,10018715,2213263,-13878373]), - xy2d: Fe([32529814,-11074689,30361439,-16689753,-9135940,1513226,22922121,6382134,-5766928,8371348]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([9923462,11271500,12616794,3544722,-29998368,-1721626,12891687,-8193132,-26442943,10486144]), - y_minus_x: Fe([-22597207,-7012665,8587003,-8257861,4084309,-12970062,361726,2610596,-23921530,-11455195]), - xy2d: Fe([5408411,-1136691,-4969122,10561668,24145918,14240566,31319731,-4235541,19985175,-3436086]), - }, - GePrecomp { - y_plus_x: Fe([-13994457,16616821,14549246,3341099,32155958,13648976,-17577068,8849297,65030,8370684]), - y_minus_x: Fe([-8320926,-12049626,31204563,5839400,-20627288,-1057277,-19442942,6922164,12743482,-9800518]), - xy2d: Fe([-2361371,12678785,28815050,4759974,-23893047,4884717,23783145,11038569,18800704,255233]), - }, - GePrecomp { - y_plus_x: Fe([-5269658,-1773886,13957886,7990715,23132995,728773,13393847,9066957,19258688,-14753793]), - y_minus_x: Fe([-2936654,-10827535,-10432089,14516793,-3640786,4372541,-31934921,2209390,-1524053,2055794]), - xy2d: Fe([580882,16705327,5468415,-2683018,-30926419,-14696000,-7203346,-8994389,-30021019,7394435]), - }, - GePrecomp { - y_plus_x: Fe([23838809,1822728,-15738443,15242727,8318092,-3733104,-21672180,-3492205,-4821741,14799921]), - y_minus_x: Fe([13345610,9759151,3371034,-16137791,16353039,8577942,31129804,13496856,-9056018,7402518]), - xy2d: Fe([2286874,-4435931,-20042458,-2008336,-13696227,5038122,11006906,-15760352,8205061,1607563]), - }, - GePrecomp { - y_plus_x: Fe([14414086,-8002132,3331830,-3208217,22249151,-5594188,18364661,-2906958,30019587,-9029278]), - y_minus_x: Fe([-27688051,1585953,-10775053,931069,-29120221,-11002319,-14410829,12029093,9944378,8024]), - xy2d: Fe([4368715,-3709630,29874200,-15022983,-20230386,-11410704,-16114594,-999085,-8142388,5640030]), - }, - GePrecomp { - y_plus_x: Fe([10299610,13746483,11661824,16234854,7630238,5998374,9809887,-16694564,15219798,-14327783]), - y_minus_x: Fe([27425505,-5719081,3055006,10660664,23458024,595578,-15398605,-1173195,-18342183,9742717]), - xy2d: Fe([6744077,2427284,26042789,2720740,-847906,1118974,32324614,7406442,12420155,1994844]), - }, - GePrecomp { - y_plus_x: Fe([14012521,-5024720,-18384453,-9578469,-26485342,-3936439,-13033478,-10909803,24319929,-6446333]), - y_minus_x: Fe([16412690,-4507367,10772641,15929391,-17068788,-4658621,10555945,-10484049,-30102368,-4739048]), - xy2d: Fe([22397382,-7767684,-9293161,-12792868,17166287,-9755136,-27333065,6199366,21880021,-12250760]), - }, - GePrecomp { - y_plus_x: Fe([-4283307,5368523,-31117018,8163389,-30323063,3209128,16557151,8890729,8840445,4957760]), - y_minus_x: Fe([-15447727,709327,-6919446,-10870178,-29777922,6522332,-21720181,12130072,-14796503,5005757]), - xy2d: Fe([-2114751,-14308128,23019042,15765735,-25269683,6002752,10183197,-13239326,-16395286,-2176112]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-19025756,1632005,13466291,-7995100,-23640451,16573537,-32013908,-3057104,22208662,2000468]), - y_minus_x: Fe([3065073,-1412761,-25598674,-361432,-17683065,-5703415,-8164212,11248527,-3691214,-7414184]), - xy2d: Fe([10379208,-6045554,8877319,1473647,-29291284,-12507580,16690915,2553332,-3132688,16400289]), - }, - GePrecomp { - y_plus_x: Fe([15716668,1254266,-18472690,7446274,-8448918,6344164,-22097271,-7285580,26894937,9132066]), - y_minus_x: Fe([24158887,12938817,11085297,-8177598,-28063478,-4457083,-30576463,64452,-6817084,-2692882]), - xy2d: Fe([13488534,7794716,22236231,5989356,25426474,-12578208,2350710,-3418511,-4688006,2364226]), - }, - GePrecomp { - y_plus_x: Fe([16335052,9132434,25640582,6678888,1725628,8517937,-11807024,-11697457,15445875,-7798101]), - y_minus_x: Fe([29004207,-7867081,28661402,-640412,-12794003,-7943086,31863255,-4135540,-278050,-15759279]), - xy2d: Fe([-6122061,-14866665,-28614905,14569919,-10857999,-3591829,10343412,-6976290,-29828287,-10815811]), - }, - GePrecomp { - y_plus_x: Fe([27081650,3463984,14099042,-4517604,1616303,-6205604,29542636,15372179,17293797,960709]), - y_minus_x: Fe([20263915,11434237,-5765435,11236810,13505955,-10857102,-16111345,6493122,-19384511,7639714]), - xy2d: Fe([-2830798,-14839232,25403038,-8215196,-8317012,-16173699,18006287,-16043750,29994677,-15808121]), - }, - GePrecomp { - y_plus_x: Fe([9769828,5202651,-24157398,-13631392,-28051003,-11561624,-24613141,-13860782,-31184575,709464]), - y_minus_x: Fe([12286395,13076066,-21775189,-1176622,-25003198,4057652,-32018128,-8890874,16102007,13205847]), - xy2d: Fe([13733362,5599946,10557076,3195751,-5557991,8536970,-25540170,8525972,10151379,10394400]), - }, - GePrecomp { - y_plus_x: Fe([4024660,-16137551,22436262,12276534,-9099015,-2686099,19698229,11743039,-33302334,8934414]), - y_minus_x: Fe([-15879800,-4525240,-8580747,-2934061,14634845,-698278,-9449077,3137094,-11536886,11721158]), - xy2d: Fe([17555939,-5013938,8268606,2331751,-22738815,9761013,9319229,8835153,-9205489,-1280045]), - }, - GePrecomp { - y_plus_x: Fe([-461409,-7830014,20614118,16688288,-7514766,-4807119,22300304,505429,6108462,-6183415]), - y_minus_x: Fe([-5070281,12367917,-30663534,3234473,32617080,-8422642,29880583,-13483331,-26898490,-7867459]), - xy2d: Fe([-31975283,5726539,26934134,10237677,-3173717,-605053,24199304,3795095,7592688,-14992079]), - }, - GePrecomp { - y_plus_x: Fe([21594432,-14964228,17466408,-4077222,32537084,2739898,6407723,12018833,-28256052,4298412]), - y_minus_x: Fe([-20650503,-11961496,-27236275,570498,3767144,-1717540,13891942,-1569194,13717174,10805743]), - xy2d: Fe([-14676630,-15644296,15287174,11927123,24177847,-8175568,-796431,14860609,-26938930,-5863836]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([12962541,5311799,-10060768,11658280,18855286,-7954201,13286263,-12808704,-4381056,9882022]), - y_minus_x: Fe([18512079,11319350,-20123124,15090309,18818594,5271736,-22727904,3666879,-23967430,-3299429]), - xy2d: Fe([-6789020,-3146043,16192429,13241070,15898607,-14206114,-10084880,-6661110,-2403099,5276065]), - }, - GePrecomp { - y_plus_x: Fe([30169808,-5317648,26306206,-11750859,27814964,7069267,7152851,3684982,1449224,13082861]), - y_minus_x: Fe([10342826,3098505,2119311,193222,25702612,12233820,23697382,15056736,-21016438,-8202000]), - xy2d: Fe([-33150110,3261608,22745853,7948688,19370557,-15177665,-26171976,6482814,-10300080,-11060101]), - }, - GePrecomp { - y_plus_x: Fe([32869458,-5408545,25609743,15678670,-10687769,-15471071,26112421,2521008,-22664288,6904815]), - y_minus_x: Fe([29506923,4457497,3377935,-9796444,-30510046,12935080,1561737,3841096,-29003639,-6657642]), - xy2d: Fe([10340844,-6630377,-18656632,-2278430,12621151,-13339055,30878497,-11824370,-25584551,5181966]), - }, - GePrecomp { - y_plus_x: Fe([25940115,-12658025,17324188,-10307374,-8671468,15029094,24396252,-16450922,-2322852,-12388574]), - y_minus_x: Fe([-21765684,9916823,-1300409,4079498,-1028346,11909559,1782390,12641087,20603771,-6561742]), - xy2d: Fe([-18882287,-11673380,24849422,11501709,13161720,-4768874,1925523,11914390,4662781,7820689]), - }, - GePrecomp { - y_plus_x: Fe([12241050,-425982,8132691,9393934,32846760,-1599620,29749456,12172924,16136752,15264020]), - y_minus_x: Fe([-10349955,-14680563,-8211979,2330220,-17662549,-14545780,10658213,6671822,19012087,3772772]), - xy2d: Fe([3753511,-3421066,10617074,2028709,14841030,-6721664,28718732,-15762884,20527771,12988982]), - }, - GePrecomp { - y_plus_x: Fe([-14822485,-5797269,-3707987,12689773,-898983,-10914866,-24183046,-10564943,3299665,-12424953]), - y_minus_x: Fe([-16777703,-15253301,-9642417,4978983,3308785,8755439,6943197,6461331,-25583147,8991218]), - xy2d: Fe([-17226263,1816362,-1673288,-6086439,31783888,-8175991,-32948145,7417950,-30242287,1507265]), - }, - GePrecomp { - y_plus_x: Fe([29692663,6829891,-10498800,4334896,20945975,-11906496,-28887608,8209391,14606362,-10647073]), - y_minus_x: Fe([-3481570,8707081,32188102,5672294,22096700,1711240,-33020695,9761487,4170404,-2085325]), - xy2d: Fe([-11587470,14855945,-4127778,-1531857,-26649089,15084046,22186522,16002000,-14276837,-8400798]), - }, - GePrecomp { - y_plus_x: Fe([-4811456,13761029,-31703877,-2483919,-3312471,7869047,-7113572,-9620092,13240845,10965870]), - y_minus_x: Fe([-7742563,-8256762,-14768334,-13656260,-23232383,12387166,4498947,14147411,29514390,4302863]), - xy2d: Fe([-13413405,-12407859,20757302,-13801832,14785143,8976368,-5061276,-2144373,17846988,-13971927]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-2244452,-754728,-4597030,-1066309,-6247172,1455299,-21647728,-9214789,-5222701,12650267]), - y_minus_x: Fe([-9906797,-16070310,21134160,12198166,-27064575,708126,387813,13770293,-19134326,10958663]), - xy2d: Fe([22470984,12369526,23446014,-5441109,-21520802,-9698723,-11772496,-11574455,-25083830,4271862]), - }, - GePrecomp { - y_plus_x: Fe([-25169565,-10053642,-19909332,15361595,-5984358,2159192,75375,-4278529,-32526221,8469673]), - y_minus_x: Fe([15854970,4148314,-8893890,7259002,11666551,13824734,-30531198,2697372,24154791,-9460943]), - xy2d: Fe([15446137,-15806644,29759747,14019369,30811221,-9610191,-31582008,12840104,24913809,9815020]), - }, - GePrecomp { - y_plus_x: Fe([-4709286,-5614269,-31841498,-12288893,-14443537,10799414,-9103676,13438769,18735128,9466238]), - y_minus_x: Fe([11933045,9281483,5081055,-5183824,-2628162,-4905629,-7727821,-10896103,-22728655,16199064]), - xy2d: Fe([14576810,379472,-26786533,-8317236,-29426508,-10812974,-102766,1876699,30801119,2164795]), - }, - GePrecomp { - y_plus_x: Fe([15995086,3199873,13672555,13712240,-19378835,-4647646,-13081610,-15496269,-13492807,1268052]), - y_minus_x: Fe([-10290614,-3659039,-3286592,10948818,23037027,3794475,-3470338,-12600221,-17055369,3565904]), - xy2d: Fe([29210088,-9419337,-5919792,-4952785,10834811,-13327726,-16512102,-10820713,-27162222,-14030531]), - }, - GePrecomp { - y_plus_x: Fe([-13161890,15508588,16663704,-8156150,-28349942,9019123,-29183421,-3769423,2244111,-14001979]), - y_minus_x: Fe([-5152875,-3800936,-9306475,-6071583,16243069,14684434,-25673088,-16180800,13491506,4641841]), - xy2d: Fe([10813417,643330,-19188515,-728916,30292062,-16600078,27548447,-7721242,14476989,-12767431]), - }, - GePrecomp { - y_plus_x: Fe([10292079,9984945,6481436,8279905,-7251514,7032743,27282937,-1644259,-27912810,12651324]), - y_minus_x: Fe([-31185513,-813383,22271204,11835308,10201545,15351028,17099662,3988035,21721536,-3148940]), - xy2d: Fe([10202177,-6545839,-31373232,-9574638,-32150642,-8119683,-12906320,3852694,13216206,14842320]), - }, - GePrecomp { - y_plus_x: Fe([-15815640,-10601066,-6538952,-7258995,-6984659,-6581778,-31500847,13765824,-27434397,9900184]), - y_minus_x: Fe([14465505,-13833331,-32133984,-14738873,-27443187,12990492,33046193,15796406,-7051866,-8040114]), - xy2d: Fe([30924417,-8279620,6359016,-12816335,16508377,9071735,-25488601,15413635,9524356,-7018878]), - }, - GePrecomp { - y_plus_x: Fe([12274201,-13175547,32627641,-1785326,6736625,13267305,5237659,-5109483,15663516,4035784]), - y_minus_x: Fe([-2951309,8903985,17349946,601635,-16432815,-4612556,-13732739,-15889334,-22258478,4659091]), - xy2d: Fe([-16916263,-4952973,-30393711,-15158821,20774812,15897498,5736189,15026997,-2178256,-13455585]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-8858980,-2219056,28571666,-10155518,-474467,-10105698,-3801496,278095,23440562,-290208]), - y_minus_x: Fe([10226241,-5928702,15139956,120818,-14867693,5218603,32937275,11551483,-16571960,-7442864]), - xy2d: Fe([17932739,-12437276,-24039557,10749060,11316803,7535897,22503767,5561594,-3646624,3898661]), - }, - GePrecomp { - y_plus_x: Fe([7749907,-969567,-16339731,-16464,-25018111,15122143,-1573531,7152530,21831162,1245233]), - y_minus_x: Fe([26958459,-14658026,4314586,8346991,-5677764,11960072,-32589295,-620035,-30402091,-16716212]), - xy2d: Fe([-12165896,9166947,33491384,13673479,29787085,13096535,6280834,14587357,-22338025,13987525]), - }, - GePrecomp { - y_plus_x: Fe([-24349909,7778775,21116000,15572597,-4833266,-5357778,-4300898,-5124639,-7469781,-2858068]), - y_minus_x: Fe([9681908,-6737123,-31951644,13591838,-6883821,386950,31622781,6439245,-14581012,4091397]), - xy2d: Fe([-8426427,1470727,-28109679,-1596990,3978627,-5123623,-19622683,12092163,29077877,-14741988]), - }, - GePrecomp { - y_plus_x: Fe([5269168,-6859726,-13230211,-8020715,25932563,1763552,-5606110,-5505881,-20017847,2357889]), - y_minus_x: Fe([32264008,-15407652,-5387735,-1160093,-2091322,-3946900,23104804,-12869908,5727338,189038]), - xy2d: Fe([14609123,-8954470,-6000566,-16622781,-14577387,-7743898,-26745169,10942115,-25888931,-14884697]), - }, - GePrecomp { - y_plus_x: Fe([20513500,5557931,-15604613,7829531,26413943,-2019404,-21378968,7471781,13913677,-5137875]), - y_minus_x: Fe([-25574376,11967826,29233242,12948236,-6754465,4713227,-8940970,14059180,12878652,8511905]), - xy2d: Fe([-25656801,3393631,-2955415,-7075526,-2250709,9366908,-30223418,6812974,5568676,-3127656]), - }, - GePrecomp { - y_plus_x: Fe([11630004,12144454,2116339,13606037,27378885,15676917,-17408753,-13504373,-14395196,8070818]), - y_minus_x: Fe([27117696,-10007378,-31282771,-5570088,1127282,12772488,-29845906,10483306,-11552749,-1028714]), - xy2d: Fe([10637467,-5688064,5674781,1072708,-26343588,-6982302,-1683975,9177853,-27493162,15431203]), - }, - GePrecomp { - y_plus_x: Fe([20525145,10892566,-12742472,12779443,-29493034,16150075,-28240519,14943142,-15056790,-7935931]), - y_minus_x: Fe([-30024462,5626926,-551567,-9981087,753598,11981191,25244767,-3239766,-3356550,9594024]), - xy2d: Fe([-23752644,2636870,-5163910,-10103818,585134,7877383,11345683,-6492290,13352335,-10977084]), - }, - GePrecomp { - y_plus_x: Fe([-1931799,-5407458,3304649,-12884869,17015806,-4877091,-29783850,-7752482,-13215537,-319204]), - y_minus_x: Fe([20239939,6607058,6203985,3483793,-18386976,-779229,-20723742,15077870,-22750759,14523817]), - xy2d: Fe([27406042,-6041657,27423596,-4497394,4996214,10002360,-28842031,-4545494,-30172742,-4805667]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([11374242,12660715,17861383,-12540833,10935568,1099227,-13886076,-9091740,-27727044,11358504]), - y_minus_x: Fe([-12730809,10311867,1510375,10778093,-2119455,-9145702,32676003,11149336,-26123651,4985768]), - xy2d: Fe([-19096303,341147,-6197485,-239033,15756973,-8796662,-983043,13794114,-19414307,-15621255]), - }, - GePrecomp { - y_plus_x: Fe([6490081,11940286,25495923,-7726360,8668373,-8751316,3367603,6970005,-1691065,-9004790]), - y_minus_x: Fe([1656497,13457317,15370807,6364910,13605745,8362338,-19174622,-5475723,-16796596,-5031438]), - xy2d: Fe([-22273315,-13524424,-64685,-4334223,-18605636,-10921968,-20571065,-7007978,-99853,-10237333]), - }, - GePrecomp { - y_plus_x: Fe([17747465,10039260,19368299,-4050591,-20630635,-16041286,31992683,-15857976,-29260363,-5511971]), - y_minus_x: Fe([31932027,-4986141,-19612382,16366580,22023614,88450,11371999,-3744247,4882242,-10626905]), - xy2d: Fe([29796507,37186,19818052,10115756,-11829032,3352736,18551198,3272828,-5190932,-4162409]), - }, - GePrecomp { - y_plus_x: Fe([12501286,4044383,-8612957,-13392385,-32430052,5136599,-19230378,-3529697,330070,-3659409]), - y_minus_x: Fe([6384877,2899513,17807477,7663917,-2358888,12363165,25366522,-8573892,-271295,12071499]), - xy2d: Fe([-8365515,-4042521,25133448,-4517355,-6211027,2265927,-32769618,1936675,-5159697,3829363]), - }, - GePrecomp { - y_plus_x: Fe([28425966,-5835433,-577090,-4697198,-14217555,6870930,7921550,-6567787,26333140,14267664]), - y_minus_x: Fe([-11067219,11871231,27385719,-10559544,-4585914,-11189312,10004786,-8709488,-21761224,8930324]), - xy2d: Fe([-21197785,-16396035,25654216,-1725397,12282012,11008919,1541940,4757911,-26491501,-16408940]), - }, - GePrecomp { - y_plus_x: Fe([13537262,-7759490,-20604840,10961927,-5922820,-13218065,-13156584,6217254,-15943699,13814990]), - y_minus_x: Fe([-17422573,15157790,18705543,29619,24409717,-260476,27361681,9257833,-1956526,-1776914]), - xy2d: Fe([-25045300,-10191966,15366585,15166509,-13105086,8423556,-29171540,12361135,-18685978,4578290]), - }, - GePrecomp { - y_plus_x: Fe([24579768,3711570,1342322,-11180126,-27005135,14124956,-22544529,14074919,21964432,8235257]), - y_minus_x: Fe([-6528613,-2411497,9442966,-5925588,12025640,-1487420,-2981514,-1669206,13006806,2355433]), - xy2d: Fe([-16304899,-13605259,-6632427,-5142349,16974359,-10911083,27202044,1719366,1141648,-12796236]), - }, - GePrecomp { - y_plus_x: Fe([-12863944,-13219986,-8318266,-11018091,-6810145,-4843894,13475066,-3133972,32674895,13715045]), - y_minus_x: Fe([11423335,-5468059,32344216,8962751,24989809,9241752,-13265253,16086212,-28740881,-15642093]), - xy2d: Fe([-1409668,12530728,-6368726,10847387,19531186,-14132160,-11709148,7791794,-27245943,4383347]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-28970898,5271447,-1266009,-9736989,-12455236,16732599,-4862407,-4906449,27193557,6245191]), - y_minus_x: Fe([-15193956,5362278,-1783893,2695834,4960227,12840725,23061898,3260492,22510453,8577507]), - xy2d: Fe([-12632451,11257346,-32692994,13548177,-721004,10879011,31168030,13952092,-29571492,-3635906]), - }, - GePrecomp { - y_plus_x: Fe([3877321,-9572739,32416692,5405324,-11004407,-13656635,3759769,11935320,5611860,8164018]), - y_minus_x: Fe([-16275802,14667797,15906460,12155291,-22111149,-9039718,32003002,-8832289,5773085,-8422109]), - xy2d: Fe([-23788118,-8254300,1950875,8937633,18686727,16459170,-905725,12376320,31632953,190926]), - }, - GePrecomp { - y_plus_x: Fe([-24593607,-16138885,-8423991,13378746,14162407,6901328,-8288749,4508564,-25341555,-3627528]), - y_minus_x: Fe([8884438,-5884009,6023974,10104341,-6881569,-4941533,18722941,-14786005,-1672488,827625]), - xy2d: Fe([-32720583,-16289296,-32503547,7101210,13354605,2659080,-1800575,-14108036,-24878478,1541286]), - }, - GePrecomp { - y_plus_x: Fe([2901347,-1117687,3880376,-10059388,-17620940,-3612781,-21802117,-3567481,20456845,-1885033]), - y_minus_x: Fe([27019610,12299467,-13658288,-1603234,-12861660,-4861471,-19540150,-5016058,29439641,15138866]), - xy2d: Fe([21536104,-6626420,-32447818,-10690208,-22408077,5175814,-5420040,-16361163,7779328,109896]), - }, - GePrecomp { - y_plus_x: Fe([30279744,14648750,-8044871,6425558,13639621,-743509,28698390,12180118,23177719,-554075]), - y_minus_x: Fe([26572847,3405927,-31701700,12890905,-19265668,5335866,-6493768,2378492,4439158,-13279347]), - xy2d: Fe([-22716706,3489070,-9225266,-332753,18875722,-1140095,14819434,-12731527,-17717757,-5461437]), - }, - GePrecomp { - y_plus_x: Fe([-5056483,16566551,15953661,3767752,-10436499,15627060,-820954,2177225,8550082,-15114165]), - y_minus_x: Fe([-18473302,16596775,-381660,15663611,22860960,15585581,-27844109,-3582739,-23260460,-8428588]), - xy2d: Fe([-32480551,15707275,-8205912,-5652081,29464558,2713815,-22725137,15860482,-21902570,1494193]), - }, - GePrecomp { - y_plus_x: Fe([-19562091,-14087393,-25583872,-9299552,13127842,759709,21923482,16529112,8742704,12967017]), - y_minus_x: Fe([-28464899,1553205,32536856,-10473729,-24691605,-406174,-8914625,-2933896,-29903758,15553883]), - xy2d: Fe([21877909,3230008,9881174,10539357,-4797115,2841332,11543572,14513274,19375923,-12647961]), - }, - GePrecomp { - y_plus_x: Fe([8832269,-14495485,13253511,5137575,5037871,4078777,24880818,-6222716,2862653,9455043]), - y_minus_x: Fe([29306751,5123106,20245049,-14149889,9592566,8447059,-2077124,-2990080,15511449,4789663]), - xy2d: Fe([-20679756,7004547,8824831,-9434977,-4045704,-3750736,-5754762,108893,23513200,16652362]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-33256173,4144782,-4476029,-6579123,10770039,-7155542,-6650416,-12936300,-18319198,10212860]), - y_minus_x: Fe([2756081,8598110,7383731,-6859892,22312759,-1105012,21179801,2600940,-9988298,-12506466]), - xy2d: Fe([-24645692,13317462,-30449259,-15653928,21365574,-10869657,11344424,864440,-2499677,-16710063]), - }, - GePrecomp { - y_plus_x: Fe([-26432803,6148329,-17184412,-14474154,18782929,-275997,-22561534,211300,2719757,4940997]), - y_minus_x: Fe([-1323882,3911313,-6948744,14759765,-30027150,7851207,21690126,8518463,26699843,5276295]), - xy2d: Fe([-13149873,-6429067,9396249,365013,24703301,-10488939,1321586,149635,-15452774,7159369]), - }, - GePrecomp { - y_plus_x: Fe([9987780,-3404759,17507962,9505530,9731535,-2165514,22356009,8312176,22477218,-8403385]), - y_minus_x: Fe([18155857,-16504990,19744716,9006923,15154154,-10538976,24256460,-4864995,-22548173,9334109]), - xy2d: Fe([2986088,-4911893,10776628,-3473844,10620590,-7083203,-21413845,14253545,-22587149,536906]), - }, - GePrecomp { - y_plus_x: Fe([4377756,8115836,24567078,15495314,11625074,13064599,7390551,10589625,10838060,-15420424]), - y_minus_x: Fe([-19342404,867880,9277171,-3218459,-14431572,-1986443,19295826,-15796950,6378260,699185]), - xy2d: Fe([7895026,4057113,-7081772,-13077756,-17886831,-323126,-716039,15693155,-5045064,-13373962]), - }, - GePrecomp { - y_plus_x: Fe([-7737563,-5869402,-14566319,-7406919,11385654,13201616,31730678,-10962840,-3918636,-9669325]), - y_minus_x: Fe([10188286,-15770834,-7336361,13427543,22223443,14896287,30743455,7116568,-21786507,5427593]), - xy2d: Fe([696102,13206899,27047647,-10632082,15285305,-9853179,10798490,-4578720,19236243,12477404]), - }, - GePrecomp { - y_plus_x: Fe([-11229439,11243796,-17054270,-8040865,-788228,-8167967,-3897669,11180504,-23169516,7733644]), - y_minus_x: Fe([17800790,-14036179,-27000429,-11766671,23887827,3149671,23466177,-10538171,10322027,15313801]), - xy2d: Fe([26246234,11968874,32263343,-5468728,6830755,-13323031,-15794704,-101982,-24449242,10890804]), - }, - GePrecomp { - y_plus_x: Fe([-31365647,10271363,-12660625,-6267268,16690207,-13062544,-14982212,16484931,25180797,-5334884]), - y_minus_x: Fe([-586574,10376444,-32586414,-11286356,19801893,10997610,2276632,9482883,316878,13820577]), - xy2d: Fe([-9882808,-4510367,-2115506,16457136,-11100081,11674996,30756178,-7515054,30696930,-3712849]), - }, - GePrecomp { - y_plus_x: Fe([32988917,-9603412,12499366,7910787,-10617257,-11931514,-7342816,-9985397,-32349517,7392473]), - y_minus_x: Fe([-8855661,15927861,9866406,-3649411,-2396914,-16655781,-30409476,-9134995,25112947,-2926644]), - xy2d: Fe([-2504044,-436966,25621774,-5678772,15085042,-5479877,-24884878,-13526194,5537438,-13914319]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-11225584,2320285,-9584280,10149187,-33444663,5808648,-14876251,-1729667,31234590,6090599]), - y_minus_x: Fe([-9633316,116426,26083934,2897444,-6364437,-2688086,609721,15878753,-6970405,-9034768]), - xy2d: Fe([-27757857,247744,-15194774,-9002551,23288161,-10011936,-23869595,6503646,20650474,1804084]), - }, - GePrecomp { - y_plus_x: Fe([-27589786,15456424,8972517,8469608,15640622,4439847,3121995,-10329713,27842616,-202328]), - y_minus_x: Fe([-15306973,2839644,22530074,10026331,4602058,5048462,28248656,5031932,-11375082,12714369]), - xy2d: Fe([20807691,-7270825,29286141,11421711,-27876523,-13868230,-21227475,1035546,-19733229,12796920]), - }, - GePrecomp { - y_plus_x: Fe([12076899,-14301286,-8785001,-11848922,-25012791,16400684,-17591495,-12899438,3480665,-15182815]), - y_minus_x: Fe([-32361549,5457597,28548107,7833186,7303070,-11953545,-24363064,-15921875,-33374054,2771025]), - xy2d: Fe([-21389266,421932,26597266,6860826,22486084,-6737172,-17137485,-4210226,-24552282,15673397]), - }, - GePrecomp { - y_plus_x: Fe([-20184622,2338216,19788685,-9620956,-4001265,-8740893,-20271184,4733254,3727144,-12934448]), - y_minus_x: Fe([6120119,814863,-11794402,-622716,6812205,-15747771,2019594,7975683,31123697,-10958981]), - xy2d: Fe([30069250,-11435332,30434654,2958439,18399564,-976289,12296869,9204260,-16432438,9648165]), - }, - GePrecomp { - y_plus_x: Fe([32705432,-1550977,30705658,7451065,-11805606,9631813,3305266,5248604,-26008332,-11377501]), - y_minus_x: Fe([17219865,2375039,-31570947,-5575615,-19459679,9219903,294711,15298639,2662509,-16297073]), - xy2d: Fe([-1172927,-7558695,-4366770,-4287744,-21346413,-8434326,32087529,-1222777,32247248,-14389861]), - }, - GePrecomp { - y_plus_x: Fe([14312628,1221556,17395390,-8700143,-4945741,-8684635,-28197744,-9637817,-16027623,-13378845]), - y_minus_x: Fe([-1428825,-9678990,-9235681,6549687,-7383069,-468664,23046502,9803137,17597934,2346211]), - xy2d: Fe([18510800,15337574,26171504,981392,-22241552,7827556,-23491134,-11323352,3059833,-11782870]), - }, - GePrecomp { - y_plus_x: Fe([10141598,6082907,17829293,-1947643,9830092,13613136,-25556636,-5544586,-33502212,3592096]), - y_minus_x: Fe([33114168,-15889352,-26525686,-13343397,33076705,8716171,1151462,1521897,-982665,-6837803]), - xy2d: Fe([-32939165,-4255815,23947181,-324178,-33072974,-12305637,-16637686,3891704,26353178,693168]), - }, - GePrecomp { - y_plus_x: Fe([30374239,1595580,-16884039,13186931,4600344,406904,9585294,-400668,31375464,14369965]), - y_minus_x: Fe([-14370654,-7772529,1510301,6434173,-18784789,-6262728,32732230,-13108839,17901441,16011505]), - xy2d: Fe([18171223,-11934626,-12500402,15197122,-11038147,-15230035,-19172240,-16046376,8764035,12309598]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([5975908,-5243188,-19459362,-9681747,-11541277,14015782,-23665757,1228319,17544096,-10593782]), - y_minus_x: Fe([5811932,-1715293,3442887,-2269310,-18367348,-8359541,-18044043,-15410127,-5565381,12348900]), - xy2d: Fe([-31399660,11407555,25755363,6891399,-3256938,14872274,-24849353,8141295,-10632534,-585479]), - }, - GePrecomp { - y_plus_x: Fe([-12675304,694026,-5076145,13300344,14015258,-14451394,-9698672,-11329050,30944593,1130208]), - y_minus_x: Fe([8247766,-6710942,-26562381,-7709309,-14401939,-14648910,4652152,2488540,23550156,-271232]), - xy2d: Fe([17294316,-3788438,7026748,15626851,22990044,113481,2267737,-5908146,-408818,-137719]), - }, - GePrecomp { - y_plus_x: Fe([16091085,-16253926,18599252,7340678,2137637,-1221657,-3364161,14550936,3260525,-7166271]), - y_minus_x: Fe([-4910104,-13332887,18550887,10864893,-16459325,-7291596,-23028869,-13204905,-12748722,2701326]), - xy2d: Fe([-8574695,16099415,4629974,-16340524,-20786213,-6005432,-10018363,9276971,11329923,1862132]), - }, - GePrecomp { - y_plus_x: Fe([14763076,-15903608,-30918270,3689867,3511892,10313526,-21951088,12219231,-9037963,-940300]), - y_minus_x: Fe([8894987,-3446094,6150753,3013931,301220,15693451,-31981216,-2909717,-15438168,11595570]), - xy2d: Fe([15214962,3537601,-26238722,-14058872,4418657,-15230761,13947276,10730794,-13489462,-4363670]), - }, - GePrecomp { - y_plus_x: Fe([-2538306,7682793,32759013,263109,-29984731,-7955452,-22332124,-10188635,977108,699994]), - y_minus_x: Fe([-12466472,4195084,-9211532,550904,-15565337,12917920,19118110,-439841,-30534533,-14337913]), - xy2d: Fe([31788461,-14507657,4799989,7372237,8808585,-14747943,9408237,-10051775,12493932,-5409317]), - }, - GePrecomp { - y_plus_x: Fe([-25680606,5260744,-19235809,-6284470,-3695942,16566087,27218280,2607121,29375955,6024730]), - y_minus_x: Fe([842132,-2794693,-4763381,-8722815,26332018,-12405641,11831880,6985184,-9940361,2854096]), - xy2d: Fe([-4847262,-7969331,2516242,-5847713,9695691,-7221186,16512645,960770,12121869,16648078]), - }, - GePrecomp { - y_plus_x: Fe([-15218652,14667096,-13336229,2013717,30598287,-464137,-31504922,-7882064,20237806,2838411]), - y_minus_x: Fe([-19288047,4453152,15298546,-16178388,22115043,-15972604,12544294,-13470457,1068881,-12499905]), - xy2d: Fe([-9558883,-16518835,33238498,13506958,30505848,-1114596,-8486907,-2630053,12521378,4845654]), - }, - GePrecomp { - y_plus_x: Fe([-28198521,10744108,-2958380,10199664,7759311,-13088600,3409348,-873400,-6482306,-12885870]), - y_minus_x: Fe([-23561822,6230156,-20382013,10655314,-24040585,-11621172,10477734,-1240216,-3113227,13974498]), - xy2d: Fe([12966261,15550616,-32038948,-1615346,21025980,-629444,5642325,7188737,18895762,12629579]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([14741879,-14946887,22177208,-11721237,1279741,8058600,11758140,789443,32195181,3895677]), - y_minus_x: Fe([10758205,15755439,-4509950,9243698,-4879422,6879879,-2204575,-3566119,-8982069,4429647]), - xy2d: Fe([-2453894,15725973,-20436342,-10410672,-5803908,-11040220,-7135870,-11642895,18047436,-15281743]), - }, - GePrecomp { - y_plus_x: Fe([-25173001,-11307165,29759956,11776784,-22262383,-15820455,10993114,-12850837,-17620701,-9408468]), - y_minus_x: Fe([21987233,700364,-24505048,14972008,-7774265,-5718395,32155026,2581431,-29958985,8773375]), - xy2d: Fe([-25568350,454463,-13211935,16126715,25240068,8594567,20656846,12017935,-7874389,-13920155]), - }, - GePrecomp { - y_plus_x: Fe([6028182,6263078,-31011806,-11301710,-818919,2461772,-31841174,-5468042,-1721788,-2776725]), - y_minus_x: Fe([-12278994,16624277,987579,-5922598,32908203,1248608,7719845,-4166698,28408820,6816612]), - xy2d: Fe([-10358094,-8237829,19549651,-12169222,22082623,16147817,20613181,13982702,-10339570,5067943]), - }, - GePrecomp { - y_plus_x: Fe([-30505967,-3821767,12074681,13582412,-19877972,2443951,-19719286,12746132,5331210,-10105944]), - y_minus_x: Fe([30528811,3601899,-1957090,4619785,-27361822,-15436388,24180793,-12570394,27679908,-1648928]), - xy2d: Fe([9402404,-13957065,32834043,10838634,-26580150,-13237195,26653274,-8685565,22611444,-12715406]), - }, - GePrecomp { - y_plus_x: Fe([22190590,1118029,22736441,15130463,-30460692,-5991321,19189625,-4648942,4854859,6622139]), - y_minus_x: Fe([-8310738,-2953450,-8262579,-3388049,-10401731,-271929,13424426,-3567227,26404409,13001963]), - xy2d: Fe([-31241838,-15415700,-2994250,8939346,11562230,-12840670,-26064365,-11621720,-15405155,11020693]), - }, - GePrecomp { - y_plus_x: Fe([1866042,-7949489,-7898649,-10301010,12483315,13477547,3175636,-12424163,28761762,1406734]), - y_minus_x: Fe([-448555,-1777666,13018551,3194501,-9580420,-11161737,24760585,-4347088,25577411,-13378680]), - xy2d: Fe([-24290378,4759345,-690653,-1852816,2066747,10693769,-29595790,9884936,-9368926,4745410]), - }, - GePrecomp { - y_plus_x: Fe([-9141284,6049714,-19531061,-4341411,-31260798,9944276,-15462008,-11311852,10931924,-11931931]), - y_minus_x: Fe([-16561513,14112680,-8012645,4817318,-8040464,-11414606,-22853429,10856641,-20470770,13434654]), - xy2d: Fe([22759489,-10073434,-16766264,-1871422,13637442,-10168091,1765144,-12654326,28445307,-5364710]), - }, - GePrecomp { - y_plus_x: Fe([29875063,12493613,2795536,-3786330,1710620,15181182,-10195717,-8788675,9074234,1167180]), - y_minus_x: Fe([-26205683,11014233,-9842651,-2635485,-26908120,7532294,-18716888,-9535498,3843903,9367684]), - xy2d: Fe([-10969595,-6403711,9591134,9582310,11349256,108879,16235123,8601684,-139197,4242895]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([22092954,-13191123,-2042793,-11968512,32186753,-11517388,-6574341,2470660,-27417366,16625501]), - y_minus_x: Fe([-11057722,3042016,13770083,-9257922,584236,-544855,-7770857,2602725,-27351616,14247413]), - xy2d: Fe([6314175,-10264892,-32772502,15957557,-10157730,168750,-8618807,14290061,27108877,-1180880]), - }, - GePrecomp { - y_plus_x: Fe([-8586597,-7170966,13241782,10960156,-32991015,-13794596,33547976,-11058889,-27148451,981874]), - y_minus_x: Fe([22833440,9293594,-32649448,-13618667,-9136966,14756819,-22928859,-13970780,-10479804,-16197962]), - xy2d: Fe([-7768587,3326786,-28111797,10783824,19178761,14905060,22680049,13906969,-15933690,3797899]), - }, - GePrecomp { - y_plus_x: Fe([21721356,-4212746,-12206123,9310182,-3882239,-13653110,23740224,-2709232,20491983,-8042152]), - y_minus_x: Fe([9209270,-15135055,-13256557,-6167798,-731016,15289673,25947805,15286587,30997318,-6703063]), - xy2d: Fe([7392032,16618386,23946583,-8039892,-13265164,-1533858,-14197445,-2321576,17649998,-250080]), - }, - GePrecomp { - y_plus_x: Fe([-9301088,-14193827,30609526,-3049543,-25175069,-1283752,-15241566,-9525724,-2233253,7662146]), - y_minus_x: Fe([-17558673,1763594,-33114336,15908610,-30040870,-12174295,7335080,-8472199,-3174674,3440183]), - xy2d: Fe([-19889700,-5977008,-24111293,-9688870,10799743,-16571957,40450,-4431835,4862400,1133]), - }, - GePrecomp { - y_plus_x: Fe([-32856209,-7873957,-5422389,14860950,-16319031,7956142,7258061,311861,-30594991,-7379421]), - y_minus_x: Fe([-3773428,-1565936,28985340,7499440,24445838,9325937,29727763,16527196,18278453,15405622]), - xy2d: Fe([-4381906,8508652,-19898366,-3674424,-5984453,15149970,-13313598,843523,-21875062,13626197]), - }, - GePrecomp { - y_plus_x: Fe([2281448,-13487055,-10915418,-2609910,1879358,16164207,-10783882,3953792,13340839,15928663]), - y_minus_x: Fe([31727126,-7179855,-18437503,-8283652,2875793,-16390330,-25269894,-7014826,-23452306,5964753]), - xy2d: Fe([4100420,-5959452,-17179337,6017714,-18705837,12227141,-26684835,11344144,2538215,-7570755]), - }, - GePrecomp { - y_plus_x: Fe([-9433605,6123113,11159803,-2156608,30016280,14966241,-20474983,1485421,-629256,-15958862]), - y_minus_x: Fe([-26804558,4260919,11851389,9658551,-32017107,16367492,-20205425,-13191288,11659922,-11115118]), - xy2d: Fe([26180396,10015009,-30844224,-8581293,5418197,9480663,2231568,-10170080,33100372,-1306171]), - }, - GePrecomp { - y_plus_x: Fe([15121113,-5201871,-10389905,15427821,-27509937,-15992507,21670947,4486675,-5931810,-14466380]), - y_minus_x: Fe([16166486,-9483733,-11104130,6023908,-31926798,-1364923,2340060,-16254968,-10735770,-10039824]), - xy2d: Fe([28042865,-3557089,-12126526,12259706,-3717498,-6945899,6766453,-8689599,18036436,5803270]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-817581,6763912,11803561,1585585,10958447,-2671165,23855391,4598332,-6159431,-14117438]), - y_minus_x: Fe([-31031306,-14256194,17332029,-2383520,31312682,-5967183,696309,50292,-20095739,11763584]), - xy2d: Fe([-594563,-2514283,-32234153,12643980,12650761,14811489,665117,-12613632,-19773211,-10713562]), - }, - GePrecomp { - y_plus_x: Fe([30464590,-11262872,-4127476,-12734478,19835327,-7105613,-24396175,2075773,-17020157,992471]), - y_minus_x: Fe([18357185,-6994433,7766382,16342475,-29324918,411174,14578841,8080033,-11574335,-10601610]), - xy2d: Fe([19598397,10334610,12555054,2555664,18821899,-10339780,21873263,16014234,26224780,16452269]), - }, - GePrecomp { - y_plus_x: Fe([-30223925,5145196,5944548,16385966,3976735,2009897,-11377804,-7618186,-20533829,3698650]), - y_minus_x: Fe([14187449,3448569,-10636236,-10810935,-22663880,-3433596,7268410,-10890444,27394301,12015369]), - xy2d: Fe([19695761,16087646,28032085,12999827,6817792,11427614,20244189,-1312777,-13259127,-3402461]), - }, - GePrecomp { - y_plus_x: Fe([30860103,12735208,-1888245,-4699734,-16974906,2256940,-8166013,12298312,-8550524,-10393462]), - y_minus_x: Fe([-5719826,-11245325,-1910649,15569035,26642876,-7587760,-5789354,-15118654,-4976164,12651793]), - xy2d: Fe([-2848395,9953421,11531313,-5282879,26895123,-12697089,-13118820,-16517902,9768698,-2533218]), - }, - GePrecomp { - y_plus_x: Fe([-24719459,1894651,-287698,-4704085,15348719,-8156530,32767513,12765450,4940095,10678226]), - y_minus_x: Fe([18860224,15980149,-18987240,-1562570,-26233012,-11071856,-7843882,13944024,-24372348,16582019]), - xy2d: Fe([-15504260,4970268,-29893044,4175593,-20993212,-2199756,-11704054,15444560,-11003761,7989037]), - }, - GePrecomp { - y_plus_x: Fe([31490452,5568061,-2412803,2182383,-32336847,4531686,-32078269,6200206,-19686113,-14800171]), - y_minus_x: Fe([-17308668,-15879940,-31522777,-2831,-32887382,16375549,8680158,-16371713,28550068,-6857132]), - xy2d: Fe([-28126887,-5688091,16837845,-1820458,-6850681,12700016,-30039981,4364038,1155602,5988841]), - }, - GePrecomp { - y_plus_x: Fe([21890435,-13272907,-12624011,12154349,-7831873,15300496,23148983,-4470481,24618407,8283181]), - y_minus_x: Fe([-33136107,-10512751,9975416,6841041,-31559793,16356536,3070187,-7025928,1466169,10740210]), - xy2d: Fe([-1509399,-15488185,-13503385,-10655916,32799044,909394,-13938903,-5779719,-32164649,-15327040]), - }, - GePrecomp { - y_plus_x: Fe([3960823,-14267803,-28026090,-15918051,-19404858,13146868,15567327,951507,-3260321,-573935]), - y_minus_x: Fe([24740841,5052253,-30094131,8961361,25877428,6165135,-24368180,14397372,-7380369,-6144105]), - xy2d: Fe([-28888365,3510803,-28103278,-1158478,-11238128,-10631454,-15441463,-14453128,-1625486,-6494814]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([793299,-9230478,8836302,-6235707,-27360908,-2369593,33152843,-4885251,-9906200,-621852]), - y_minus_x: Fe([5666233,525582,20782575,-8038419,-24538499,14657740,16099374,1468826,-6171428,-15186581]), - xy2d: Fe([-4859255,-3779343,-2917758,-6748019,7778750,11688288,-30404353,-9871238,-1558923,-9863646]), - }, - GePrecomp { - y_plus_x: Fe([10896332,-7719704,824275,472601,-19460308,3009587,25248958,14783338,-30581476,-15757844]), - y_minus_x: Fe([10566929,12612572,-31944212,11118703,-12633376,12362879,21752402,8822496,24003793,14264025]), - xy2d: Fe([27713862,-7355973,-11008240,9227530,27050101,2504721,23886875,-13117525,13958495,-5732453]), - }, - GePrecomp { - y_plus_x: Fe([-23481610,4867226,-27247128,3900521,29838369,-8212291,-31889399,-10041781,7340521,-15410068]), - y_minus_x: Fe([4646514,-8011124,-22766023,-11532654,23184553,8566613,31366726,-1381061,-15066784,-10375192]), - xy2d: Fe([-17270517,12723032,-16993061,14878794,21619651,-6197576,27584817,3093888,-8843694,3849921]), - }, - GePrecomp { - y_plus_x: Fe([-9064912,2103172,25561640,-15125738,-5239824,9582958,32477045,-9017955,5002294,-15550259]), - y_minus_x: Fe([-12057553,-11177906,21115585,-13365155,8808712,-12030708,16489530,13378448,-25845716,12741426]), - xy2d: Fe([-5946367,10645103,-30911586,15390284,-3286982,-7118677,24306472,15852464,28834118,-7646072]), - }, - GePrecomp { - y_plus_x: Fe([-17335748,-9107057,-24531279,9434953,-8472084,-583362,-13090771,455841,20461858,5491305]), - y_minus_x: Fe([13669248,-16095482,-12481974,-10203039,-14569770,-11893198,-24995986,11293807,-28588204,-9421832]), - xy2d: Fe([28497928,6272777,-33022994,14470570,8906179,-1225630,18504674,-14165166,29867745,-8795943]), - }, - GePrecomp { - y_plus_x: Fe([-16207023,13517196,-27799630,-13697798,24009064,-6373891,-6367600,-13175392,22853429,-4012011]), - y_minus_x: Fe([24191378,16712145,-13931797,15217831,14542237,1646131,18603514,-11037887,12876623,-2112447]), - xy2d: Fe([17902668,4518229,-411702,-2829247,26878217,5258055,-12860753,608397,16031844,3723494]), - }, - GePrecomp { - y_plus_x: Fe([-28632773,12763728,-20446446,7577504,33001348,-13017745,17558842,-7872890,23896954,-4314245]), - y_minus_x: Fe([-20005381,-12011952,31520464,605201,2543521,5991821,-2945064,7229064,-9919646,-8826859]), - xy2d: Fe([28816045,298879,-28165016,-15920938,19000928,-1665890,-12680833,-2949325,-18051778,-2082915]), - }, - GePrecomp { - y_plus_x: Fe([16000882,-344896,3493092,-11447198,-29504595,-13159789,12577740,16041268,-19715240,7847707]), - y_minus_x: Fe([10151868,10572098,27312476,7922682,14825339,4723128,-32855931,-6519018,-10020567,3852848]), - xy2d: Fe([-11430470,15697596,-21121557,-4420647,5386314,15063598,16514493,-15932110,29330899,-15076224]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-25499735,-4378794,-15222908,-6901211,16615731,2051784,3303702,15490,-27548796,12314391]), - y_minus_x: Fe([15683520,-6003043,18109120,-9980648,15337968,-5997823,-16717435,15921866,16103996,-3731215]), - xy2d: Fe([-23169824,-10781249,13588192,-1628807,-3798557,-1074929,-19273607,5402699,-29815713,-9841101]), - }, - GePrecomp { - y_plus_x: Fe([23190676,2384583,-32714340,3462154,-29903655,-1529132,-11266856,8911517,-25205859,2739713]), - y_minus_x: Fe([21374101,-3554250,-33524649,9874411,15377179,11831242,-33529904,6134907,4931255,11987849]), - xy2d: Fe([-7732,-2978858,-16223486,7277597,105524,-322051,-31480539,13861388,-30076310,10117930]), - }, - GePrecomp { - y_plus_x: Fe([-29501170,-10744872,-26163768,13051539,-25625564,5089643,-6325503,6704079,12890019,15728940]), - y_minus_x: Fe([-21972360,-11771379,-951059,-4418840,14704840,2695116,903376,-10428139,12885167,8311031]), - xy2d: Fe([-17516482,5352194,10384213,-13811658,7506451,13453191,26423267,4384730,1888765,-5435404]), - }, - GePrecomp { - y_plus_x: Fe([-25817338,-3107312,-13494599,-3182506,30896459,-13921729,-32251644,-12707869,-19464434,-3340243]), - y_minus_x: Fe([-23607977,-2665774,-526091,4651136,5765089,4618330,6092245,14845197,17151279,-9854116]), - xy2d: Fe([-24830458,-12733720,-15165978,10367250,-29530908,-265356,22825805,-7087279,-16866484,16176525]), - }, - GePrecomp { - y_plus_x: Fe([-23583256,6564961,20063689,3798228,-4740178,7359225,2006182,-10363426,-28746253,-10197509]), - y_minus_x: Fe([-10626600,-4486402,-13320562,-5125317,3432136,-6393229,23632037,-1940610,32808310,1099883]), - xy2d: Fe([15030977,5768825,-27451236,-2887299,-6427378,-15361371,-15277896,-6809350,2051441,-15225865]), - }, - GePrecomp { - y_plus_x: Fe([-3362323,-7239372,7517890,9824992,23555850,295369,5148398,-14154188,-22686354,16633660]), - y_minus_x: Fe([4577086,-16752288,13249841,-15304328,19958763,-14537274,18559670,-10759549,8402478,-9864273]), - xy2d: Fe([-28406330,-1051581,-26790155,-907698,-17212414,-11030789,9453451,-14980072,17983010,9967138]), - }, - GePrecomp { - y_plus_x: Fe([-25762494,6524722,26585488,9969270,24709298,1220360,-1677990,7806337,17507396,3651560]), - y_minus_x: Fe([-10420457,-4118111,14584639,15971087,-15768321,8861010,26556809,-5574557,-18553322,-11357135]), - xy2d: Fe([2839101,14284142,4029895,3472686,14402957,12689363,-26642121,8459447,-5605463,-7621941]), - }, - GePrecomp { - y_plus_x: Fe([-4839289,-3535444,9744961,2871048,25113978,3187018,-25110813,-849066,17258084,-7977739]), - y_minus_x: Fe([18164541,-10595176,-17154882,-1542417,19237078,-9745295,23357533,-15217008,26908270,12150756]), - xy2d: Fe([-30264870,-7647865,5112249,-7036672,-1499807,-6974257,43168,-5537701,-32302074,16215819]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-6898905,9824394,-12304779,-4401089,-31397141,-6276835,32574489,12532905,-7503072,-8675347]), - y_minus_x: Fe([-27343522,-16515468,-27151524,-10722951,946346,16291093,254968,7168080,21676107,-1943028]), - xy2d: Fe([21260961,-8424752,-16831886,-11920822,-23677961,3968121,-3651949,-6215466,-3556191,-7913075]), - }, - GePrecomp { - y_plus_x: Fe([16544754,13250366,-16804428,15546242,-4583003,12757258,-2462308,-8680336,-18907032,-9662799]), - y_minus_x: Fe([-2415239,-15577728,18312303,4964443,-15272530,-12653564,26820651,16690659,25459437,-4564609]), - xy2d: Fe([-25144690,11425020,28423002,-11020557,-6144921,-15826224,9142795,-2391602,-6432418,-1644817]), - }, - GePrecomp { - y_plus_x: Fe([-23104652,6253476,16964147,-3768872,-25113972,-12296437,-27457225,-16344658,6335692,7249989]), - y_minus_x: Fe([-30333227,13979675,7503222,-12368314,-11956721,-4621693,-30272269,2682242,25993170,-12478523]), - xy2d: Fe([4364628,5930691,32304656,-10044554,-8054781,15091131,22857016,-10598955,31820368,15075278]), - }, - GePrecomp { - y_plus_x: Fe([31879134,-8918693,17258761,90626,-8041836,-4917709,24162788,-9650886,-17970238,12833045]), - y_minus_x: Fe([19073683,14851414,-24403169,-11860168,7625278,11091125,-19619190,2074449,-9413939,14905377]), - xy2d: Fe([24483667,-11935567,-2518866,-11547418,-1553130,15355506,-25282080,9253129,27628530,-7555480]), - }, - GePrecomp { - y_plus_x: Fe([17597607,8340603,19355617,552187,26198470,-3176583,4593324,-9157582,-14110875,15297016]), - y_minus_x: Fe([510886,14337390,-31785257,16638632,6328095,2713355,-20217417,-11864220,8683221,2921426]), - xy2d: Fe([18606791,11874196,27155355,-5281482,-24031742,6265446,-25178240,-1278924,4674690,13890525]), - }, - GePrecomp { - y_plus_x: Fe([13609624,13069022,-27372361,-13055908,24360586,9592974,14977157,9835105,4389687,288396]), - y_minus_x: Fe([9922506,-519394,13613107,5883594,-18758345,-434263,-12304062,8317628,23388070,16052080]), - xy2d: Fe([12720016,11937594,-31970060,-5028689,26900120,8561328,-20155687,-11632979,-14754271,-10812892]), - }, - GePrecomp { - y_plus_x: Fe([15961858,14150409,26716931,-665832,-22794328,13603569,11829573,7467844,-28822128,929275]), - y_minus_x: Fe([11038231,-11582396,-27310482,-7316562,-10498527,-16307831,-23479533,-9371869,-21393143,2465074]), - xy2d: Fe([20017163,-4323226,27915242,1529148,12396362,15675764,13817261,-9658066,2463391,-4622140]), - }, - GePrecomp { - y_plus_x: Fe([-16358878,-12663911,-12065183,4996454,-1256422,1073572,9583558,12851107,4003896,12673717]), - y_minus_x: Fe([-1731589,-15155870,-3262930,16143082,19294135,13385325,14741514,-9103726,7903886,2348101]), - xy2d: Fe([24536016,-16515207,12715592,-3862155,1511293,10047386,-3842346,-7129159,-28377538,10048127]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-12622226,-6204820,30718825,2591312,-10617028,12192840,18873298,-7297090,-32297756,15221632]), - y_minus_x: Fe([-26478122,-11103864,11546244,-1852483,9180880,7656409,-21343950,2095755,29769758,6593415]), - xy2d: Fe([-31994208,-2907461,4176912,3264766,12538965,-868111,26312345,-6118678,30958054,8292160]), - }, - GePrecomp { - y_plus_x: Fe([31429822,-13959116,29173532,15632448,12174511,-2760094,32808831,3977186,26143136,-3148876]), - y_minus_x: Fe([22648901,1402143,-22799984,13746059,7936347,365344,-8668633,-1674433,-3758243,-2304625]), - xy2d: Fe([-15491917,8012313,-2514730,-12702462,-23965846,-10254029,-1612713,-1535569,-16664475,8194478]), - }, - GePrecomp { - y_plus_x: Fe([27338066,-7507420,-7414224,10140405,-19026427,-6589889,27277191,8855376,28572286,3005164]), - y_minus_x: Fe([26287124,4821776,25476601,-4145903,-3764513,-15788984,-18008582,1182479,-26094821,-13079595]), - xy2d: Fe([-7171154,3178080,23970071,6201893,-17195577,-4489192,-21876275,-13982627,32208683,-1198248]), - }, - GePrecomp { - y_plus_x: Fe([-16657702,2817643,-10286362,14811298,6024667,13349505,-27315504,-10497842,-27672585,-11539858]), - y_minus_x: Fe([15941029,-9405932,-21367050,8062055,31876073,-238629,-15278393,-1444429,15397331,-4130193]), - xy2d: Fe([8934485,-13485467,-23286397,-13423241,-32446090,14047986,31170398,-1441021,-27505566,15087184]), - }, - GePrecomp { - y_plus_x: Fe([-18357243,-2156491,24524913,-16677868,15520427,-6360776,-15502406,11461896,16788528,-5868942]), - y_minus_x: Fe([-1947386,16013773,21750665,3714552,-17401782,-16055433,-3770287,-10323320,31322514,-11615635]), - xy2d: Fe([21426655,-5650218,-13648287,-5347537,-28812189,-4920970,-18275391,-14621414,13040862,-12112948]), - }, - GePrecomp { - y_plus_x: Fe([11293895,12478086,-27136401,15083750,-29307421,14748872,14555558,-13417103,1613711,4896935]), - y_minus_x: Fe([-25894883,15323294,-8489791,-8057900,25967126,-13425460,2825960,-4897045,-23971776,-11267415]), - xy2d: Fe([-15924766,-5229880,-17443532,6410664,3622847,10243618,20615400,12405433,-23753030,-8436416]), - }, - GePrecomp { - y_plus_x: Fe([-7091295,12556208,-20191352,9025187,-17072479,4333801,4378436,2432030,23097949,-566018]), - y_minus_x: Fe([4565804,-16025654,20084412,-7842817,1724999,189254,24767264,10103221,-18512313,2424778]), - xy2d: Fe([366633,-11976806,8173090,-6890119,30788634,5745705,-7168678,1344109,-3642553,12412659]), - }, - GePrecomp { - y_plus_x: Fe([-24001791,7690286,14929416,-168257,-32210835,-13412986,24162697,-15326504,-3141501,11179385]), - y_minus_x: Fe([18289522,-14724954,8056945,16430056,-21729724,7842514,-6001441,-1486897,-18684645,-11443503]), - xy2d: Fe([476239,6601091,-6152790,-9723375,17503545,-4863900,27672959,13403813,11052904,5219329]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([20678546,-8375738,-32671898,8849123,-5009758,14574752,31186971,-3973730,9014762,-8579056]), - y_minus_x: Fe([-13644050,-10350239,-15962508,5075808,-1514661,-11534600,-33102500,9160280,8473550,-3256838]), - xy2d: Fe([24900749,14435722,17209120,-15292541,-22592275,9878983,-7689309,-16335821,-24568481,11788948]), - }, - GePrecomp { - y_plus_x: Fe([-3118155,-11395194,-13802089,14797441,9652448,-6845904,-20037437,10410733,-24568470,-1458691]), - y_minus_x: Fe([-15659161,16736706,-22467150,10215878,-9097177,7563911,11871841,-12505194,-18513325,8464118]), - xy2d: Fe([-23400612,8348507,-14585951,-861714,-3950205,-6373419,14325289,8628612,33313881,-8370517]), - }, - GePrecomp { - y_plus_x: Fe([-20186973,-4967935,22367356,5271547,-1097117,-4788838,-24805667,-10236854,-8940735,-5818269]), - y_minus_x: Fe([-6948785,-1795212,-32625683,-16021179,32635414,-7374245,15989197,-12838188,28358192,-4253904]), - xy2d: Fe([-23561781,-2799059,-32351682,-1661963,-9147719,10429267,-16637684,4072016,-5351664,5596589]), - }, - GePrecomp { - y_plus_x: Fe([-28236598,-3390048,12312896,6213178,3117142,16078565,29266239,2557221,1768301,15373193]), - y_minus_x: Fe([-7243358,-3246960,-4593467,-7553353,-127927,-912245,-1090902,-4504991,-24660491,3442910]), - xy2d: Fe([-30210571,5124043,14181784,8197961,18964734,-11939093,22597931,7176455,-18585478,13365930]), - }, - GePrecomp { - y_plus_x: Fe([-7877390,-1499958,8324673,4690079,6261860,890446,24538107,-8570186,-9689599,-3031667]), - y_minus_x: Fe([25008904,-10771599,-4305031,-9638010,16265036,15721635,683793,-11823784,15723479,-15163481]), - xy2d: Fe([-9660625,12374379,-27006999,-7026148,-7724114,-12314514,11879682,5400171,519526,-1235876]), - }, - GePrecomp { - y_plus_x: Fe([22258397,-16332233,-7869817,14613016,-22520255,-2950923,-20353881,7315967,16648397,7605640]), - y_minus_x: Fe([-8081308,-8464597,-8223311,9719710,19259459,-15348212,23994942,-5281555,-9468848,4763278]), - xy2d: Fe([-21699244,9220969,-15730624,1084137,-25476107,-2852390,31088447,-7764523,-11356529,728112]), - }, - GePrecomp { - y_plus_x: Fe([26047220,-11751471,-6900323,-16521798,24092068,9158119,-4273545,-12555558,-29365436,-5498272]), - y_minus_x: Fe([17510331,-322857,5854289,8403524,17133918,-3112612,-28111007,12327945,10750447,10014012]), - xy2d: Fe([-10312768,3936952,9156313,-8897683,16498692,-994647,-27481051,-666732,3424691,7540221]), - }, - GePrecomp { - y_plus_x: Fe([30322361,-6964110,11361005,-4143317,7433304,4989748,-7071422,-16317219,-9244265,15258046]), - y_minus_x: Fe([13054562,-2779497,19155474,469045,-12482797,4566042,5631406,2711395,1062915,-5136345]), - xy2d: Fe([-19240248,-11254599,-29509029,-7499965,-5835763,13005411,-6066489,12194497,32960380,1459310]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([19852034,7027924,23669353,10020366,8586503,-6657907,394197,-6101885,18638003,-11174937]), - y_minus_x: Fe([31395534,15098109,26581030,8030562,-16527914,-5007134,9012486,-7584354,-6643087,-5442636]), - xy2d: Fe([-9192165,-2347377,-1997099,4529534,25766844,607986,-13222,9677543,-32294889,-6456008]), - }, - GePrecomp { - y_plus_x: Fe([-2444496,-149937,29348902,8186665,1873760,12489863,-30934579,-7839692,-7852844,-8138429]), - y_minus_x: Fe([-15236356,-15433509,7766470,746860,26346930,-10221762,-27333451,10754588,-9431476,5203576]), - xy2d: Fe([31834314,14135496,-770007,5159118,20917671,-16768096,-7467973,-7337524,31809243,7347066]), - }, - GePrecomp { - y_plus_x: Fe([-9606723,-11874240,20414459,13033986,13716524,-11691881,19797970,-12211255,15192876,-2087490]), - y_minus_x: Fe([-12663563,-2181719,1168162,-3804809,26747877,-14138091,10609330,12694420,33473243,-13382104]), - xy2d: Fe([33184999,11180355,15832085,-11385430,-1633671,225884,15089336,-11023903,-6135662,14480053]), - }, - GePrecomp { - y_plus_x: Fe([31308717,-5619998,31030840,-1897099,15674547,-6582883,5496208,13685227,27595050,8737275]), - y_minus_x: Fe([-20318852,-15150239,10933843,-16178022,8335352,-7546022,-31008351,-12610604,26498114,66511]), - xy2d: Fe([22644454,-8761729,-16671776,4884562,-3105614,-13559366,30540766,-4286747,-13327787,-7515095]), - }, - GePrecomp { - y_plus_x: Fe([-28017847,9834845,18617207,-2681312,-3401956,-13307506,8205540,13585437,-17127465,15115439]), - y_minus_x: Fe([23711543,-672915,31206561,-8362711,6164647,-9709987,-33535882,-1426096,8236921,16492939]), - xy2d: Fe([-23910559,-13515526,-26299483,-4503841,25005590,-7687270,19574902,10071562,6708380,-6222424]), - }, - GePrecomp { - y_plus_x: Fe([2101391,-4930054,19702731,2367575,-15427167,1047675,5301017,9328700,29955601,-11678310]), - y_minus_x: Fe([3096359,9271816,-21620864,-15521844,-14847996,-7592937,-25892142,-12635595,-9917575,6216608]), - xy2d: Fe([-32615849,338663,-25195611,2510422,-29213566,-13820213,24822830,-6146567,-26767480,7525079]), - }, - GePrecomp { - y_plus_x: Fe([-23066649,-13985623,16133487,-7896178,-3389565,778788,-910336,-2782495,-19386633,11994101]), - y_minus_x: Fe([21691500,-13624626,-641331,-14367021,3285881,-3483596,-25064666,9718258,-7477437,13381418]), - xy2d: Fe([18445390,-4202236,14979846,11622458,-1727110,-3582980,23111648,-6375247,28535282,15779576]), - }, - GePrecomp { - y_plus_x: Fe([30098053,3089662,-9234387,16662135,-21306940,11308411,-14068454,12021730,9955285,-16303356]), - y_minus_x: Fe([9734894,-14576830,-7473633,-9138735,2060392,11313496,-18426029,9924399,20194861,13380996]), - xy2d: Fe([-26378102,-7965207,-22167821,15789297,-18055342,-6168792,-1984914,15707771,26342023,10146099]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([-26016874,-219943,21339191,-41388,19745256,-2878700,-29637280,2227040,21612326,-545728]), - y_minus_x: Fe([-13077387,1184228,23562814,-5970442,-20351244,-6348714,25764461,12243797,-20856566,11649658]), - xy2d: Fe([-10031494,11262626,27384172,2271902,26947504,-15997771,39944,6114064,33514190,2333242]), - }, - GePrecomp { - y_plus_x: Fe([-21433588,-12421821,8119782,7219913,-21830522,-9016134,-6679750,-12670638,24350578,-13450001]), - y_minus_x: Fe([-4116307,-11271533,-23886186,4843615,-30088339,690623,-31536088,-10406836,8317860,12352766]), - xy2d: Fe([18200138,-14475911,-33087759,-2696619,-23702521,-9102511,-23552096,-2287550,20712163,6719373]), - }, - GePrecomp { - y_plus_x: Fe([26656208,6075253,-7858556,1886072,-28344043,4262326,11117530,-3763210,26224235,-3297458]), - y_minus_x: Fe([-17168938,-14854097,-3395676,-16369877,-19954045,14050420,21728352,9493610,18620611,-16428628]), - xy2d: Fe([-13323321,13325349,11432106,5964811,18609221,6062965,-5269471,-9725556,-30701573,-16479657]), - }, - GePrecomp { - y_plus_x: Fe([-23860538,-11233159,26961357,1640861,-32413112,-16737940,12248509,-5240639,13735342,1934062]), - y_minus_x: Fe([25089769,6742589,17081145,-13406266,21909293,-16067981,-15136294,-3765346,-21277997,5473616]), - xy2d: Fe([31883677,-7961101,1083432,-11572403,22828471,13290673,-7125085,12469656,29111212,-5451014]), - }, - GePrecomp { - y_plus_x: Fe([24244947,-15050407,-26262976,2791540,-14997599,16666678,24367466,6388839,-10295587,452383]), - y_minus_x: Fe([-25640782,-3417841,5217916,16224624,19987036,-4082269,-24236251,-5915248,15766062,8407814]), - xy2d: Fe([-20406999,13990231,15495425,16395525,5377168,15166495,-8917023,-4388953,-8067909,2276718]), - }, - GePrecomp { - y_plus_x: Fe([30157918,12924066,-17712050,9245753,19895028,3368142,-23827587,5096219,22740376,-7303417]), - y_minus_x: Fe([2041139,-14256350,7783687,13876377,-25946985,-13352459,24051124,13742383,-15637599,13295222]), - xy2d: Fe([33338237,-8505733,12532113,7977527,9106186,-1715251,-17720195,-4612972,-4451357,-14669444]), - }, - GePrecomp { - y_plus_x: Fe([-20045281,5454097,-14346548,6447146,28862071,1883651,-2469266,-4141880,7770569,9620597]), - y_minus_x: Fe([23208068,7979712,33071466,8149229,1758231,-10834995,30945528,-1694323,-33502340,-14767970]), - xy2d: Fe([1439958,-16270480,-1079989,-793782,4625402,10647766,-5043801,1220118,30494170,-11440799]), - }, - GePrecomp { - y_plus_x: Fe([-5037580,-13028295,-2970559,-3061767,15640974,-6701666,-26739026,926050,-1684339,-13333647]), - y_minus_x: Fe([13908495,-3549272,30919928,-6273825,-21521863,7989039,9021034,9078865,3353509,4033511]), - xy2d: Fe([-29663431,-15113610,32259991,-344482,24295849,-12912123,23161163,8839127,27485041,7356032]), - }, -], -[ - GePrecomp { - y_plus_x: Fe([9661027,705443,11980065,-5370154,-1628543,14661173,-6346142,2625015,28431036,-16771834]), - y_minus_x: Fe([-23839233,-8311415,-25945511,7480958,-17681669,-8354183,-22545972,14150565,15970762,4099461]), - xy2d: Fe([29262576,16756590,26350592,-8793563,8529671,-11208050,13617293,-9937143,11465739,8317062]), - }, - GePrecomp { - y_plus_x: Fe([-25493081,-6962928,32500200,-9419051,-23038724,-2302222,14898637,3848455,20969334,-5157516]), - y_minus_x: Fe([-20384450,-14347713,-18336405,13884722,-33039454,2842114,-21610826,-3649888,11177095,14989547]), - xy2d: Fe([-24496721,-11716016,16959896,2278463,12066309,10137771,13515641,2581286,-28487508,9930240]), - }, - GePrecomp { - y_plus_x: Fe([-17751622,-2097826,16544300,-13009300,-15914807,-14949081,18345767,-13403753,16291481,-5314038]), - y_minus_x: Fe([-33229194,2553288,32678213,9875984,8534129,6889387,-9676774,6957617,4368891,9788741]), - xy2d: Fe([16660756,7281060,-10830758,12911820,20108584,-8101676,-21722536,-8613148,16250552,-11111103]), - }, - GePrecomp { - y_plus_x: Fe([-19765507,2390526,-16551031,14161980,1905286,6414907,4689584,10604807,-30190403,4782747]), - y_minus_x: Fe([-1354539,14736941,-7367442,-13292886,7710542,-14155590,-9981571,4383045,22546403,437323]), - xy2d: Fe([31665577,-12180464,-16186830,1491339,-18368625,3294682,27343084,2786261,-30633590,-14097016]), - }, - GePrecomp { - y_plus_x: Fe([-14467279,-683715,-33374107,7448552,19294360,14334329,-19690631,2355319,-19284671,-6114373]), - y_minus_x: Fe([15121312,-15796162,6377020,-6031361,-10798111,-12957845,18952177,15496498,-29380133,11754228]), - xy2d: Fe([-2637277,-13483075,8488727,-14303896,12728761,-1622493,7141596,11724556,22761615,-10134141]), - }, - GePrecomp { - y_plus_x: Fe([16918416,11729663,-18083579,3022987,-31015732,-13339659,-28741185,-12227393,32851222,11717399]), - y_minus_x: Fe([11166634,7338049,-6722523,4531520,-29468672,-7302055,31474879,3483633,-1193175,-4030831]), - xy2d: Fe([-185635,9921305,31456609,-13536438,-12013818,13348923,33142652,6546660,-19985279,-3948376]), - }, - GePrecomp { - y_plus_x: Fe([-32460596,11266712,-11197107,-7899103,31703694,3855903,-8537131,-12833048,-30772034,-15486313]), - y_minus_x: Fe([-18006477,12709068,3991746,-6479188,-21491523,-10550425,-31135347,-16049879,10928917,3011958]), - xy2d: Fe([-6957757,-15594337,31696059,334240,29576716,14796075,-30831056,-12805180,18008031,10258577]), - }, - GePrecomp { - y_plus_x: Fe([-22448644,15655569,7018479,-4410003,-30314266,-1201591,-1853465,1367120,25127874,6671743]), - y_minus_x: Fe([29701166,-14373934,-10878120,9279288,-17568,13127210,21382910,11042292,25838796,4642684]), - xy2d: Fe([-20430234,14955537,-24126347,8124619,-5369288,-5990470,30468147,-13900640,18423289,4177476]), - }, -], -]; diff --git a/rcw/src/digest.rs b/rcw/src/digest.rs deleted file mode 100644 index fffef77..0000000 --- a/rcw/src/digest.rs +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2012-2013 The Rust Project Developers. See the COPYRIGHT -// file at the top-level directory of this distribution and at -// http://rust-lang.org/COPYRIGHT. -// -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use std::iter::repeat; - -static CHARS: &'static[u8] = b"0123456789abcdef"; - -/** - * The Digest trait specifies an interface common to digest functions, such as SHA-1 and the SHA-2 - * family of digest functions. - */ -pub trait Digest { - /** - * Provide message data. - * - * # Arguments - * - * * input - A vector of message data - */ - fn input(&mut self, input: &[u8]); - - /** - * Retrieve the digest result. This method may be called multiple times. - * - * # Arguments - * - * * out - the vector to hold the result. Must be large enough to contain output_bits(). - */ - fn result(&mut self, out: &mut [u8]); - - /** - * Reset the digest. This method must be called after result() and before supplying more - * data. - */ - fn reset(&mut self); - - /** - * Get the output size in bits. - */ - fn output_bits(&self) -> usize; - - /** - * Get the output size in bytes. - */ - fn output_bytes(&self) -> usize { - (self.output_bits() + 7) / 8 - } - - /** - * Get the block size in bytes. - */ - fn block_size(&self) -> usize; - - /** - * Convenience function that feeds a string into a digest. - * - * # Arguments - * - * * `input` The string to feed into the digest - */ - fn input_str(&mut self, input: &str) { - self.input(input.as_bytes()); - } - - /** - * Convenience function that retrieves the result of a digest as a - * String in hexadecimal format. - */ - fn result_str(&mut self) -> String { - //use serialize::hex::ToHex; - - let mut buf: Vec = repeat(0).take((self.output_bits()+7)/8).collect(); - self.result(&mut buf); - - // inline buf[..].to_hex() - let mut v = Vec::with_capacity(buf.len() * 2); - for &byte in buf.iter() { - v.push(CHARS[(byte >> 4) as usize]); - v.push(CHARS[(byte & 0xf) as usize]); - } - - unsafe { - String::from_utf8_unchecked(v) - } - - } -} diff --git a/rcw/src/ed25519.rs b/rcw/src/ed25519.rs deleted file mode 100644 index 2a28998..0000000 --- a/rcw/src/ed25519.rs +++ /dev/null @@ -1,319 +0,0 @@ -use digest::Digest; -use sha2::{Sha512}; -use curve25519::{GeP2, GeP3, ge_scalarmult_base, sc_reduce, sc_muladd, curve25519, Fe}; -use util::{fixed_time_eq}; -use std::ops::{Add, Sub, Mul}; - -static L: [u8; 32] = - [ 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6, - 0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed ]; - -pub fn keypair(seed: &[u8]) -> ([u8; 64], [u8; 32]) { - let mut secret: [u8; 64] = { - let mut hash_output: [u8; 64] = [0; 64]; - let mut hasher = Sha512::new(); - hasher.input(seed); - hasher.result(&mut hash_output); - hash_output[0] &= 248; - hash_output[31] &= 63; - hash_output[31] |= 64; - hash_output - }; - - let a = ge_scalarmult_base(&secret[0..32]); - let public_key = a.to_bytes(); - for (dest, src) in (&mut secret[32..64]).iter_mut().zip(public_key.iter()) { - *dest = *src; - } - for (dest, src) in (&mut secret[0..32]).iter_mut().zip(seed.iter()) { - *dest = *src; - } - (secret, public_key) -} - -pub fn signature(message: &[u8], secret_key: &[u8]) -> [u8; 64] { - let seed = &secret_key[0..32]; - let public_key = &secret_key[32..64]; - let az: [u8; 64] = { - let mut hash_output: [u8; 64] = [0; 64]; - let mut hasher = Sha512::new(); - hasher.input(seed); - hasher.result(&mut hash_output); - hash_output[0] &= 248; - hash_output[31] &= 63; - hash_output[31] |= 64; - hash_output - }; - - let nonce = { - let mut hash_output: [u8; 64] = [0; 64]; - let mut hasher = Sha512::new(); - hasher.input(&az[32..64]); - hasher.input(message); - hasher.result(&mut hash_output); - sc_reduce(&mut hash_output[0..64]); - hash_output - }; - - let mut signature: [u8; 64] = [0; 64]; - let r: GeP3 = ge_scalarmult_base(&nonce[0..32]); - for (result_byte, source_byte) in (&mut signature[0..32]).iter_mut().zip(r.to_bytes().iter()) { - *result_byte = *source_byte; - } - for (result_byte, source_byte) in (&mut signature[32..64]).iter_mut().zip(public_key.iter()) { - *result_byte = *source_byte; - } - - { - let mut hasher = Sha512::new(); - hasher.input(signature.as_ref()); - hasher.input(message); - let mut hram: [u8; 64] = [0; 64]; - hasher.result(&mut hram); - sc_reduce(&mut hram); - sc_muladd(&mut signature[32..64], &hram[0..32], &az[0..32], &nonce[0..32]); - } - - signature -} - -pub fn to_public(extended_secret: &[u8]) -> [u8;32] { - let a = ge_scalarmult_base(&extended_secret[0..32]); - let public_key = a.to_bytes(); - public_key -} - -pub fn signature_extended(message: &[u8], extended_secret: &[u8]) -> [u8; 64] { - let public_key = to_public(extended_secret); - - let nonce = { - let mut hash_output: [u8; 64] = [0; 64]; - let mut hasher = Sha512::new(); - hasher.input(&extended_secret[32..64]); - hasher.input(message); - hasher.result(&mut hash_output); - sc_reduce(&mut hash_output[0..64]); - hash_output - }; - - let mut signature: [u8; 64] = [0; 64]; - let r: GeP3 = ge_scalarmult_base(&nonce[0..32]); - for (result_byte, source_byte) in (&mut signature[0..32]).iter_mut().zip(r.to_bytes().iter()) { - *result_byte = *source_byte; - } - for (result_byte, source_byte) in (&mut signature[32..64]).iter_mut().zip(public_key.iter()) { - *result_byte = *source_byte; - } - - { - let mut hasher = Sha512::new(); - hasher.input(signature.as_ref()); - hasher.input(message); - let mut hram: [u8; 64] = [0; 64]; - hasher.result(&mut hram); - sc_reduce(&mut hram); - sc_muladd(&mut signature[32..64], &hram[0..32], &extended_secret[0..32], &nonce[0..32]); - } - - signature -} - - -fn check_s_lt_l(s: &[u8]) -> bool -{ - let mut c: u8 = 0; - let mut n: u8 = 1; - - let mut i = 31; - loop { - c |= ((((s[i] as i32) - (L[i] as i32)) >> 8) as u8) & n; - n &= (((((s[i] ^ L[i]) as i32)) - 1) >> 8) as u8; - if i == 0 { - break; - } else { - i -= 1; - } - } - - c == 0 -} - -pub fn verify(message: &[u8], public_key: &[u8], signature: &[u8]) -> bool { - if check_s_lt_l(&signature[32..64]) { - return false; - } - - let a = match GeP3::from_bytes_negate_vartime(public_key) { - Some(g) => g, - None => { return false; } - }; - let mut d = 0; - for pk_byte in public_key.iter() { - d |= *pk_byte; - } - if d == 0 { - return false; - } - - let mut hasher = Sha512::new(); - hasher.input(&signature[0..32]); - hasher.input(public_key); - hasher.input(message); - let mut hash: [u8; 64] = [0; 64]; - hasher.result(&mut hash); - sc_reduce(&mut hash); - - let r = GeP2::double_scalarmult_vartime(hash.as_ref(), a, &signature[32..64]); - let rcheck = r.to_bytes(); - - fixed_time_eq(rcheck.as_ref(), &signature[0..32]) -} - -pub fn exchange(public_key: &[u8], private_key: &[u8]) -> [u8; 32] { - let ed_y = Fe::from_bytes(&public_key); - // Produce public key in Montgomery form. - let mont_x = edwards_to_montgomery_x(ed_y); - - // Produce private key from seed component (bytes 0 to 32) - // of the Ed25519 extended private key (64 bytes). - let mut hasher = Sha512::new(); - hasher.input(&private_key[0..32]); - let mut hash: [u8; 64] = [0; 64]; - hasher.result(&mut hash); - // Clamp the hash such that it is a valid private key - hash[0] &= 248; - hash[31] &= 127; - hash[31] |= 64; - - let shared_mont_x : [u8; 32] = curve25519(&hash, &mont_x.to_bytes()); // priv., pub. - - shared_mont_x -} - -fn edwards_to_montgomery_x(ed_y: Fe) -> Fe { - let ed_z = Fe([1,0,0,0,0,0,0,0,0,0]); - let temp_x = ed_z.add(ed_y); - let temp_z = ed_z.sub(ed_y); - let temp_z_inv = temp_z.invert(); - - let mont_x = temp_x.mul(temp_z_inv); - - mont_x -} - -#[cfg(test)] -mod tests { - use ed25519::{keypair, signature, verify, exchange}; - use curve25519::{curve25519_base, curve25519}; - use digest::Digest; - use sha2::{Sha512}; - - fn do_keypair_case(seed: [u8; 32], expected_secret: [u8; 64], expected_public: [u8; 32]) { - let (actual_secret, actual_public) = keypair(seed.as_ref()); - assert_eq!(actual_secret.to_vec(), expected_secret.to_vec()); - assert_eq!(actual_public.to_vec(), expected_public.to_vec()); - } - - #[test] - fn keypair_cases() { - do_keypair_case( - [0x26, 0x27, 0xf6, 0x85, 0x97, 0x15, 0xad, 0x1d, 0xd2, 0x94, 0xdd, 0xc4, 0x76, 0x19, 0x39, 0x31, - 0xf1, 0xad, 0xb5, 0x58, 0xf0, 0x93, 0x97, 0x32, 0x19, 0x2b, 0xd1, 0xc0, 0xfd, 0x16, 0x8e, 0x4e], - [0x26, 0x27, 0xf6, 0x85, 0x97, 0x15, 0xad, 0x1d, 0xd2, 0x94, 0xdd, 0xc4, 0x76, 0x19, 0x39, 0x31, - 0xf1, 0xad, 0xb5, 0x58, 0xf0, 0x93, 0x97, 0x32, 0x19, 0x2b, 0xd1, 0xc0, 0xfd, 0x16, 0x8e, 0x4e, - 0x5d, 0x6d, 0x23, 0x6b, 0x52, 0xd1, 0x8e, 0x3a, 0xb6, 0xd6, 0x07, 0x2f, 0xb6, 0xe4, 0xc7, 0xd4, - 0x6b, 0xd5, 0x9a, 0xd9, 0xcc, 0x19, 0x47, 0x26, 0x5f, 0x00, 0xb7, 0x20, 0xfa, 0x2c, 0x8f, 0x66], - [0x5d, 0x6d, 0x23, 0x6b, 0x52, 0xd1, 0x8e, 0x3a, 0xb6, 0xd6, 0x07, 0x2f, 0xb6, 0xe4, 0xc7, 0xd4, - 0x6b, 0xd5, 0x9a, 0xd9, 0xcc, 0x19, 0x47, 0x26, 0x5f, 0x00, 0xb7, 0x20, 0xfa, 0x2c, 0x8f, 0x66]); - do_keypair_case( - [0x29, 0x23, 0xbe, 0x84, 0xe1, 0x6c, 0xd6, 0xae, 0x52, 0x90, 0x49, 0xf1, 0xf1, 0xbb, 0xe9, 0xeb, - 0xb3, 0xa6, 0xdb, 0x3c, 0x87, 0x0c, 0x3e, 0x99, 0x24, 0x5e, 0x0d, 0x1c, 0x06, 0xb7, 0x47, 0xde], - [0x29, 0x23, 0xbe, 0x84, 0xe1, 0x6c, 0xd6, 0xae, 0x52, 0x90, 0x49, 0xf1, 0xf1, 0xbb, 0xe9, 0xeb, - 0xb3, 0xa6, 0xdb, 0x3c, 0x87, 0x0c, 0x3e, 0x99, 0x24, 0x5e, 0x0d, 0x1c, 0x06, 0xb7, 0x47, 0xde, - 0x5d, 0x83, 0x31, 0x26, 0x56, 0x0c, 0xb1, 0x9a, 0x14, 0x19, 0x37, 0x27, 0x78, 0x96, 0xf0, 0xfd, - 0x43, 0x7b, 0xa6, 0x80, 0x1e, 0xb2, 0x10, 0xac, 0x4c, 0x39, 0xd9, 0x00, 0x72, 0xd7, 0x0d, 0xa8], - [0x5d, 0x83, 0x31, 0x26, 0x56, 0x0c, 0xb1, 0x9a, 0x14, 0x19, 0x37, 0x27, 0x78, 0x96, 0xf0, 0xfd, - 0x43, 0x7b, 0xa6, 0x80, 0x1e, 0xb2, 0x10, 0xac, 0x4c, 0x39, 0xd9, 0x00, 0x72, 0xd7, 0x0d, 0xa8]); - } - - #[test] - fn keypair_matches_mont() { - let seed = [0x26, 0x27, 0xf6, 0x85, 0x97, 0x15, 0xad, 0x1d, 0xd2, 0x94, 0xdd, 0xc4, 0x76, 0x19, 0x39, 0x31, - 0xf1, 0xad, 0xb5, 0x58, 0xf0, 0x93, 0x97, 0x32, 0x19, 0x2b, 0xd1, 0xc0, 0xfd, 0x16, 0x8e, 0x4e]; - let (ed_private, ed_public) = keypair(seed.as_ref()); - - let mut hasher = Sha512::new(); - hasher.input(&ed_private[0..32]); - let mut hash: [u8; 64] = [0; 64]; - hasher.result(&mut hash); - hash[0] &= 248; - hash[31] &= 127; - hash[31] |= 64; - - let cv_public = curve25519_base(&hash); - - let edx_ss = exchange(&ed_public, &ed_private); - let cv_ss = curve25519(&hash, &cv_public); - - assert_eq!(edx_ss.to_vec(), cv_ss.to_vec()); - } - - fn do_sign_verify_case(seed: [u8; 32], message: &[u8], expected_signature: [u8; 64]) { - let (secret_key, public_key) = keypair(seed.as_ref()); - let mut actual_signature = signature(message, secret_key.as_ref()); - assert_eq!(expected_signature.to_vec(), actual_signature.to_vec()); - assert!(verify(message, public_key.as_ref(), actual_signature.as_ref())); - - for &(index, flip) in [(0, 1), (31, 0x80), (20, 0xff)].iter() { - actual_signature[index] ^= flip; - assert!(!verify(message, public_key.as_ref(), actual_signature.as_ref())); - actual_signature[index] ^= flip; - } - - let mut public_key_corrupt = public_key; - public_key_corrupt[0] ^= 1; - assert!(!verify(message, public_key_corrupt.as_ref(), actual_signature.as_ref())); - } - - #[test] - fn sign_verify_cases() { - do_sign_verify_case( - [0x2d, 0x20, 0x86, 0x83, 0x2c, 0xc2, 0xfe, 0x3f, 0xd1, 0x8c, 0xb5, 0x1d, 0x6c, 0x5e, 0x99, 0xa5, - 0x75, 0x9f, 0x02, 0x21, 0x1f, 0x85, 0xe5, 0xff, 0x2f, 0x90, 0x4a, 0x78, 0x0f, 0x58, 0x00, 0x6f], - [0x89, 0x8f, 0x9c, 0x4b, 0x2c, 0x6e, 0xe9, 0xe2, 0x28, 0x76, 0x1c, 0xa5, 0x08, 0x97, 0xb7, 0x1f, - 0xfe, 0xca, 0x1c, 0x35, 0x28, 0x46, 0xf5, 0xfe, 0x13, 0xf7, 0xd3, 0xd5, 0x7e, 0x2c, 0x15, 0xac, - 0x60, 0x90, 0x0c, 0xa3, 0x2c, 0x5b, 0x5d, 0xd9, 0x53, 0xc9, 0xa6, 0x81, 0x0a, 0xcc, 0x64, 0x39, - 0x4f, 0xfd, 0x14, 0x98, 0x26, 0xd9, 0x98, 0x06, 0x29, 0x2a, 0xdd, 0xd1, 0x3f, 0xc3, 0xbb, 0x7d, - 0xac, 0x70, 0x1c, 0x5b, 0x4a, 0x2d, 0x61, 0x5d, 0x15, 0x96, 0x01, 0x28, 0xed, 0x9f, 0x73, 0x6b, - 0x98, 0x85, 0x4f, 0x6f, 0x07, 0x05, 0xb0, 0xf0, 0xda, 0xcb, 0xdc, 0x2c, 0x26, 0x2d, 0x27, 0x39, - 0x75, 0x19, 0x14, 0x9b, 0x0e, 0x4c, 0xbe, 0x16, 0x77, 0xc5, 0x76, 0xc1, 0x39, 0x7a, 0xae, 0x5c, - 0xe3, 0x49, 0x16, 0xe3, 0x51, 0x31, 0x04, 0x63, 0x2e, 0xc2, 0x19, 0x0d, 0xb8, 0xd2, 0x22, 0x89, - 0xc3, 0x72, 0x3c, 0x8d, 0x01, 0x21, 0x3c, 0xad, 0x80, 0x3f, 0x4d, 0x75, 0x74, 0xc4, 0xdb, 0xb5, - 0x37, 0x31, 0xb0, 0x1c, 0x8e, 0xc7, 0x5d, 0x08, 0x2e, 0xf7, 0xdc, 0x9d, 0x7f, 0x1b, 0x73, 0x15, - 0x9f, 0x63, 0xdb, 0x56, 0xaa, 0x12, 0xa2, 0xca, 0x39, 0xea, 0xce, 0x6b, 0x28, 0xe4, 0xc3, 0x1d, - 0x9d, 0x25, 0x67, 0x41, 0x45, 0x2e, 0x83, 0x87, 0xe1, 0x53, 0x6d, 0x03, 0x02, 0x6e, 0xe4, 0x84, - 0x10, 0xd4, 0x3b, 0x21, 0x91, 0x88, 0xba, 0x14, 0xa8, 0xaf].as_ref(), - [0x91, 0x20, 0x91, 0x66, 0x1e, 0xed, 0x18, 0xa4, 0x03, 0x4b, 0xc7, 0xdb, 0x4b, 0xd6, 0x0f, 0xe2, - 0xde, 0xeb, 0xf3, 0xff, 0x3b, 0x6b, 0x99, 0x8d, 0xae, 0x20, 0x94, 0xb6, 0x09, 0x86, 0x5c, 0x20, - 0x19, 0xec, 0x67, 0x22, 0xbf, 0xdc, 0x87, 0xbd, 0xa5, 0x40, 0x91, 0x92, 0x2e, 0x11, 0xe3, 0x93, - 0xf5, 0xfd, 0xce, 0xea, 0x3e, 0x09, 0x1f, 0x2e, 0xe6, 0xbc, 0x62, 0xdf, 0x94, 0x8e, 0x99, 0x09] - ); - do_sign_verify_case( - [0x33, 0x19, 0x17, 0x82, 0xc1, 0x70, 0x4f, 0x60, 0xd0, 0x84, 0x8d, 0x75, 0x62, 0xa2, 0xfa, 0x19, - 0xf9, 0x92, 0x4f, 0xea, 0x4e, 0x77, 0x33, 0xcd, 0x45, 0xf6, 0xc3, 0x2f, 0x21, 0x9a, 0x72, 0x91], - [0x77, 0x13, 0x43, 0x5a, 0x0e, 0x34, 0x6f, 0x67, 0x71, 0xae, 0x5a, 0xde, 0xa8, 0x7a, 0xe7, 0xa4, - 0x52, 0xc6, 0x5d, 0x74, 0x8f, 0x48, 0x69, 0xd3, 0x1e, 0xd3, 0x67, 0x47, 0xc3, 0x28, 0xdd, 0xc4, - 0xec, 0x0e, 0x48, 0x67, 0x93, 0xa5, 0x1c, 0x67, 0x66, 0xf7, 0x06, 0x48, 0x26, 0xd0, 0x74, 0x51, - 0x4d, 0xd0, 0x57, 0x41, 0xf3, 0xbe, 0x27, 0x3e, 0xf2, 0x1f, 0x28, 0x0e, 0x49, 0x07, 0xed, 0x89, - 0xbe, 0x30, 0x1a, 0x4e, 0xc8, 0x49, 0x6e, 0xb6, 0xab, 0x90, 0x00, 0x06, 0xe5, 0xa3, 0xc8, 0xe9, - 0xc9, 0x93, 0x62, 0x1d, 0x6a, 0x3b, 0x0f, 0x6c, 0xba, 0xd0, 0xfd, 0xde, 0xf3, 0xb9, 0xc8, 0x2d].as_ref(), - [0x4b, 0x8d, 0x9b, 0x1e, 0xca, 0x54, 0x00, 0xea, 0xc6, 0xf5, 0xcc, 0x0c, 0x94, 0x39, 0x63, 0x00, - 0x52, 0xf7, 0x34, 0xce, 0x45, 0x3e, 0x94, 0x26, 0xf3, 0x19, 0xdd, 0x96, 0x03, 0xb6, 0xae, 0xae, - 0xb9, 0xd2, 0x3a, 0x5f, 0x93, 0xf0, 0x6a, 0x46, 0x00, 0x18, 0xf0, 0x69, 0xdf, 0x19, 0x44, 0x48, - 0xf5, 0x60, 0x51, 0xab, 0x9e, 0x6b, 0xfa, 0xeb, 0x64, 0x10, 0x16, 0xf7, 0xa9, 0x0b, 0xe2, 0x0c] - ); - - } -} diff --git a/rcw/src/hkdf.rs b/rcw/src/hkdf.rs deleted file mode 100644 index 9b7bd77..0000000 --- a/rcw/src/hkdf.rs +++ /dev/null @@ -1,166 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -//! This module implements the HMAC-based Extract-and-Expand Key -//! Derivation Function as specified by https://tools.ietf.org/html/rfc5869. - -use std::iter::repeat; -use cryptoutil::copy_memory; - -use digest::Digest; -use hmac::Hmac; -use mac::Mac; - -/// Execute the HKDF-Extract function. Applications MUST NOT use this for -/// password hashing. -/// -/// # Arguments -/// * digest - The digest function to use. -/// * salt - The optional salt value (a non-secret random value) to use. -/// * ikm - The input keying material to use. -/// * prk - The output buffer to fill with a digest.output_bytes() length -/// pseudo random key. -pub fn hkdf_extract(mut digest: D, salt: &[u8], ikm: &[u8], prk: &mut [u8]) { - assert!(prk.len() == digest.output_bytes()); - digest.reset(); - - let mut mac = Hmac::new(digest, salt); - mac.input(ikm); - mac.raw_result(prk); - mac.reset(); -} - -/// Execute the HKDF-Expand function. Applications MUST NOT use this for -/// password hashing. -/// -/// # Arguments -/// * digest - The digest function to use. -/// * prk - The pseudorandom key of at least digest.output_bytes() octets. -/// * info - The optional context and application specific information to use. -/// * okm - The output buffer to fill with the derived key value. -pub fn hkdf_expand(mut digest: D, prk: &[u8], info: &[u8], okm: &mut [u8]) { - digest.reset(); - - let mut mac = Hmac::new(digest, prk); - let os = mac.output_bytes(); - let mut t: Vec = repeat(0).take(os).collect(); - let mut n: u8 = 0; - - for chunk in okm.chunks_mut(os) { - // The block index starts at 1. So, this is supposed to run on the first execution. - n = n.checked_add(1).expect("HKDF size limit exceeded."); - - if n != 1 { - mac.input(&t[..]); - } - let nbuf = [n]; - mac.input(info); - mac.input(&nbuf); - mac.raw_result(&mut t); - mac.reset(); - let chunk_len = chunk.len(); - copy_memory(&t[..chunk_len], chunk); - } -} - -#[cfg(test)] -mod test { - use std::iter::repeat; - - use digest::Digest; - use sha2::Sha256; - use hkdf::{hkdf_extract, hkdf_expand}; - - struct TestVector{ - digest: D, - ikm: Vec, - salt: Vec, - info: Vec, - l: usize, - - prk: Vec, - okm: Vec, - } - - #[test] - fn test_hkdf_rfc5869_sha256_vectors() { - let test_vectors = vec!( - TestVector{ - digest: Sha256::new(), - ikm: repeat(0x0b).take(22).collect(), - salt: (0x00..0x0c + 1).collect(), - info: (0xf0..0xf9 + 1).collect(), - l: 42, - prk: vec![ - 0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, - 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, - 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, - 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5 ], - okm: vec![ - 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, - 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, - 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, - 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, - 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 ], - }, - TestVector{ - digest: Sha256::new(), - ikm: (0x00..0x4f + 1).collect(), - salt: (0x60..0xaf + 1).collect(), - info: (0xb0..0xff + 1).map(|x| x as u8).collect(), - l: 82, - prk: vec![ - 0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a, - 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c, - 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01, - 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44 ], - okm: vec![ - 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, - 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, - 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, - 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, - 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, - 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, - 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, - 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, - 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, - 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, - 0x1d, 0x87 ], - }, - TestVector{ - digest: Sha256::new(), - ikm: repeat(0x0b).take(22).collect(), - salt: vec![], - info: vec![], - l:42, - prk: vec![ - 0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16, - 0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf, - 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77, - 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04 ], - okm: vec![ - 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, - 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, - 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, - 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, - 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, - 0x96, 0xc8 ], - }, - ); - - for t in test_vectors.iter() { - let mut prk: Vec = repeat(0).take(t.prk.len()).collect(); - hkdf_extract(t.digest, &t.salt[..], &t.ikm[..], &mut prk); - assert!(prk == t.prk); - - let mut okm: Vec = repeat(0).take(t.okm.len()).collect(); - assert!(okm.len() == t.l); - hkdf_expand(t.digest, &prk[..], &t.info[..], &mut okm); - assert!(okm == t.okm); - } - } -} diff --git a/rcw/src/hmac.rs b/rcw/src/hmac.rs deleted file mode 100644 index a645d8d..0000000 --- a/rcw/src/hmac.rs +++ /dev/null @@ -1,162 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -/*! - * This module implements the Hmac function - a Message Authentication Code using a Digest. - */ - -use std::iter::repeat; - -use cryptoutil; -use digest::Digest; -use mac::{Mac, MacResult}; - -/** - * The Hmac struct represents an Hmac function - a Message Authentication Code using a Digest. - */ -pub struct Hmac { - digest: D, - i_key: Vec, - o_key: Vec, - finished: bool -} - -fn derive_key(key: &mut [u8], mask: u8) { - for elem in key.iter_mut() { - *elem ^= mask; - } -} - -// The key that Hmac processes must be the same as the block size of the underlying Digest. If the -// provided key is smaller than that, we just pad it with zeros. If its larger, we hash it and then -// pad it with zeros. -fn expand_key(digest: &mut D, key: &[u8]) -> Vec { - let bs = digest.block_size(); - let mut expanded_key: Vec = repeat(0).take(bs).collect(); - - if key.len() <= bs { - cryptoutil::copy_memory(key, &mut expanded_key); - } else { - let output_size = digest.output_bytes(); - digest.input(key); - digest.result(&mut expanded_key[..output_size]); - digest.reset(); - } - expanded_key -} - -// Hmac uses two keys derived from the provided key - one by xoring every byte with 0x36 and another -// with 0x5c. -fn create_keys(digest: &mut D, key: &[u8]) -> (Vec, Vec) { - let mut i_key = expand_key(digest, key); - let mut o_key = i_key.clone(); - derive_key(&mut i_key, 0x36); - derive_key(&mut o_key, 0x5c); - (i_key, o_key) -} - -impl Hmac { - /** - * Create a new Hmac instance. - * - * # Arguments - * * digest - The Digest to use. - * * key - The key to use. - * - */ - pub fn new(mut digest: D, key: &[u8]) -> Hmac { - let (i_key, o_key) = create_keys(&mut digest, key); - digest.input(&i_key[..]); - Hmac { - digest: digest, - i_key: i_key, - o_key: o_key, - finished: false - } - } -} - -impl Mac for Hmac { - fn input(&mut self, data: &[u8]) { - assert!(!self.finished); - self.digest.input(data); - } - - fn reset(&mut self) { - self.digest.reset(); - self.digest.input(&self.i_key[..]); - self.finished = false; - } - - fn result(&mut self) -> MacResult { - let output_size = self.digest.output_bytes(); - let mut code: Vec = repeat(0).take(output_size).collect(); - - self.raw_result(&mut code); - - MacResult::new_from_owned(code) - } - - fn raw_result(&mut self, output: &mut [u8]) { - if !self.finished { - self.digest.result(output); - - self.digest.reset(); - self.digest.input(&self.o_key[..]); - self.digest.input(output); - - self.finished = true; - } - - self.digest.result(output); - } - - fn output_bytes(&self) -> usize { self.digest.output_bytes() } -} - -#[cfg(test)] -mod test { - use std::iter::repeat; - - use mac::{Mac, MacResult}; - use hmac::Hmac; - use digest::Digest; - - struct Test { - key: Vec, - data: Vec, - expected: Vec - } - - // Test vectors from: http://tools.ietf.org/html/rfc2104 - - fn tests() -> Vec { - vec![ - Test { - key: repeat(0x0bu8).take(16).collect(), - data: b"Hi There".to_vec(), - expected: vec![ - 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, - 0x13, 0xf4, 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d ] - }, - Test { - key: b"Jefe".to_vec(), - data: b"what do ya want for nothing?".to_vec(), - expected: vec![ - 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, - 0xea, 0xa8, 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 ] - }, - Test { - key: repeat(0xaau8).take(16).collect(), - data: repeat(0xddu8).take(50).collect(), - expected: vec![ - 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, - 0xdb, 0xb8, 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 ] - } - ] - } - -} diff --git a/rcw/src/lib.rs b/rcw/src/lib.rs deleted file mode 100644 index 2ad1462..0000000 --- a/rcw/src/lib.rs +++ /dev/null @@ -1,27 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -pub mod blake2b; -pub mod blake2s; -pub mod buffer; -pub mod aead; -mod symmetriccipher; -pub mod chacha20; -pub mod chacha20poly1305; -mod cryptoutil; -pub mod curve25519; -pub mod digest; -pub mod ed25519; -pub mod hmac; -pub mod hkdf; -pub mod mac; -pub mod pbkdf2; -pub mod poly1305; -pub mod sha2; -pub mod sha3; -mod simd; -mod step_by; -pub mod util; diff --git a/rcw/src/mac.rs b/rcw/src/mac.rs deleted file mode 100644 index 59bb644..0000000 --- a/rcw/src/mac.rs +++ /dev/null @@ -1,92 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -/*! - * The mac module defines the Message Authentication Code (Mac) trait. - */ - -use util::fixed_time_eq; - -/** - * The Mac trait defines methods for a Message Authentication function. - */ -pub trait Mac { - /** - * Process input data. - * - * # Arguments - * * data - The input data to process. - * - */ - fn input(&mut self, data: &[u8]); - - /** - * Reset the Mac state to begin processing another input stream. - */ - fn reset(&mut self); - - /** - * Obtain the result of a Mac computation as a MacResult. - */ - fn result(&mut self) -> MacResult; - - /** - * Obtain the result of a Mac computation as [u8]. This method should be used very carefully - * since incorrect use of the Mac code could result in permitting a timing attack which defeats - * the security provided by a Mac function. - */ - fn raw_result(&mut self, output: &mut [u8]); - - /** - * Get the size of the Mac code, in bytes. - */ - fn output_bytes(&self) -> usize; -} - -/** - * A MacResult wraps a Mac code and provides a safe Eq implementation that runs in fixed time. - */ -pub struct MacResult { - code: Vec -} - -impl MacResult { - /** - * Create a new MacResult. - */ - pub fn new(code: &[u8]) -> MacResult { - MacResult { - code: code.to_vec() - } - } - - /** - * Create a new MacResult taking ownership of the specified code value. - */ - pub fn new_from_owned(code: Vec) -> MacResult { - MacResult { - code: code - } - } - - /** - * Get the code value. Be very careful using this method, since incorrect use of the code value - * may permit timing attacks which defeat the security provided by the Mac function. - */ - pub fn code<'s>(&'s self) -> &'s [u8] { - &self.code[..] - } -} - -impl PartialEq for MacResult { - fn eq(&self, x: &MacResult) -> bool { - let lhs = self.code(); - let rhs = x.code(); - fixed_time_eq(lhs, rhs) - } -} - -impl Eq for MacResult { } diff --git a/rcw/src/pbkdf2.rs b/rcw/src/pbkdf2.rs deleted file mode 100644 index 5bb8c3f..0000000 --- a/rcw/src/pbkdf2.rs +++ /dev/null @@ -1,110 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -/*! - * This module implements the PBKDF2 Key Derivation Function as specified by - * http://tools.ietf.org/html/rfc2898. - */ - -use std::iter::repeat; -//use std::io; -use cryptoutil::copy_memory; - -// use rand::{OsRng, Rng}; -//use serialize::base64; -//use serialize::base64::{FromBase64, ToBase64}; - -use cryptoutil::{read_u32_be, write_u32_be}; -//use hmac::Hmac; -use mac::Mac; -use sha2::Sha256; -use util::fixed_time_eq; - -// Calculate a block of the output of size equal to the output_bytes of the underlying Mac function -// mac - The Mac function to use -// salt - the salt value to use -// c - the iteration count -// idx - the 1 based index of the block -// scratch - a temporary variable the same length as the block -// block - the block of the output to calculate -fn calculate_block( - mac: &mut M, - salt: &[u8], - c: u32, - idx: u32, - scratch: &mut [u8], - block: &mut [u8]) { - // Perform the 1st iteration. The output goes directly into block - mac.input(salt); - let mut idx_buf = [0u8; 4]; - write_u32_be(&mut idx_buf, idx); - mac.input(&idx_buf); - mac.raw_result(block); - mac.reset(); - - // Perform the 2nd iteration. The input comes from block and is output into scratch. scratch is - // then exclusive-or added into block. After all this, the input to the next step is now in - // scratch and block is left to just accumulate the exclusive-of sum of remaining iterations. - if c > 1 { - mac.input(block); - mac.raw_result(scratch); - mac.reset(); - for (output, &input) in block.iter_mut().zip(scratch.iter()) { - *output ^= input; - } - } - - // Perform all remaining iterations - for _ in 2..c { - mac.input(scratch); - mac.raw_result(scratch); - mac.reset(); - for (output, &input) in block.iter_mut().zip(scratch.iter()) { - *output ^= input; - } - } -} - -/** - * Execute the PBKDF2 Key Derivation Function. The Scrypt Key Derivation Function generally provides - * better security, so, applications that do not have a requirement to use PBKDF2 specifically - * should consider using that function instead. - * - * # Arguments - * * mac - The Pseudo Random Function to use. - * * salt - The salt value to use. - * * c - The iteration count. Users should carefully determine this value as it is the primary - * factor in determining the security of the derived key. - * * output - The output buffer to fill with the derived key value. - * - */ -pub fn pbkdf2(mac: &mut M, salt: &[u8], c: u32, output: &mut [u8]) { - assert!(c > 0); - - let os = mac.output_bytes(); - - // A temporary storage array needed by calculate_block. This is really only necessary if c > 1. - // Most users of pbkdf2 should use a value much larger than 1, so, this allocation should almost - // always be necessary. A big exception is Scrypt. However, this allocation is unlikely to be - // the bottleneck in Scrypt performance. - let mut scratch: Vec = repeat(0).take(os).collect(); - - let mut idx: u32 = 0; - - for chunk in output.chunks_mut(os) { - // The block index starts at 1. So, this is supposed to run on the first execution. - idx = idx.checked_add(1).expect("PBKDF2 size limit exceeded."); - - if chunk.len() == os { - calculate_block(mac, salt, c, idx, &mut scratch, chunk); - } else { - let mut tmp: Vec = repeat(0).take(os).collect(); - calculate_block(mac, salt, c, idx, &mut scratch[..], &mut tmp[..]); - let chunk_len = chunk.len(); - copy_memory(&tmp[..chunk_len], chunk); - } - } -} diff --git a/rcw/src/poly1305.rs b/rcw/src/poly1305.rs deleted file mode 100644 index 3ffe52e..0000000 --- a/rcw/src/poly1305.rs +++ /dev/null @@ -1,405 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -// This is a port of Andrew Moons poly1305-donna -// https://github.com/floodyberry/poly1305-donna - -use std::cmp::min; - -use cryptoutil::{read_u32_le, write_u32_le}; -use mac::{Mac, MacResult}; - -#[derive(Clone, Copy)] -pub struct Poly1305 { - r : [u32; 5], - h : [u32; 5], - pad : [u32; 4], - leftover : usize, - buffer : [u8; 16], - finalized : bool, -} - -impl Poly1305 { - pub fn new(key: &[u8]) -> Poly1305 { - assert!(key.len() == 32); - let mut poly = Poly1305{ r: [0u32; 5], h: [0u32; 5], pad: [0u32; 4], leftover: 0, buffer: [0u8; 16], finalized: false }; - - // r &= 0xffffffc0ffffffc0ffffffc0fffffff - poly.r[0] = (read_u32_le(&key[0..4]) ) & 0x3ffffff; - poly.r[1] = (read_u32_le(&key[3..7]) >> 2) & 0x3ffff03; - poly.r[2] = (read_u32_le(&key[6..10]) >> 4) & 0x3ffc0ff; - poly.r[3] = (read_u32_le(&key[9..13]) >> 6) & 0x3f03fff; - poly.r[4] = (read_u32_le(&key[12..16]) >> 8) & 0x00fffff; - - poly.pad[0] = read_u32_le(&key[16..20]); - poly.pad[1] = read_u32_le(&key[20..24]); - poly.pad[2] = read_u32_le(&key[24..28]); - poly.pad[3] = read_u32_le(&key[28..32]); - - poly - } - - fn block(&mut self, m: &[u8]) { - let hibit : u32 = if self.finalized { 0 } else { 1 << 24 }; - - let r0 = self.r[0]; - let r1 = self.r[1]; - let r2 = self.r[2]; - let r3 = self.r[3]; - let r4 = self.r[4]; - - let s1 = r1 * 5; - let s2 = r2 * 5; - let s3 = r3 * 5; - let s4 = r4 * 5; - - let mut h0 = self.h[0]; - let mut h1 = self.h[1]; - let mut h2 = self.h[2]; - let mut h3 = self.h[3]; - let mut h4 = self.h[4]; - - // h += m - h0 += (read_u32_le(&m[0..4]) ) & 0x3ffffff; - h1 += (read_u32_le(&m[3..7]) >> 2) & 0x3ffffff; - h2 += (read_u32_le(&m[6..10]) >> 4) & 0x3ffffff; - h3 += (read_u32_le(&m[9..13]) >> 6) & 0x3ffffff; - h4 += (read_u32_le(&m[12..16]) >> 8) | hibit; - - // h *= r - let d0 = (h0 as u64 * r0 as u64) + (h1 as u64 * s4 as u64) + (h2 as u64 * s3 as u64) + (h3 as u64 * s2 as u64) + (h4 as u64 * s1 as u64); - let mut d1 = (h0 as u64 * r1 as u64) + (h1 as u64 * r0 as u64) + (h2 as u64 * s4 as u64) + (h3 as u64 * s3 as u64) + (h4 as u64 * s2 as u64); - let mut d2 = (h0 as u64 * r2 as u64) + (h1 as u64 * r1 as u64) + (h2 as u64 * r0 as u64) + (h3 as u64 * s4 as u64) + (h4 as u64 * s3 as u64); - let mut d3 = (h0 as u64 * r3 as u64) + (h1 as u64 * r2 as u64) + (h2 as u64 * r1 as u64) + (h3 as u64 * r0 as u64) + (h4 as u64 * s4 as u64); - let mut d4 = (h0 as u64 * r4 as u64) + (h1 as u64 * r3 as u64) + (h2 as u64 * r2 as u64) + (h3 as u64 * r1 as u64) + (h4 as u64 * r0 as u64); - - // (partial) h %= p - let mut c : u32; - c = (d0 >> 26) as u32; h0 = d0 as u32 & 0x3ffffff; - d1 += c as u64; c = (d1 >> 26) as u32; h1 = d1 as u32 & 0x3ffffff; - d2 += c as u64; c = (d2 >> 26) as u32; h2 = d2 as u32 & 0x3ffffff; - d3 += c as u64; c = (d3 >> 26) as u32; h3 = d3 as u32 & 0x3ffffff; - d4 += c as u64; c = (d4 >> 26) as u32; h4 = d4 as u32 & 0x3ffffff; - h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff; - h1 += c; - - self.h[0] = h0; - self.h[1] = h1; - self.h[2] = h2; - self.h[3] = h3; - self.h[4] = h4; - } - - fn finish(&mut self) { - if self.leftover > 0 { - self.buffer[self.leftover] = 1; - for i in self.leftover+1..16 { - self.buffer[i] = 0; - } - self.finalized = true; - let tmp = self.buffer; - self.block(&tmp); - } - - // fully carry h - let mut h0 = self.h[0]; - let mut h1 = self.h[1]; - let mut h2 = self.h[2]; - let mut h3 = self.h[3]; - let mut h4 = self.h[4]; - - let mut c : u32; - c = h1 >> 26; h1 = h1 & 0x3ffffff; - h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff; - h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff; - h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff; - h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff; - h1 += c; - - // compute h + -p - let mut g0 = h0.wrapping_add(5); c = g0 >> 26; g0 &= 0x3ffffff; - let mut g1 = h1.wrapping_add(c); c = g1 >> 26; g1 &= 0x3ffffff; - let mut g2 = h2.wrapping_add(c); c = g2 >> 26; g2 &= 0x3ffffff; - let mut g3 = h3.wrapping_add(c); c = g3 >> 26; g3 &= 0x3ffffff; - let mut g4 = h4.wrapping_add(c).wrapping_sub(1 << 26); - - // select h if h < p, or h + -p if h >= p - let mut mask = (g4 >> (32 - 1)).wrapping_sub(1); - g0 &= mask; - g1 &= mask; - g2 &= mask; - g3 &= mask; - g4 &= mask; - mask = !mask; - h0 = (h0 & mask) | g0; - h1 = (h1 & mask) | g1; - h2 = (h2 & mask) | g2; - h3 = (h3 & mask) | g3; - h4 = (h4 & mask) | g4; - - // h = h % (2^128) - h0 = ((h0 ) | (h1 << 26)) & 0xffffffff; - h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; - h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; - h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; - - // h = mac = (h + pad) % (2^128) - let mut f : u64; - f = h0 as u64 + self.pad[0] as u64 ; h0 = f as u32; - f = h1 as u64 + self.pad[1] as u64 + (f >> 32); h1 = f as u32; - f = h2 as u64 + self.pad[2] as u64 + (f >> 32); h2 = f as u32; - f = h3 as u64 + self.pad[3] as u64 + (f >> 32); h3 = f as u32; - - self.h[0] = h0; - self.h[1] = h1; - self.h[2] = h2; - self.h[3] = h3; - } -} - -impl Mac for Poly1305 { - fn input(&mut self, data: &[u8]) { - assert!(!self.finalized); - let mut m = data; - - if self.leftover > 0 { - let want = min(16 - self.leftover, m.len()); - for i in 0..want { - self.buffer[self.leftover+i] = m[i]; - } - m = &m[want..]; - self.leftover += want; - - if self.leftover < 16 { - return; - } - - // self.block(self.buffer[..]); - let tmp = self.buffer; - self.block(&tmp); - - self.leftover = 0; - } - - while m.len() >= 16 { - self.block(&m[0..16]); - m = &m[16..]; - } - - for i in 0..m.len() { - self.buffer[i] = m[i]; - } - self.leftover = m.len(); - } - - fn reset(&mut self) { - self.h = [0u32; 5]; - self.leftover = 0; - self.finalized = false; - } - - fn result(&mut self) -> MacResult { - let mut mac = [0u8; 16]; - self.raw_result(&mut mac); - MacResult::new(&mac[..]) - } - - fn raw_result(&mut self, output: &mut [u8]) { - assert!(output.len() >= 16); - if !self.finalized{ - self.finish(); - } - write_u32_le(&mut output[0..4], self.h[0]); - write_u32_le(&mut output[4..8], self.h[1]); - write_u32_le(&mut output[8..12], self.h[2]); - write_u32_le(&mut output[12..16], self.h[3]); - } - - fn output_bytes(&self) -> usize { 16 } -} - -#[cfg(test)] -mod test { - use std::iter::repeat; - - use poly1305::Poly1305; - use mac::Mac; - - fn poly1305(key: &[u8], msg: &[u8], mac: &mut [u8]) { - let mut poly = Poly1305::new(key); - poly.input(msg); - poly.raw_result(mac); - } - - #[test] - fn test_nacl_vector() { - let key = [ - 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91, - 0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25, - 0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65, - 0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80, - ]; - - let msg = [ - 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73, - 0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce, - 0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4, - 0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a, - 0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b, - 0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72, - 0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2, - 0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38, - 0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a, - 0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae, - 0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea, - 0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda, - 0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde, - 0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3, - 0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6, - 0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74, - 0xe3,0x55,0xa5, - ]; - - let expected = [ - 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5, - 0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9, - ]; - - let mut mac = [0u8; 16]; - poly1305(&key, &msg, &mut mac); - assert_eq!(&mac[..], &expected[..]); - - let mut poly = Poly1305::new(&key); - poly.input(&msg[0..32]); - poly.input(&msg[32..96]); - poly.input(&msg[96..112]); - poly.input(&msg[112..120]); - poly.input(&msg[120..124]); - poly.input(&msg[124..126]); - poly.input(&msg[126..127]); - poly.input(&msg[127..128]); - poly.input(&msg[128..129]); - poly.input(&msg[129..130]); - poly.input(&msg[130..131]); - poly.raw_result(&mut mac); - assert_eq!(&mac[..], &expected[..]); - } - - #[test] - fn donna_self_test() { - let wrap_key = [ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ]; - - let wrap_msg = [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ]; - - let wrap_mac = [ - 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ]; - - let mut mac = [0u8; 16]; - poly1305(&wrap_key, &wrap_msg, &mut mac); - assert_eq!(&mac[..], &wrap_mac[..]); - - let total_key = [ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xff, - 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, - ]; - - let total_mac = [ - 0x64, 0xaf, 0xe2, 0xe8, 0xd6, 0xad, 0x7b, 0xbd, - 0xd2, 0x87, 0xf9, 0x7c, 0x44, 0x62, 0x3d, 0x39, - ]; - - let mut tpoly = Poly1305::new(&total_key); - for i in 0..256 { - let key: Vec = repeat(i as u8).take(32).collect(); - let msg: Vec = repeat(i as u8).take(256).collect(); - let mut mac = [0u8; 16]; - poly1305(&key[..], &msg[0..i], &mut mac); - tpoly.input(&mac); - } - tpoly.raw_result(&mut mac); - assert_eq!(&mac[..], &total_mac[..]); - } - - #[test] - fn test_tls_vectors() { - // from http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04 - let key = b"this is 32-byte key for Poly1305"; - let msg = [0u8; 32]; - let expected = [ - 0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, - 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07, - ]; - let mut mac = [0u8; 16]; - poly1305(key, &msg, &mut mac); - assert_eq!(&mac[..], &expected[..]); - - let msg = b"Hello world!"; - let expected= [ - 0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, - 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0, - ]; - poly1305(key, msg, &mut mac); - assert_eq!(&mac[..], &expected[..]); - } -} - -#[cfg(all(test, feature = "with-bench"))] -mod bench { - use test::Bencher; - use mac::Mac; - use poly1305::Poly1305; - - #[bench] - pub fn poly1305_10(bh: & mut Bencher) { - let mut mac = [0u8; 16]; - let key = [0u8; 32]; - let bytes = [1u8; 10]; - bh.iter( || { - let mut poly = Poly1305::new(&key); - poly.input(&bytes); - poly.raw_result(&mut mac); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn poly1305_1k(bh: & mut Bencher) { - let mut mac = [0u8; 16]; - let key = [0u8; 32]; - let bytes = [1u8; 1024]; - bh.iter( || { - let mut poly = Poly1305::new(&key); - poly.input(&bytes); - poly.raw_result(&mut mac); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn poly1305_64k(bh: & mut Bencher) { - let mut mac = [0u8; 16]; - let key = [0u8; 32]; - let bytes = [1u8; 65536]; - bh.iter( || { - let mut poly = Poly1305::new(&key); - poly.input(&bytes); - poly.raw_result(&mut mac); - }); - bh.bytes = bytes.len() as u64; - } -} diff --git a/rcw/src/sha2.rs b/rcw/src/sha2.rs deleted file mode 100644 index aaa6beb..0000000 --- a/rcw/src/sha2.rs +++ /dev/null @@ -1,1496 +0,0 @@ -// Copyright 2012-2013 The Rust Project Developers. See the COPYRIGHT -// file at the top-level directory of this distribution and at -// http://rust-lang.org/COPYRIGHT. -// -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -/*! -An implementation of the SHA-2 cryptographic hash algorithms. - -There are 6 standard algorithms specified in the SHA-2 standard: - - * `Sha224`, which is the 32-bit `Sha256` algorithm with the result truncated to 224 bits. - * `Sha256`, which is the 32-bit `Sha256` algorithm. - * `Sha384`, which is the 64-bit `Sha512` algorithm with the result truncated to 384 bits. - * `Sha512`, which is the 64-bit `Sha512` algorithm. - * `Sha512Trunc224`, which is the 64-bit `Sha512` algorithm with the result truncated to 224 bits. - * `Sha512Trunc256`, which is the 64-bit `Sha512` algorithm with the result truncated to 256 bits. - -Algorithmically, there are only 2 core algorithms: `Sha256` and `Sha512`. -All other algorithms are just applications of these with different initial hash -values, and truncated to different digest bit lengths. - -# Usage - -An example of using `Sha256` is: - -```rust -use self::rcw::digest::Digest; -use self::rcw::sha2::Sha256; - -// create a Sha256 object -let mut hasher = Sha256::new(); - -// write input message -hasher.input_str("hello world"); - -// read hash digest -let hex = hasher.result_str(); - -assert_eq!(hex, - concat!("b94d27b9934d3e08a52e52d7da7dabfa", - "c484efe37a5380ee9088f7ace2efcde9")); -``` - -An example of using `Sha512` is: - -```rust -use self::rcw::digest::Digest; -use self::rcw::sha2::Sha512; - -// create a Sha512 object -let mut hasher = Sha512::new(); - -// write input message -hasher.input_str("hello world"); - -// read hash digest -let hex = hasher.result_str(); - -assert_eq!(hex, - concat!("309ecc489c12d6eb4cc40f50c902f2b4", - "d0ed77ee511a7c7a9bcd3ca86d4cd86f", - "989dd35bc5ff499670da34255b45b0cf", - "d830e81f605dcf7dc5542e93ae9cd76f")); -``` - - */ - -use digest::Digest; -use cryptoutil::{write_u32_be, read_u32v_be, - write_u64_be, read_u64v_be, - add_bytes_to_bits, add_bytes_to_bits_tuple, - FixedBuffer, FixedBuffer128, FixedBuffer64, StandardPadding}; - -use simd::{u32x4, u64x2}; - -const STATE_LEN: usize = 8; -const BLOCK_LEN: usize = 16; - -/// Not an intrinsic, but works like an unaligned load. -#[inline] -fn sha256load(v2: u32x4, v3: u32x4) -> u32x4 { - u32x4(v3.3, v2.0, v2.1, v2.2) -} - -/// Not an intrinsic, but useful for swapping vectors. -#[inline] -fn sha256swap(v0: u32x4) -> u32x4 { - u32x4(v0.2, v0.3, v0.0, v0.1) -} - -/// Emulates `llvm.x86.sha256msg1` intrinsic. -//#[inline] -fn sha256msg1(v0: u32x4, v1: u32x4) -> u32x4 { - - // sigma 0 on vectors - #[inline] - fn sigma0x4(x: u32x4) -> u32x4 { - ((x >> u32x4( 7, 7, 7, 7)) | (x << u32x4(25, 25, 25, 25))) ^ - ((x >> u32x4(18, 18, 18, 18)) | (x << u32x4(14, 14, 14, 14))) ^ - (x >> u32x4( 3, 3, 3, 3)) - } - - v0 + sigma0x4(sha256load(v0, v1)) -} - -/// Emulates `llvm.x86.sha256msg2` intrinsic. -//#[inline] -fn sha256msg2(v4: u32x4, v3: u32x4) -> u32x4 { - - macro_rules! sigma1 { - ($a:expr) => (($a.rotate_right(17) ^ $a.rotate_right(19) ^ ($a >> 10))) - } - - let u32x4(x3, x2, x1, x0) = v4; - let u32x4(w15, w14, _, _) = v3; - - let w16 = x0.wrapping_add(sigma1!(w14)); - let w17 = x1.wrapping_add(sigma1!(w15)); - let w18 = x2.wrapping_add(sigma1!(w16)); - let w19 = x3.wrapping_add(sigma1!(w17)); - - u32x4(w19, w18, w17, w16) -} - -/// Performs 4 rounds of the SHA-256 message schedule update. -pub fn sha256_schedule_x4(v0: u32x4, v1: u32x4, v2: u32x4, v3: u32x4) -> u32x4 { - sha256msg2(sha256msg1(v0, v1) + sha256load(v2, v3), v3) -} - -/// Emulates `llvm.x86.sha256rnds2` intrinsic. -//#[inline] -pub fn sha256_digest_round_x2(cdgh: u32x4, abef: u32x4, wk: u32x4) -> u32x4 { - - macro_rules! big_sigma0 { - ($a:expr) => (($a.rotate_right(2) ^ $a.rotate_right(13) ^ $a.rotate_right(22))) - } - macro_rules! big_sigma1 { - ($a:expr) => (($a.rotate_right(6) ^ $a.rotate_right(11) ^ $a.rotate_right(25))) - } - macro_rules! bool3ary_202 { - ($a:expr, $b:expr, $c:expr) => (($c ^ ($a & ($b ^ $c)))) - } // Choose, MD5F, SHA1C - macro_rules! bool3ary_232 { - ($a:expr, $b:expr, $c:expr) => (($a & $b) ^ ($a & $c) ^ ($b & $c)) - } // Majority, SHA1M - - let u32x4(_, _, wk1, wk0) = wk; - let u32x4(a0, b0, e0, f0) = abef; - let u32x4(c0, d0, g0, h0) = cdgh; - - // a round - let x0 = big_sigma1!(e0).wrapping_add(bool3ary_202!(e0, f0, g0)).wrapping_add(wk0).wrapping_add(h0); - let y0 = big_sigma0!(a0).wrapping_add(bool3ary_232!(a0, b0, c0)); - let (a1, b1, c1, d1, e1, f1, g1, h1) = ( - x0.wrapping_add(y0), a0, b0, c0, - x0.wrapping_add(d0), e0, f0, g0); - - // a round - let x1 = big_sigma1!(e1).wrapping_add(bool3ary_202!(e1, f1, g1)).wrapping_add(wk1).wrapping_add(h1); - let y1 = big_sigma0!(a1).wrapping_add(bool3ary_232!(a1, b1, c1)); - let (a2, b2, _, _, e2, f2, _, _) = ( - x1.wrapping_add(y1), a1, b1, c1, - x1.wrapping_add(d1), e1, f1, g1); - - u32x4(a2, b2, e2, f2) -} - -/// Process a block with the SHA-256 algorithm. -pub fn sha256_digest_block_u32(state: &mut [u32; 8], block: &[u32; 16]) { - let k = &K32X4; - - macro_rules! schedule { - ($v0:expr, $v1:expr, $v2:expr, $v3:expr) => ( - sha256msg2(sha256msg1($v0, $v1) + sha256load($v2, $v3), $v3) - ) - } - - macro_rules! rounds4 { - ($abef:ident, $cdgh:ident, $rest:expr) => { - { - $cdgh = sha256_digest_round_x2($cdgh, $abef, $rest); - $abef = sha256_digest_round_x2($abef, $cdgh, sha256swap($rest)); - } - } - } - - let mut abef = u32x4(state[0], - state[1], - state[4], - state[5]); - let mut cdgh = u32x4(state[2], - state[3], - state[6], - state[7]); - - // Rounds 0..64 - let mut w0 = u32x4(block[3], - block[2], - block[1], - block[0]); - rounds4!(abef, cdgh, k[0] + w0); - let mut w1 = u32x4(block[7], - block[6], - block[5], - block[4]); - rounds4!(abef, cdgh, k[1] + w1); - let mut w2 = u32x4(block[11], - block[10], - block[9], - block[8]); - rounds4!(abef, cdgh, k[2] + w2); - let mut w3 = u32x4(block[15], - block[14], - block[13], - block[12]); - rounds4!(abef, cdgh, k[3] + w3); - let mut w4 = schedule!(w0, w1, w2, w3); - rounds4!(abef, cdgh, k[4] + w4); - w0 = schedule!(w1, w2, w3, w4); - rounds4!(abef, cdgh, k[5] + w0); - w1 = schedule!(w2, w3, w4, w0); - rounds4!(abef, cdgh, k[6] + w1); - w2 = schedule!(w3, w4, w0, w1); - rounds4!(abef, cdgh, k[7] + w2); - w3 = schedule!(w4, w0, w1, w2); - rounds4!(abef, cdgh, k[8] + w3); - w4 = schedule!(w0, w1, w2, w3); - rounds4!(abef, cdgh, k[9] + w4); - w0 = schedule!(w1, w2, w3, w4); - rounds4!(abef, cdgh, k[10] + w0); - w1 = schedule!(w2, w3, w4, w0); - rounds4!(abef, cdgh, k[11] + w1); - w2 = schedule!(w3, w4, w0, w1); - rounds4!(abef, cdgh, k[12] + w2); - w3 = schedule!(w4, w0, w1, w2); - rounds4!(abef, cdgh, k[13] + w3); - w4 = schedule!(w0, w1, w2, w3); - rounds4!(abef, cdgh, k[14] + w4); - w0 = schedule!(w1, w2, w3, w4); - rounds4!(abef, cdgh, k[15] + w0); - - let u32x4(a, b, e, f) = abef; - let u32x4(c, d, g, h) = cdgh; - - state[0] = state[0].wrapping_add(a); - state[1] = state[1].wrapping_add(b); - state[2] = state[2].wrapping_add(c); - state[3] = state[3].wrapping_add(d); - state[4] = state[4].wrapping_add(e); - state[5] = state[5].wrapping_add(f); - state[6] = state[6].wrapping_add(g); - state[7] = state[7].wrapping_add(h); -} - -/// Process a block with the SHA-256 algorithm. (See more...) -/// -/// Internally, this uses functions which resemble the new Intel SHA instruction sets, -/// and so it's data locality properties may improve performance. However, to benefit -/// the most from this implementation, replace these functions with x86 intrinsics to -/// get a possible speed boost. -/// -/// # Implementation -/// -/// The `Sha256` algorithm is implemented with functions that resemble the new -/// Intel SHA instruction set extensions. These intructions fall into two categories: -/// message schedule calculation, and the message block 64-round digest calculation. -/// The schedule-related instructions allow 4 rounds to be calculated as: -/// -/// ```ignore -/// use std::simd::u32x4; -/// use self::crypto::sha2::{ -/// sha256msg1, -/// sha256msg2, -/// sha256load -/// }; -/// -/// fn schedule4_data(work: &mut [u32x4], w: &[u32]) { -/// -/// // this is to illustrate the data order -/// work[0] = u32x4(w[3], w[2], w[1], w[0]); -/// work[1] = u32x4(w[7], w[6], w[5], w[4]); -/// work[2] = u32x4(w[11], w[10], w[9], w[8]); -/// work[3] = u32x4(w[15], w[14], w[13], w[12]); -/// } -/// -/// fn schedule4_work(work: &mut [u32x4], t: usize) { -/// -/// // this is the core expression -/// work[t] = sha256msg2(sha256msg1(work[t - 4], work[t - 3]) + -/// sha256load(work[t - 2], work[t - 1]), -/// work[t - 1]) -/// } -/// ``` -/// -/// instead of 4 rounds of: -/// -/// ```ignore -/// fn schedule_work(w: &mut [u32], t: usize) { -/// w[t] = sigma1!(w[t - 2]) + w[t - 7] + sigma0!(w[t - 15]) + w[t - 16]; -/// } -/// ``` -/// -/// and the digest-related instructions allow 4 rounds to be calculated as: -/// -/// ```ignore -/// use std::simd::u32x4; -/// use self::crypto::sha2::{K32X4, -/// sha256rnds2, -/// sha256swap -/// }; -/// -/// fn rounds4(state: &mut [u32; 8], work: &mut [u32x4], t: usize) { -/// let [a, b, c, d, e, f, g, h]: [u32; 8] = *state; -/// -/// // this is to illustrate the data order -/// let mut abef = u32x4(a, b, e, f); -/// let mut cdgh = u32x4(c, d, g, h); -/// let temp = K32X4[t] + work[t]; -/// -/// // this is the core expression -/// cdgh = sha256rnds2(cdgh, abef, temp); -/// abef = sha256rnds2(abef, cdgh, sha256swap(temp)); -/// -/// *state = [abef.0, abef.1, cdgh.0, cdgh.1, -/// abef.2, abef.3, cdgh.2, cdgh.3]; -/// } -/// ``` -/// -/// instead of 4 rounds of: -/// -/// ```ignore -/// fn round(state: &mut [u32; 8], w: &mut [u32], t: usize) { -/// let [a, b, c, mut d, e, f, g, mut h]: [u32; 8] = *state; -/// -/// h += big_sigma1!(e) + choose!(e, f, g) + K32[t] + w[t]; d += h; -/// h += big_sigma0!(a) + majority!(a, b, c); -/// -/// *state = [h, a, b, c, d, e, f, g]; -/// } -/// ``` -/// -/// **NOTE**: It is important to note, however, that these instructions are not implemented -/// by any CPU (at the time of this writing), and so they are emulated in this library -/// until the instructions become more common, and gain support in LLVM (and GCC, etc.). -/// -pub fn sha256_digest_block(state: &mut [u32; 8], block: &[u8/*; 64*/]) { - assert_eq!(block.len(), BLOCK_LEN*4); - let mut block2 = [0u32; BLOCK_LEN]; - read_u32v_be(&mut block2[..], block); - sha256_digest_block_u32(state, &block2); -} - -/// Not an intrinsic, but works like an unaligned load. -#[inline] -fn sha512load(v0: u64x2, v1: u64x2) -> u64x2 { - u64x2(v1.1, v0.0) -} - -/// Performs 2 rounds of the SHA-512 message schedule update. -pub fn sha512_schedule_x2(v0: u64x2, v1: u64x2, v4to5: u64x2, v7: u64x2) -> u64x2 { - - // sigma 0 - fn sigma0(x: u64) -> u64 { - ((x << 63) | (x >> 1)) ^ ((x << 56) | (x >> 8)) ^ (x >> 7) - } - - // sigma 1 - fn sigma1(x: u64) -> u64 { - ((x << 45) | (x >> 19)) ^ ((x << 3) | (x >> 61)) ^ (x >> 6) - } - - let u64x2(w1, w0) = v0; - let u64x2(_, w2) = v1; - let u64x2(w10, w9) = v4to5; - let u64x2(w15, w14) = v7; - - let w16 = sigma1(w14).wrapping_add(w9).wrapping_add(sigma0(w1)).wrapping_add(w0); - let w17 = sigma1(w15).wrapping_add(w10).wrapping_add(sigma0(w2)).wrapping_add(w1); - - u64x2(w17, w16) -} - -/// Performs one round of the SHA-512 message block digest. -pub fn sha512_digest_round(ae: u64x2, bf: u64x2, cg: u64x2, dh: u64x2, wk0: u64) -> u64x2 { - - macro_rules! big_sigma0 { - ($a:expr) => (($a.rotate_right(28) ^ $a.rotate_right(34) ^ $a.rotate_right(39))) - } - macro_rules! big_sigma1 { - ($a:expr) => (($a.rotate_right(14) ^ $a.rotate_right(18) ^ $a.rotate_right(41))) - } - macro_rules! bool3ary_202 { - ($a:expr, $b:expr, $c:expr) => (($c ^ ($a & ($b ^ $c)))) - } // Choose, MD5F, SHA1C - macro_rules! bool3ary_232 { - ($a:expr, $b:expr, $c:expr) => (($a & $b) ^ ($a & $c) ^ ($b & $c)) - } // Majority, SHA1M - - let u64x2(a0, e0) = ae; - let u64x2(b0, f0) = bf; - let u64x2(c0, g0) = cg; - let u64x2(d0, h0) = dh; - - // a round - let x0 = big_sigma1!(e0).wrapping_add(bool3ary_202!(e0, f0, g0)).wrapping_add(wk0).wrapping_add(h0); - let y0 = big_sigma0!(a0).wrapping_add(bool3ary_232!(a0, b0, c0)); - let (a1, _, _, _, e1, _, _, _) = ( - x0.wrapping_add(y0), a0, b0, c0, - x0.wrapping_add(d0), e0, f0, g0); - - u64x2(a1, e1) -} - -/// Process a block with the SHA-512 algorithm. -pub fn sha512_digest_block_u64(state: &mut [u64; 8], block: &[u64; 16]) { - let k = &K64X2; - - macro_rules! schedule { - ($v0:expr, $v1:expr, $v4:expr, $v5:expr, $v7:expr) => ( - sha512_schedule_x2($v0, $v1, sha512load($v4, $v5), $v7) - ) - } - - macro_rules! rounds4 { - ($ae:ident, $bf:ident, $cg:ident, $dh:ident, $wk0:expr, $wk1:expr) => { - { - let u64x2(u, t) = $wk0; - let u64x2(w, v) = $wk1; - - $dh = sha512_digest_round($ae, $bf, $cg, $dh, t); - $cg = sha512_digest_round($dh, $ae, $bf, $cg, u); - $bf = sha512_digest_round($cg, $dh, $ae, $bf, v); - $ae = sha512_digest_round($bf, $cg, $dh, $ae, w); - } - } - } - - let mut ae = u64x2(state[0], - state[4]); - let mut bf = u64x2(state[1], - state[5]); - let mut cg = u64x2(state[2], - state[6]); - let mut dh = u64x2(state[3], - state[7]); - - // Rounds 0..20 - let (mut w1, mut w0) = (u64x2(block[3], - block[2]), - u64x2(block[1], - block[0])); - rounds4!(ae, bf, cg, dh, k[0] + w0, k[1] + w1); - let (mut w3, mut w2) = (u64x2(block[7], - block[6]), - u64x2(block[5], - block[4])); - rounds4!(ae, bf, cg, dh, k[2] + w2, k[3] + w3); - let (mut w5, mut w4) = (u64x2(block[11], - block[10]), - u64x2(block[9], - block[8])); - rounds4!(ae, bf, cg, dh, k[4] + w4, k[5] + w5); - let (mut w7, mut w6) = (u64x2(block[15], - block[14]), - u64x2(block[13], - block[12])); - rounds4!(ae, bf, cg, dh, k[6] + w6, k[7] + w7); - let mut w8 = schedule!(w0, w1, w4, w5, w7); - let mut w9 = schedule!(w1, w2, w5, w6, w8); - rounds4!(ae, bf, cg, dh, k[8] + w8, k[9] + w9); - - // Rounds 20..40 - w0 = schedule!(w2, w3, w6, w7, w9); - w1 = schedule!(w3, w4, w7, w8, w0); - rounds4!(ae, bf, cg, dh, k[10] + w0, k[11] + w1); - w2 = schedule!(w4, w5, w8, w9, w1); - w3 = schedule!(w5, w6, w9, w0, w2); - rounds4!(ae, bf, cg, dh, k[12] + w2, k[13] + w3); - w4 = schedule!(w6, w7, w0, w1, w3); - w5 = schedule!(w7, w8, w1, w2, w4); - rounds4!(ae, bf, cg, dh, k[14] + w4, k[15] + w5); - w6 = schedule!(w8, w9, w2, w3, w5); - w7 = schedule!(w9, w0, w3, w4, w6); - rounds4!(ae, bf, cg, dh, k[16] + w6, k[17] + w7); - w8 = schedule!(w0, w1, w4, w5, w7); - w9 = schedule!(w1, w2, w5, w6, w8); - rounds4!(ae, bf, cg, dh, k[18] + w8, k[19] + w9); - - // Rounds 40..60 - w0 = schedule!(w2, w3, w6, w7, w9); - w1 = schedule!(w3, w4, w7, w8, w0); - rounds4!(ae, bf, cg, dh, k[20] + w0, k[21] + w1); - w2 = schedule!(w4, w5, w8, w9, w1); - w3 = schedule!(w5, w6, w9, w0, w2); - rounds4!(ae, bf, cg, dh, k[22] + w2, k[23] + w3); - w4 = schedule!(w6, w7, w0, w1, w3); - w5 = schedule!(w7, w8, w1, w2, w4); - rounds4!(ae, bf, cg, dh, k[24] + w4, k[25] + w5); - w6 = schedule!(w8, w9, w2, w3, w5); - w7 = schedule!(w9, w0, w3, w4, w6); - rounds4!(ae, bf, cg, dh, k[26] + w6, k[27] + w7); - w8 = schedule!(w0, w1, w4, w5, w7); - w9 = schedule!(w1, w2, w5, w6, w8); - rounds4!(ae, bf, cg, dh, k[28] + w8, k[29] + w9); - - // Rounds 60..80 - w0 = schedule!(w2, w3, w6, w7, w9); - w1 = schedule!(w3, w4, w7, w8, w0); - rounds4!(ae, bf, cg, dh, k[30] + w0, k[31] + w1); - w2 = schedule!(w4, w5, w8, w9, w1); - w3 = schedule!(w5, w6, w9, w0, w2); - rounds4!(ae, bf, cg, dh, k[32] + w2, k[33] + w3); - w4 = schedule!(w6, w7, w0, w1, w3); - w5 = schedule!(w7, w8, w1, w2, w4); - rounds4!(ae, bf, cg, dh, k[34] + w4, k[35] + w5); - w6 = schedule!(w8, w9, w2, w3, w5); - w7 = schedule!(w9, w0, w3, w4, w6); - rounds4!(ae, bf, cg, dh, k[36] + w6, k[37] + w7); - w8 = schedule!(w0, w1, w4, w5, w7); - w9 = schedule!(w1, w2, w5, w6, w8); - rounds4!(ae, bf, cg, dh, k[38] + w8, k[39] + w9); - - let u64x2(a, e) = ae; - let u64x2(b, f) = bf; - let u64x2(c, g) = cg; - let u64x2(d, h) = dh; - - state[0] = state[0].wrapping_add(a); - state[1] = state[1].wrapping_add(b); - state[2] = state[2].wrapping_add(c); - state[3] = state[3].wrapping_add(d); - state[4] = state[4].wrapping_add(e); - state[5] = state[5].wrapping_add(f); - state[6] = state[6].wrapping_add(g); - state[7] = state[7].wrapping_add(h); -} - -/// Process a block with the SHA-512 algorithm. (See more...) -/// -/// Internally, this uses functions that resemble the new Intel SHA -/// instruction set extensions, but since no architecture seems to -/// have any designs, these may not be the final designs if and/or when -/// there are instruction set extensions with SHA-512. So to summarize: -/// SHA-1 and SHA-256 are being implemented in hardware soon (at the time -/// of this writing), but it doesn't look like SHA-512 will be hardware -/// accelerated any time soon. -/// -/// # Implementation -/// -/// These functions fall into two categories: -/// message schedule calculation, and the message block 64-round digest calculation. -/// The schedule-related functions allow 4 rounds to be calculated as: -/// -/// ```ignore -/// use std::simd::u64x2; -/// use self::crypto::sha2::{ -/// sha512msg, -/// sha512load -/// }; -/// -/// fn schedule4_data(work: &mut [u64x2], w: &[u64]) { -/// -/// // this is to illustrate the data order -/// work[0] = u64x2(w[1], w[0]); -/// work[1] = u64x2(w[3], w[2]); -/// work[2] = u64x2(w[5], w[4]); -/// work[3] = u64x2(w[7], w[6]); -/// work[4] = u64x2(w[9], w[8]); -/// work[5] = u64x2(w[11], w[10]); -/// work[6] = u64x2(w[13], w[12]); -/// work[7] = u64x2(w[15], w[14]); -/// } -/// -/// fn schedule4_work(work: &mut [u64x2], t: usize) { -/// -/// // this is the core expression -/// work[t] = sha512msg(work[t - 8], -/// work[t - 7], -/// sha512load(work[t - 4], work[t - 3]), -/// work[t - 1]); -/// } -/// ``` -/// -/// instead of 4 rounds of: -/// -/// ```ignore -/// fn schedule_work(w: &mut [u64], t: usize) { -/// w[t] = sigma1!(w[t - 2]) + w[t - 7] + sigma0!(w[t - 15]) + w[t - 16]; -/// } -/// ``` -/// -/// and the digest-related functions allow 4 rounds to be calculated as: -/// -/// ```ignore -/// use std::simd::u64x2; -/// use self::crypto::sha2::{K64X2, sha512rnd}; -/// -/// fn rounds4(state: &mut [u64; 8], work: &mut [u64x2], t: usize) { -/// let [a, b, c, d, e, f, g, h]: [u64; 8] = *state; -/// -/// // this is to illustrate the data order -/// let mut ae = u64x2(a, e); -/// let mut bf = u64x2(b, f); -/// let mut cg = u64x2(c, g); -/// let mut dh = u64x2(d, h); -/// let u64x2(w1, w0) = K64X2[2*t] + work[2*t]; -/// let u64x2(w3, w2) = K64X2[2*t + 1] + work[2*t + 1]; -/// -/// // this is the core expression -/// dh = sha512rnd(ae, bf, cg, dh, w0); -/// cg = sha512rnd(dh, ae, bf, cg, w1); -/// bf = sha512rnd(cg, dh, ae, bf, w2); -/// ae = sha512rnd(bf, cg, dh, ae, w3); -/// -/// *state = [ae.0, bf.0, cg.0, dh.0, -/// ae.1, bf.1, cg.1, dh.1]; -/// } -/// ``` -/// -/// instead of 4 rounds of: -/// -/// ```ignore -/// fn round(state: &mut [u64; 8], w: &mut [u64], t: usize) { -/// let [a, b, c, mut d, e, f, g, mut h]: [u64; 8] = *state; -/// -/// h += big_sigma1!(e) + choose!(e, f, g) + K64[t] + w[t]; d += h; -/// h += big_sigma0!(a) + majority!(a, b, c); -/// -/// *state = [h, a, b, c, d, e, f, g]; -/// } -/// ``` -/// -pub fn sha512_digest_block(state: &mut [u64; 8], block: &[u8/*; 128*/]) { - assert_eq!(block.len(), BLOCK_LEN*8); - let mut block2 = [0u64; BLOCK_LEN]; - read_u64v_be(&mut block2[..], block); - sha512_digest_block_u64(state, &block2); -} - -// A structure that represents that state of a digest computation for the SHA-2 512 family -// of digest functions -#[derive(Copy, Clone)] -struct Engine512State { - h: [u64; 8] -} - -impl Engine512State { - fn new(h: &[u64; 8]) -> Engine512State { - Engine512State { - h: *h - } - } - - fn reset(&mut self, h: &[u64; STATE_LEN]) { - self.h = *h; - } - - pub fn process_block(&mut self, data: &[u8]) { - sha512_digest_block(&mut self.h, data); - } -} - -/// Constants necessary for SHA-512 family of digests. -pub const K64: [u64; 80] = [ - 0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, - 0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, - 0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, - 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694, - 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, - 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, - 0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4, - 0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70, - 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df, - 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b, - 0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30, - 0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, - 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, - 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, - 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec, - 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b, - 0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, - 0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b, - 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c, - 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817 -]; - -/// Constants necessary for SHA-512 family of digests. -pub const K64X2: [u64x2; 40] = [ - u64x2(K64[1], K64[0]), u64x2(K64[3], K64[2]), u64x2(K64[5], K64[4]), u64x2(K64[7], K64[6]), - u64x2(K64[9], K64[8]), u64x2(K64[11], K64[10]), u64x2(K64[13], K64[12]), u64x2(K64[15], K64[14]), - u64x2(K64[17], K64[16]), u64x2(K64[19], K64[18]), u64x2(K64[21], K64[20]), u64x2(K64[23], K64[22]), - u64x2(K64[25], K64[24]), u64x2(K64[27], K64[26]), u64x2(K64[29], K64[28]), u64x2(K64[31], K64[30]), - u64x2(K64[33], K64[32]), u64x2(K64[35], K64[34]), u64x2(K64[37], K64[36]), u64x2(K64[39], K64[38]), - u64x2(K64[41], K64[40]), u64x2(K64[43], K64[42]), u64x2(K64[45], K64[44]), u64x2(K64[47], K64[46]), - u64x2(K64[49], K64[48]), u64x2(K64[51], K64[50]), u64x2(K64[53], K64[52]), u64x2(K64[55], K64[54]), - u64x2(K64[57], K64[56]), u64x2(K64[59], K64[58]), u64x2(K64[61], K64[60]), u64x2(K64[63], K64[62]), - u64x2(K64[65], K64[64]), u64x2(K64[67], K64[66]), u64x2(K64[69], K64[68]), u64x2(K64[71], K64[70]), - u64x2(K64[73], K64[72]), u64x2(K64[75], K64[74]), u64x2(K64[77], K64[76]), u64x2(K64[79], K64[78]) -]; - -// A structure that keeps track of the state of the Sha-512 operation and contains the logic -// necessary to perform the final calculations. -#[derive(Copy, Clone)] -struct Engine512 { - length_bits: (u64, u64), - buffer: FixedBuffer128, - state: Engine512State, - finished: bool, -} - -impl Engine512 { - fn new(h: &[u64; STATE_LEN]) -> Engine512 { - Engine512 { - length_bits: (0, 0), - buffer: FixedBuffer128::new(), - state: Engine512State::new(h), - finished: false - } - } - - fn reset(&mut self, h: &[u64; STATE_LEN]) { - self.length_bits = (0, 0); - self.buffer.reset(); - self.state.reset(h); - self.finished = false; - } - - fn input(&mut self, input: &[u8]) { - assert!(!self.finished); - // Assumes that input.len() can be converted to u64 without overflow - self.length_bits = add_bytes_to_bits_tuple(self.length_bits, input.len() as u64); - let self_state = &mut self.state; - self.buffer.input(input, |input: &[u8]| { self_state.process_block(input) }); - } - - fn finish(&mut self) { - if self.finished { - return; - } - - let self_state = &mut self.state; - self.buffer.standard_padding(16, |input: &[u8]| { self_state.process_block(input) }); - match self.length_bits { - (hi, low) => { - write_u64_be(self.buffer.next(8), hi); - write_u64_be(self.buffer.next(8), low); - } - } - self_state.process_block(self.buffer.full_buffer()); - - self.finished = true; - } -} - - -/// The SHA-512 hash algorithm with the SHA-512 initial hash value. -#[derive(Copy, Clone)] -pub struct Sha512 { - engine: Engine512 -} - -impl Sha512 { - /** - * Construct an new instance of a SHA-512 digest. - */ - pub fn new() -> Sha512 { - Sha512 { - engine: Engine512::new(&H512) - } - } -} - -impl Digest for Sha512 { - fn input(&mut self, d: &[u8]) { - self.engine.input(d); - } - - fn result(&mut self, out: &mut [u8]) { - self.engine.finish(); - - write_u64_be(&mut out[0..8], self.engine.state.h[0]); - write_u64_be(&mut out[8..16], self.engine.state.h[1]); - write_u64_be(&mut out[16..24], self.engine.state.h[2]); - write_u64_be(&mut out[24..32], self.engine.state.h[3]); - write_u64_be(&mut out[32..40], self.engine.state.h[4]); - write_u64_be(&mut out[40..48], self.engine.state.h[5]); - write_u64_be(&mut out[48..56], self.engine.state.h[6]); - write_u64_be(&mut out[56..64], self.engine.state.h[7]); - } - - fn reset(&mut self) { - self.engine.reset(&H512); - } - - fn output_bits(&self) -> usize { 512 } - - fn block_size(&self) -> usize { 128 } -} - -static H512: [u64; STATE_LEN] = [ - 0x6a09e667f3bcc908, - 0xbb67ae8584caa73b, - 0x3c6ef372fe94f82b, - 0xa54ff53a5f1d36f1, - 0x510e527fade682d1, - 0x9b05688c2b3e6c1f, - 0x1f83d9abfb41bd6b, - 0x5be0cd19137e2179 -]; - - -/// The SHA-512 hash algorithm with the SHA-384 initial hash value. The result is truncated to 384 bits. -#[derive(Copy, Clone)] -pub struct Sha384 { - engine: Engine512 -} - -impl Sha384 { - /** - * Construct an new instance of a SHA-384 digest. - */ - pub fn new() -> Sha384 { - Sha384 { - engine: Engine512::new(&H384) - } - } -} - -impl Digest for Sha384 { - fn input(&mut self, d: &[u8]) { - self.engine.input(d); - } - - fn result(&mut self, out: &mut [u8]) { - self.engine.finish(); - - write_u64_be(&mut out[0..8], self.engine.state.h[0]); - write_u64_be(&mut out[8..16], self.engine.state.h[1]); - write_u64_be(&mut out[16..24], self.engine.state.h[2]); - write_u64_be(&mut out[24..32], self.engine.state.h[3]); - write_u64_be(&mut out[32..40], self.engine.state.h[4]); - write_u64_be(&mut out[40..48], self.engine.state.h[5]); - } - - fn reset(&mut self) { - self.engine.reset(&H384); - } - - fn output_bits(&self) -> usize { 384 } - - fn block_size(&self) -> usize { 128 } -} - -static H384: [u64; STATE_LEN] = [ - 0xcbbb9d5dc1059ed8, - 0x629a292a367cd507, - 0x9159015a3070dd17, - 0x152fecd8f70e5939, - 0x67332667ffc00b31, - 0x8eb44a8768581511, - 0xdb0c2e0d64f98fa7, - 0x47b5481dbefa4fa4 -]; - - -/// The SHA-512 hash algorithm with the SHA-512/256 initial hash value. The result is truncated to 256 bits. -#[derive(Clone, Copy)] -pub struct Sha512Trunc256 { - engine: Engine512 -} - -impl Sha512Trunc256 { - /** - * Construct an new instance of a SHA-512/256 digest. - */ - pub fn new() -> Sha512Trunc256 { - Sha512Trunc256 { - engine: Engine512::new(&H512_TRUNC_256) - } - } -} - -impl Digest for Sha512Trunc256 { - fn input(&mut self, d: &[u8]) { - self.engine.input(d); - } - - fn result(&mut self, out: &mut [u8]) { - self.engine.finish(); - - write_u64_be(&mut out[0..8], self.engine.state.h[0]); - write_u64_be(&mut out[8..16], self.engine.state.h[1]); - write_u64_be(&mut out[16..24], self.engine.state.h[2]); - write_u64_be(&mut out[24..32], self.engine.state.h[3]); - } - - fn reset(&mut self) { - self.engine.reset(&H512_TRUNC_256); - } - - fn output_bits(&self) -> usize { 256 } - - fn block_size(&self) -> usize { 128 } -} - -static H512_TRUNC_256: [u64; STATE_LEN] = [ - 0x22312194fc2bf72c, - 0x9f555fa3c84c64c2, - 0x2393b86b6f53b151, - 0x963877195940eabd, - 0x96283ee2a88effe3, - 0xbe5e1e2553863992, - 0x2b0199fc2c85b8aa, - 0x0eb72ddc81c52ca2 -]; - - -/// The SHA-512 hash algorithm with the SHA-512/224 initial hash value. The result is truncated to 224 bits. -#[derive(Clone, Copy)] -pub struct Sha512Trunc224 { - engine: Engine512 -} - -impl Sha512Trunc224 { - /** - * Construct an new instance of a SHA-512/224 digest. - */ - pub fn new() -> Sha512Trunc224 { - Sha512Trunc224 { - engine: Engine512::new(&H512_TRUNC_224) - } - } -} - -impl Digest for Sha512Trunc224 { - fn input(&mut self, d: &[u8]) { - self.engine.input(d); - } - - fn result(&mut self, out: &mut [u8]) { - self.engine.finish(); - - write_u64_be(&mut out[0..8], self.engine.state.h[0]); - write_u64_be(&mut out[8..16], self.engine.state.h[1]); - write_u64_be(&mut out[16..24], self.engine.state.h[2]); - write_u32_be(&mut out[24..28], (self.engine.state.h[3] >> 32) as u32); - } - - fn reset(&mut self) { - self.engine.reset(&H512_TRUNC_224); - } - - fn output_bits(&self) -> usize { 224 } - - fn block_size(&self) -> usize { 128 } -} - -static H512_TRUNC_224: [u64; STATE_LEN] = [ - 0x8c3d37c819544da2, - 0x73e1996689dcd4d6, - 0x1dfab7ae32ff9c82, - 0x679dd514582f9fcf, - 0x0f6d2b697bd44da8, - 0x77e36f7304c48942, - 0x3f9d85a86a1d36c8, - 0x1112e6ad91d692a1, -]; - - -// A structure that represents that state of a digest computation for the SHA-2 512 family of digest -// functions -#[derive(Clone, Copy)] -struct Engine256State { - h: [u32; 8], -} - -impl Engine256State { - fn new(h: &[u32; STATE_LEN]) -> Engine256State { - Engine256State { - h: *h - } - } - - fn reset(&mut self, h: &[u32; STATE_LEN]) { - self.h = *h; - } - - pub fn process_block(&mut self, data: &[u8]) { - sha256_digest_block(&mut self.h, data); - } -} - -/// Constants necessary for SHA-256 family of digests. -pub const K32: [u32; 64] = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -]; - -/// Constants necessary for SHA-256 family of digests. -pub const K32X4: [u32x4; 16] = [ - u32x4(K32[3], K32[2], K32[1], K32[0]), - u32x4(K32[7], K32[6], K32[5], K32[4]), - u32x4(K32[11], K32[10], K32[9], K32[8]), - u32x4(K32[15], K32[14], K32[13], K32[12]), - u32x4(K32[19], K32[18], K32[17], K32[16]), - u32x4(K32[23], K32[22], K32[21], K32[20]), - u32x4(K32[27], K32[26], K32[25], K32[24]), - u32x4(K32[31], K32[30], K32[29], K32[28]), - u32x4(K32[35], K32[34], K32[33], K32[32]), - u32x4(K32[39], K32[38], K32[37], K32[36]), - u32x4(K32[43], K32[42], K32[41], K32[40]), - u32x4(K32[47], K32[46], K32[45], K32[44]), - u32x4(K32[51], K32[50], K32[49], K32[48]), - u32x4(K32[55], K32[54], K32[53], K32[52]), - u32x4(K32[59], K32[58], K32[57], K32[56]), - u32x4(K32[63], K32[62], K32[61], K32[60]), -]; - -// A structure that keeps track of the state of the Sha-256 operation and contains the logic -// necessary to perform the final calculations. -#[derive(Clone, Copy)] -struct Engine256 { - length_bits: u64, - buffer: FixedBuffer64, - state: Engine256State, - finished: bool, -} - -impl Engine256 { - fn new(h: &[u32; STATE_LEN]) -> Engine256 { - Engine256 { - length_bits: 0, - buffer: FixedBuffer64::new(), - state: Engine256State::new(h), - finished: false - } - } - - fn reset(&mut self, h: &[u32; STATE_LEN]) { - self.length_bits = 0; - self.buffer.reset(); - self.state.reset(h); - self.finished = false; - } - - fn input(&mut self, input: &[u8]) { - assert!(!self.finished); - // Assumes that input.len() can be converted to u64 without overflow - self.length_bits = add_bytes_to_bits(self.length_bits, input.len() as u64); - let self_state = &mut self.state; - self.buffer.input(input, |input: &[u8]| { self_state.process_block(input) }); - } - - fn finish(&mut self) { - if self.finished { - return; - } - - let self_state = &mut self.state; - self.buffer.standard_padding(8, |input: &[u8]| { self_state.process_block(input) }); - write_u32_be(self.buffer.next(4), (self.length_bits >> 32) as u32 ); - write_u32_be(self.buffer.next(4), self.length_bits as u32); - self_state.process_block(self.buffer.full_buffer()); - - self.finished = true; - } -} - - -/// The SHA-256 hash algorithm with the SHA-256 initial hash value. -#[derive(Clone, Copy)] -pub struct Sha256 { - engine: Engine256 -} - -impl Sha256 { - /** - * Construct an new instance of a SHA-256 digest. - */ - pub fn new() -> Sha256 { - Sha256 { - engine: Engine256::new(&H256) - } - } -} - -impl Digest for Sha256 { - fn input(&mut self, d: &[u8]) { - self.engine.input(d); - } - - fn result(&mut self, out: &mut [u8]) { - self.engine.finish(); - - write_u32_be(&mut out[0..4], self.engine.state.h[0]); - write_u32_be(&mut out[4..8], self.engine.state.h[1]); - write_u32_be(&mut out[8..12], self.engine.state.h[2]); - write_u32_be(&mut out[12..16], self.engine.state.h[3]); - write_u32_be(&mut out[16..20], self.engine.state.h[4]); - write_u32_be(&mut out[20..24], self.engine.state.h[5]); - write_u32_be(&mut out[24..28], self.engine.state.h[6]); - write_u32_be(&mut out[28..32], self.engine.state.h[7]); - } - - fn reset(&mut self) { - self.engine.reset(&H256); - } - - fn output_bits(&self) -> usize { 256 } - - fn block_size(&self) -> usize { 64 } -} - -static H256: [u32; STATE_LEN] = [ - 0x6a09e667, - 0xbb67ae85, - 0x3c6ef372, - 0xa54ff53a, - 0x510e527f, - 0x9b05688c, - 0x1f83d9ab, - 0x5be0cd19 -]; - - -/// The SHA-256 hash algorithm with the SHA-224 initial hash value. The result is truncated to 224 bits. -#[derive(Clone, Copy)] -pub struct Sha224 { - engine: Engine256 -} - -impl Sha224 { - /** - * Construct an new instance of a SHA-224 digest. - */ - pub fn new() -> Sha224 { - Sha224 { - engine: Engine256::new(&H224) - } - } -} - -impl Digest for Sha224 { - fn input(&mut self, d: &[u8]) { - self.engine.input(d); - } - - fn result(&mut self, out: &mut [u8]) { - self.engine.finish(); - write_u32_be(&mut out[0..4], self.engine.state.h[0]); - write_u32_be(&mut out[4..8], self.engine.state.h[1]); - write_u32_be(&mut out[8..12], self.engine.state.h[2]); - write_u32_be(&mut out[12..16], self.engine.state.h[3]); - write_u32_be(&mut out[16..20], self.engine.state.h[4]); - write_u32_be(&mut out[20..24], self.engine.state.h[5]); - write_u32_be(&mut out[24..28], self.engine.state.h[6]); - } - - fn reset(&mut self) { - self.engine.reset(&H224); - } - - fn output_bits(&self) -> usize { 224 } - - fn block_size(&self) -> usize { 64 } -} - -static H224: [u32; STATE_LEN] = [ - 0xc1059ed8, - 0x367cd507, - 0x3070dd17, - 0xf70e5939, - 0xffc00b31, - 0x68581511, - 0x64f98fa7, - 0xbefa4fa4 -]; - - -#[cfg(test)] -mod tests { - use cryptoutil::test::test_digest_1million_random; - use digest::Digest; - use sha2::{Sha512, Sha384, Sha512Trunc256, Sha512Trunc224, Sha256, Sha224}; - - struct Test { - input: &'static str, - output_str: &'static str, - } - - fn test_hash(sh: &mut D, tests: &[Test]) { - // Test that it works when accepting the message all at once - for t in tests.iter() { - sh.input_str(t.input); - - let out_str = sh.result_str(); - assert!(&out_str[..] == t.output_str); - - sh.reset(); - } - - // Test that it works when accepting the message in pieces - for t in tests.iter() { - let len = t.input.len(); - let mut left = len; - while left > 0 { - let take = (left + 1) / 2; - sh.input_str(&t.input[len - left..take + len - left]); - left = left - take; - } - - let out_str = sh.result_str(); - assert!(&out_str[..] == t.output_str); - - sh.reset(); - } - } - - #[test] - fn test_sha512() { - // Examples from wikipedia - let wikipedia_tests = vec![ - Test { - input: "", - output_str: "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" - }, - Test { - input: "The quick brown fox jumps over the lazy dog", - output_str: "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6" - }, - Test { - input: "The quick brown fox jumps over the lazy dog.", - output_str: "91ea1245f20d46ae9a037a989f54f1f790f0a47607eeb8a14d12890cea77a1bbc6c7ed9cf205e67b7f2b8fd4c7dfd3a7a8617e45f3c463d481c7e586c39ac1ed" - }, - ]; - - let tests = wikipedia_tests; - - let mut sh = Box::new(Sha512::new()); - - test_hash(&mut *sh, &tests[..]); - } - - #[test] - fn test_sha384() { - // Examples from wikipedia - let wikipedia_tests = vec![ - Test { - input: "", - output_str: "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" - }, - Test { - input: "The quick brown fox jumps over the lazy dog", - output_str: "ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1" - }, - Test { - input: "The quick brown fox jumps over the lazy dog.", - output_str: "ed892481d8272ca6df370bf706e4d7bc1b5739fa2177aae6c50e946678718fc67a7af2819a021c2fc34e91bdb63409d7" - }, - ]; - - let tests = wikipedia_tests; - - let mut sh = Box::new(Sha384::new()); - - test_hash(&mut *sh, &tests[..]); - } - - #[test] - fn test_sha512_256() { - // Examples from wikipedia - let wikipedia_tests = vec![ - Test { - input: "", - output_str: "c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a" - }, - Test { - input: "The quick brown fox jumps over the lazy dog", - output_str: "dd9d67b371519c339ed8dbd25af90e976a1eeefd4ad3d889005e532fc5bef04d" - }, - Test { - input: "The quick brown fox jumps over the lazy dog.", - output_str: "1546741840f8a492b959d9b8b2344b9b0eb51b004bba35c0aebaac86d45264c3" - }, - ]; - - let tests = wikipedia_tests; - - let mut sh = Box::new(Sha512Trunc256::new()); - - test_hash(&mut *sh, &tests[..]); - } - - #[test] - fn test_sha512_224() { - // Examples from wikipedia - let wikipedia_tests = vec![ - Test { - input: "", - output_str: "6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4" - }, - Test { - input: "The quick brown fox jumps over the lazy dog", - output_str: "944cd2847fb54558d4775db0485a50003111c8e5daa63fe722c6aa37" - }, - Test { - input: "The quick brown fox jumps over the lazy dog.", - output_str: "6d6a9279495ec4061769752e7ff9c68b6b0b3c5a281b7917ce0572de" - }, - ]; - - let tests = wikipedia_tests; - - let mut sh = Box::new(Sha512Trunc224::new()); - - test_hash(&mut *sh, &tests[..]); - } - - #[test] - fn test_sha256() { - // Examples from wikipedia - let wikipedia_tests = vec![ - Test { - input: "", - output_str: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" - }, - Test { - input: "The quick brown fox jumps over the lazy dog", - output_str: "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592" - }, - Test { - input: "The quick brown fox jumps over the lazy dog.", - output_str: "ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c" - }, - ]; - - let tests = wikipedia_tests; - - let mut sh = Box::new(Sha256::new()); - - test_hash(&mut *sh, &tests[..]); - } - - #[test] - fn test_sha224() { - // Examples from wikipedia - let wikipedia_tests = vec![ - Test { - input: "", - output_str: "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" - }, - Test { - input: "The quick brown fox jumps over the lazy dog", - output_str: "730e109bd7a8a32b1cb9d9a09aa2325d2430587ddbc0c38bad911525" - }, - Test { - input: "The quick brown fox jumps over the lazy dog.", - output_str: "619cba8e8e05826e9b8c519c0a5c68f4fb653e8a3d8aa04bb2c8cd4c" - }, - ]; - - let tests = wikipedia_tests; - - let mut sh = Box::new(Sha224::new()); - - test_hash(&mut *sh, &tests[..]); - } - - #[test] - fn test_1million_random_sha512() { - let mut sh = Sha512::new(); - test_digest_1million_random( - &mut sh, - 128, - "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b"); - } - - #[test] - fn test_1million_random_sha256() { - let mut sh = Sha256::new(); - test_digest_1million_random( - &mut sh, - 64, - "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0"); - } -} - - - -#[cfg(all(test, feature = "with-bench"))] -mod bench { - use test::Bencher; - use digest::Digest; - use sha2::{STATE_LEN, BLOCK_LEN}; - use sha2::{Sha256, Sha512, sha256_digest_block_u32, sha512_digest_block_u64}; - - #[bench] - pub fn sha256_block(bh: & mut Bencher) { - let mut state = [0u32; STATE_LEN]; - let words = [1u32; BLOCK_LEN]; - bh.iter( || { - sha256_digest_block_u32(&mut state, &words); - }); - bh.bytes = 64u64; - } - - #[bench] - pub fn sha512_block(bh: & mut Bencher) { - let mut state = [0u64; STATE_LEN]; - let words = [1u64; BLOCK_LEN]; - bh.iter( || { - sha512_digest_block_u64(&mut state, &words); - }); - bh.bytes = 128u64; - } - - #[bench] - pub fn sha256_10(bh: & mut Bencher) { - let mut sh = Sha256::new(); - let bytes = [1u8; 10]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn sha256_1k(bh: & mut Bencher) { - let mut sh = Sha256::new(); - let bytes = [1u8; 1024]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn sha256_64k(bh: & mut Bencher) { - let mut sh = Sha256::new(); - let bytes = [1u8; 65536]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn sha512_10(bh: & mut Bencher) { - let mut sh = Sha512::new(); - let bytes = [1u8; 10]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn sha512_1k(bh: & mut Bencher) { - let mut sh = Sha512::new(); - let bytes = [1u8; 1024]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - - #[bench] - pub fn sha512_64k(bh: & mut Bencher) { - let mut sh = Sha512::new(); - let bytes = [1u8; 65536]; - bh.iter( || { - sh.input(&bytes); - }); - bh.bytes = bytes.len() as u64; - } - -} diff --git a/rcw/src/sha3.rs b/rcw/src/sha3.rs deleted file mode 100644 index 781755e..0000000 --- a/rcw/src/sha3.rs +++ /dev/null @@ -1,454 +0,0 @@ -// Copyright 2012-2013 The Rust Project Developers. See the COPYRIGHT -// file at the top-level directory of this distribution and at -// http://rust-lang.org/COPYRIGHT. -// -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -/*! -An implementation of the SHA-3 cryptographic hash algorithms. - -There are 6 standard algorithms specified in the SHA-3 standard: - - * `SHA3-224` - * `SHA3-256` - * `SHA3-384` - * `SHA3-512` - * `SHAKE128`, an extendable output function (XOF) - * `SHAKE256`, an extendable output function (XOF) - * `Keccak224`, `Keccak256`, `Keccak384`, `Keccak512` (NIST submission without padding changes) - -Based on an [implementation by Sébastien Martini](https://github.com/seb-m/crypto.rs/blob/master/src/sha3.rs) - -# Usage - -An example of using `SHA3-256` is: - -```rust -use self::rcw::digest::Digest; -use self::rcw::sha3::Sha3; - -// create a SHA3-256 object -let mut hasher = Sha3::sha3_256(); - -// write input message -hasher.input_str("abc"); - -// read hash digest -let hex = hasher.result_str(); - -assert_eq!(hex, "3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532"); -``` - - */ - -use std::cmp; - -use digest::Digest; -use cryptoutil::{write_u64v_le, read_u64v_le, zero}; - -const B: usize = 200; -const NROUNDS: usize = 24; -const RC: [u64; 24] = [ - 0x0000000000000001, - 0x0000000000008082, - 0x800000000000808a, - 0x8000000080008000, - 0x000000000000808b, - 0x0000000080000001, - 0x8000000080008081, - 0x8000000000008009, - 0x000000000000008a, - 0x0000000000000088, - 0x0000000080008009, - 0x000000008000000a, - 0x000000008000808b, - 0x800000000000008b, - 0x8000000000008089, - 0x8000000000008003, - 0x8000000000008002, - 0x8000000000000080, - 0x000000000000800a, - 0x800000008000000a, - 0x8000000080008081, - 0x8000000000008080, - 0x0000000080000001, - 0x8000000080008008 -]; -const ROTC: [usize; 24] = [ - 1, 3, 6, 10, 15, 21, 28, 36, - 45, 55, 2, 14, 27, 41, 56, 8, - 25, 43, 62, 18, 39, 61, 20, 44 -]; -const PIL: [usize; 24] = [ - 10, 7, 11, 17, 18, 3, 5, 16, - 8, 21, 24, 4, 15, 23, 19, 13, - 12, 2, 20, 14, 22, 9, 6, 1 -]; -const M5: [usize; 10] = [ - 0, 1, 2, 3, 4, 0, 1, 2, 3, 4 -]; - -#[inline] -fn rotl64(v: u64, n: usize) -> u64 { - ((v << (n % 64)) & 0xffffffffffffffff) ^ (v >> (64 - (n % 64))) -} - -// Code based on Keccak-compact64.c from ref implementation. -fn keccak_f(state: &mut [u8]) { - assert!(state.len() == B); - - let mut s: [u64; 25] = [0; 25]; - let mut t: [u64; 1] = [0; 1]; - let mut c: [u64; 5] = [0; 5]; - - read_u64v_le(&mut s, state); - - for round in 0..NROUNDS { - // Theta - for x in 0..5 { - c[x] = s[x] ^ s[5 + x] ^ s[10 + x] ^ s[15 + x] ^ s[20 + x]; - } - for x in 0..5 { - t[0] = c[M5[x + 4]] ^ rotl64(c[M5[x + 1]], 1); - for y in 0..5 { - s[y * 5 + x] = s[y * 5 + x] ^ t[0]; - } - } - - // Rho Pi - t[0] = s[1]; - for x in 0..24 { - c[0] = s[PIL[x]]; - s[PIL[x]] = rotl64(t[0], ROTC[x]); - t[0] = c[0]; - } - - // Chi - for y in 0..5 { - for x in 0..5 { - c[x] = s[y * 5 + x]; - } - for x in 0..5 { - s[y * 5 + x] = c[x] ^ (!c[M5[x + 1]] & c[M5[x + 2]]); - } - } - - // Iota - s[0] = s[0] ^ RC[round]; - } - - write_u64v_le(state, &s); -} - - -/// SHA-3 Modes. -#[allow(non_camel_case_types)] -#[derive(Debug, Copy, Clone)] -pub enum Sha3Mode { - Sha3_224, - Sha3_256, - Sha3_384, - Sha3_512, - Shake128, - Shake256, - Keccak224, - Keccak256, - Keccak384, - Keccak512, -} - -impl Sha3Mode { - /// Return the expected hash size in bytes specified for `mode`, or 0 - /// for modes with variable output as for shake functions. - pub fn digest_length(&self) -> usize { - match *self { - Sha3Mode::Sha3_224 | Sha3Mode::Keccak224 => 28, - Sha3Mode::Sha3_256 | Sha3Mode::Keccak256 => 32, - Sha3Mode::Sha3_384 | Sha3Mode::Keccak384 => 48, - Sha3Mode::Sha3_512 | Sha3Mode::Keccak512 => 64, - Sha3Mode::Shake128 | Sha3Mode::Shake256 => 0 - } - } - - /// Return `true` if `mode` is a SHAKE mode. - pub fn is_shake(&self) -> bool { - match *self { - Sha3Mode::Shake128 | Sha3Mode::Shake256 => true, - _ => false - } - } - - /// Return `true` if `mode` is a Keccak mode. - pub fn is_keccak(&self) -> bool { - match *self { - Sha3Mode::Keccak224 | Sha3Mode::Keccak256 | Sha3Mode::Keccak384 | Sha3Mode::Keccak512 => true, - _ => false - } - } - - /// Return the capacity in bytes. - fn capacity(&self) -> usize { - match *self { - Sha3Mode::Sha3_224 | Sha3Mode::Keccak224 => 56, - Sha3Mode::Sha3_256 | Sha3Mode::Keccak256 => 64, - Sha3Mode::Sha3_384 | Sha3Mode::Keccak384 => 96, - Sha3Mode::Sha3_512 | Sha3Mode::Keccak512 => 128, - Sha3Mode::Shake128 => 32, - Sha3Mode::Shake256 => 64 - } - } -} - - -pub struct Sha3 { - state: [u8; B], // B bytes - mode: Sha3Mode, - can_absorb: bool, // Can absorb - can_squeeze: bool, // Can squeeze - offset: usize // Enqueued bytes in state for absorb phase - // Squeeze offset for squeeze phase -} - -impl Sha3 { - /// New SHA-3 instanciated from specified SHA-3 `mode`. - pub fn new(mode: Sha3Mode) -> Sha3 { - Sha3 { - state: [0; B], - mode: mode, - can_absorb: true, - can_squeeze: true, - offset: 0 - } - } - - /// New SHA3-224 instance. - pub fn sha3_224() -> Sha3 { - Sha3::new(Sha3Mode::Sha3_224) - } - - /// New SHA3-256 instance. - pub fn sha3_256() -> Sha3 { - Sha3::new(Sha3Mode::Sha3_256) - } - - /// New SHA3-384 instance. - pub fn sha3_384() -> Sha3 { - Sha3::new(Sha3Mode::Sha3_384) - } - - /// New SHA3-512 instance. - pub fn sha3_512() -> Sha3 { - Sha3::new(Sha3Mode::Sha3_512) - } - - /// New SHAKE-128 instance. - pub fn shake_128() -> Sha3 { - Sha3::new(Sha3Mode::Shake128) - } - - /// New SHAKE-256 instance. - pub fn shake_256() -> Sha3 { - Sha3::new(Sha3Mode::Shake256) - } - - /// New Keccak224 instance. - pub fn keccak224() -> Sha3 { - Sha3::new(Sha3Mode::Keccak224) - } - - /// New Keccak256 instance. - pub fn keccak256() -> Sha3 { - Sha3::new(Sha3Mode::Keccak256) - } - - /// New Keccak384 instance. - pub fn keccak384() -> Sha3 { - Sha3::new(Sha3Mode::Keccak384) - } - - /// New Keccak512 instance. - pub fn keccak512() -> Sha3 { - Sha3::new(Sha3Mode::Keccak512) - } - - fn finalize(&mut self) { - assert!(self.can_absorb); - - let output_bits = self.output_bits(); - - let ds_len = if self.mode.is_keccak() { - 0 - } else if output_bits != 0 { - 2 - } else { - 4 - }; - - fn set_domain_sep(out_len: usize, buf: &mut [u8]) { - assert!(buf.len() > 0); - if out_len != 0 { - // 01... - buf[0] &= 0xfe; - buf[0] |= 0x2; - } else { - // 1111... - buf[0] |= 0xf; - } - } - - // All parameters are expected to be in bits. - fn pad_len(ds_len: usize, offset: usize, rate: usize) -> usize { - assert!(rate % 8 == 0 && offset % 8 == 0); - let r: i64 = rate as i64; - let m: i64 = (offset + ds_len) as i64; - let zeros = (((-m - 2) + 2 * r) % r) as usize; - assert!((m as usize + zeros + 2) % 8 == 0); - (ds_len as usize + zeros + 2) / 8 - } - - fn set_pad(offset: usize, buf: &mut [u8]) { - assert!(buf.len() as f32 >= ((offset + 2) as f32 / 8.0).ceil()); - let s = offset / 8; - let buflen = buf.len(); - buf[s] |= 1 << (offset % 8); - for i in (offset % 8) + 1..8 { - buf[s] &= !(1 << i); - } - for i in s + 1..buf.len() { - buf[i] = 0; - } - buf[buflen - 1] |= 0x80; - } - - let p_len = pad_len(ds_len, self.offset * 8, self.rate() * 8); - - let mut p: Vec = vec![0; p_len]; - - if ds_len != 0 { - set_domain_sep(self.output_bits(), &mut p); - } - - set_pad(ds_len, &mut p); - - self.input(&p); - self.can_absorb = false; - } - - fn rate(&self) -> usize { - B - self.mode.capacity() - } -} - -impl Digest for Sha3 { - fn input(&mut self, data: &[u8]) { - if !self.can_absorb { - panic!("Invalid state, absorb phase already finalized."); - } - - let r = self.rate(); - assert!(self.offset < r); - - let in_len = data.len(); - let mut in_pos: usize = 0; - - // Absorb - while in_pos < in_len { - let offset = self.offset; - let nread = cmp::min(r - offset, in_len - in_pos); - for i in 0..nread { - self.state[offset + i] = self.state[offset + i] ^ data[in_pos + i]; - } - in_pos += nread; - - if offset + nread != r { - self.offset += nread; - break; - } - - self.offset = 0; - keccak_f(&mut self.state); - } - } - - fn result(&mut self, out: &mut [u8]) { - if !self.can_squeeze { - panic!("Nothing left to squeeze."); - } - - if self.can_absorb { - self.finalize(); - } - - let r = self.rate(); - let out_len = self.mode.digest_length(); - if out_len != 0 { - assert!(self.offset < out_len); - } else { - assert!(self.offset < r); - } - - let in_len = out.len(); - let mut in_pos: usize = 0; - - // Squeeze - while in_pos < in_len { - let offset = self.offset % r; - let mut nread = cmp::min(r - offset, in_len - in_pos); - if out_len != 0 { - nread = cmp::min(nread, out_len - self.offset); - } - - for i in 0..nread { - out[in_pos + i] = self.state[offset + i]; - } - in_pos += nread; - - if offset + nread != r { - self.offset += nread; - break; - } - - if out_len == 0 { - self.offset = 0; - } else { - self.offset += nread; - } - - keccak_f(&mut self.state); - } - - if out_len != 0 && out_len == self.offset { - self.can_squeeze = false; - } - } - - fn reset(&mut self) { - self.can_absorb = true; - self.can_squeeze = true; - self.offset = 0; - - zero(&mut self.state); - } - - fn output_bits(&self) -> usize { - self.mode.digest_length() * 8 - } - - fn block_size(&self) -> usize { - B - self.mode.capacity() - } -} - -impl Copy for Sha3 { - -} - -impl Clone for Sha3 { - fn clone(&self) -> Self { - *self - } -} diff --git a/rcw/src/simd.rs b/rcw/src/simd.rs deleted file mode 100644 index 53f6d20..0000000 --- a/rcw/src/simd.rs +++ /dev/null @@ -1,121 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -pub use self::fake::*; - -pub trait SimdExt { - fn simd_eq(self, rhs: Self) -> Self; -} - -impl SimdExt for fake::u32x4 { - fn simd_eq(self, rhs: Self) -> Self { - if self == rhs { - fake::u32x4(0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff) - } else { - fake::u32x4(0, 0, 0, 0) - } - } -} - -mod fake { - use std::ops::{Add, BitAnd, BitOr, BitXor, Shl, Shr, Sub}; - - #[derive(Clone, Copy, PartialEq, Eq)] - #[allow(non_camel_case_types)] - pub struct u32x4(pub u32, pub u32, pub u32, pub u32); - - impl Add for u32x4 { - type Output = u32x4; - - fn add(self, rhs: u32x4) -> u32x4 { - u32x4( - self.0.wrapping_add(rhs.0), - self.1.wrapping_add(rhs.1), - self.2.wrapping_add(rhs.2), - self.3.wrapping_add(rhs.3)) - } - } - - impl Sub for u32x4 { - type Output = u32x4; - - fn sub(self, rhs: u32x4) -> u32x4 { - u32x4( - self.0.wrapping_sub(rhs.0), - self.1.wrapping_sub(rhs.1), - self.2.wrapping_sub(rhs.2), - self.3.wrapping_sub(rhs.3)) - } - } - - impl BitAnd for u32x4 { - type Output = u32x4; - - fn bitand(self, rhs: u32x4) -> u32x4 { - u32x4(self.0 & rhs.0, self.1 & rhs.1, self.2 & rhs.2, self.3 & rhs.3) - } - } - - impl BitOr for u32x4 { - type Output = u32x4; - - fn bitor(self, rhs: u32x4) -> u32x4 { - u32x4(self.0 | rhs.0, self.1 | rhs.1, self.2 | rhs.2, self.3 | rhs.3) - } - } - - impl BitXor for u32x4 { - type Output = u32x4; - - fn bitxor(self, rhs: u32x4) -> u32x4 { - u32x4(self.0 ^ rhs.0, self.1 ^ rhs.1, self.2 ^ rhs.2, self.3 ^ rhs.3) - } - } - - impl Shl for u32x4 { - type Output = u32x4; - - fn shl(self, amt: usize) -> u32x4 { - u32x4(self.0 << amt, self.1 << amt, self.2 << amt, self.3 << amt) - } - } - - impl Shl for u32x4 { - type Output = u32x4; - - fn shl(self, rhs: u32x4) -> u32x4 { - u32x4(self.0 << rhs.0, self.1 << rhs.1, self.2 << rhs.2, self.3 << rhs.3) - } - } - - impl Shr for u32x4 { - type Output = u32x4; - - fn shr(self, amt: usize) -> u32x4 { - u32x4(self.0 >> amt, self.1 >> amt, self.2 >> amt, self.3 >> amt) - } - } - - impl Shr for u32x4 { - type Output = u32x4; - - fn shr(self, rhs: u32x4) -> u32x4 { - u32x4(self.0 >> rhs.0, self.1 >> rhs.1, self.2 >> rhs.2, self.3 >> rhs.3) - } - } - - #[derive(Clone, Copy)] - #[allow(non_camel_case_types)] - pub struct u64x2(pub u64, pub u64); - - impl Add for u64x2 { - type Output = u64x2; - - fn add(self, rhs: u64x2) -> u64x2 { - u64x2(self.0.wrapping_add(rhs.0), self.1.wrapping_add(rhs.1)) - } - } -} diff --git a/rcw/src/step_by.rs b/rcw/src/step_by.rs deleted file mode 100644 index ac12d4b..0000000 --- a/rcw/src/step_by.rs +++ /dev/null @@ -1,50 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -/// This module just implements a simple verison of step_by() since -/// the function from the standard library is currently unstable. -/// This should be removed once that function becomes stable. - -use std::ops::{Add, Range}; - -#[derive(Clone)] -pub struct StepUp { - next: T, - end: T, - ammount: T -} - -impl Iterator for StepUp where - T: Add + PartialOrd + Copy { - type Item = T; - - #[inline] - fn next(&mut self) -> Option { - if self.next < self.end { - let n = self.next; - self.next = self.next + self.ammount; - Some(n) - } else { - None - } - } -} - -pub trait RangeExt { - fn step_up(self, ammount: T) -> StepUp; -} - -impl RangeExt for Range where - T: Add + PartialOrd + Copy { - fn step_up(self, ammount: T) -> StepUp { - StepUp { - next: self.start, - end: self.end, - ammount: ammount - } - } -} - diff --git a/rcw/src/symmetriccipher.rs b/rcw/src/symmetriccipher.rs deleted file mode 100644 index 43b52c2..0000000 --- a/rcw/src/symmetriccipher.rs +++ /dev/null @@ -1,70 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -use buffer::{BufferResult, RefReadBuffer, RefWriteBuffer}; -use cryptoutil::symm_enc_or_dec; - -pub trait BlockEncryptor { - fn block_size(&self) -> usize; - fn encrypt_block(&self, input: &[u8], output: &mut [u8]); -} - -pub trait BlockEncryptorX8 { - fn block_size(&self) -> usize; - fn encrypt_block_x8(&self, input: &[u8], output: &mut [u8]); -} - -pub trait BlockDecryptor { - fn block_size(&self) -> usize; - fn decrypt_block(&self, input: &[u8], output: &mut [u8]); -} - -pub trait BlockDecryptorX8 { - fn block_size(&self) -> usize; - fn decrypt_block_x8(&self, input: &[u8], output: &mut [u8]); -} - -#[derive(Debug, Clone, Copy)] -pub enum SymmetricCipherError { - InvalidLength, - InvalidPadding -} - -pub trait Encryptor { - fn encrypt(&mut self, input: &mut RefReadBuffer, output: &mut RefWriteBuffer, eof: bool) - -> Result; -} - -pub trait Decryptor { - fn decrypt(&mut self, input: &mut RefReadBuffer, output: &mut RefWriteBuffer, eof: bool) - -> Result; -} - -pub trait SynchronousStreamCipher { - fn process(&mut self, input: &[u8], output: &mut [u8]); -} - -// TODO - Its a bit unclear to me why this is necessary -impl SynchronousStreamCipher for Box { - fn process(&mut self, input: &[u8], output: &mut [u8]) { - let me = &mut **self; - me.process(input, output); - } -} - -impl Encryptor for Box { - fn encrypt(&mut self, input: &mut RefReadBuffer, output: &mut RefWriteBuffer, _: bool) - -> Result { - symm_enc_or_dec(self, input, output) - } -} - -impl Decryptor for Box { - fn decrypt(&mut self, input: &mut RefReadBuffer, output: &mut RefWriteBuffer, _: bool) - -> Result { - symm_enc_or_dec(self, input, output) - } -} diff --git a/rcw/src/util.rs b/rcw/src/util.rs deleted file mode 100644 index edf75a2..0000000 --- a/rcw/src/util.rs +++ /dev/null @@ -1,52 +0,0 @@ -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -pub fn secure_memset(dst: &mut [u8], val: u8) { - for i in 0..dst.len() { - dst[i] = val; - } -} - -/// Compare two vectors using a fixed number of operations. If the two vectors are not of equal -/// length, the function returns false immediately. -pub fn fixed_time_eq(lhs: &[u8], rhs: &[u8]) -> bool { - if lhs.len() != rhs.len() { - false - } else { - let mut v = 0; - for i in 0..lhs.len() { - let a = lhs[i]; - let b = rhs[i]; - v = v | (a ^ b); - }; - v == 0 - } -} - -#[cfg(test)] -mod test { - use util::fixed_time_eq; - - #[test] - pub fn test_fixed_time_eq() { - let a = [0, 1, 2]; - let b = [0, 1, 2]; - let c = [0, 1, 9]; - let d = [9, 1, 2]; - let e = [2, 1, 0]; - let f = [2, 2, 2]; - let g = [0, 0, 0]; - - assert!(fixed_time_eq(&a, &a)); - assert!(fixed_time_eq(&a, &b)); - - assert!(!fixed_time_eq(&a, &c)); - assert!(!fixed_time_eq(&a, &d)); - assert!(!fixed_time_eq(&a, &e)); - assert!(!fixed_time_eq(&a, &f)); - assert!(!fixed_time_eq(&a, &g)); - } -} diff --git a/rust b/rust new file mode 160000 index 0000000..bf573ff --- /dev/null +++ b/rust @@ -0,0 +1 @@ +Subproject commit bf573ffac7aad10c2995069825b451a7bd5ca687 diff --git a/wallet-crypto/Cargo.toml b/wallet-crypto/Cargo.toml deleted file mode 100644 index 7fda5c9..0000000 --- a/wallet-crypto/Cargo.toml +++ /dev/null @@ -1,14 +0,0 @@ -[package] -name = "wallet-crypto" -version = "0.1.0" -authors = ["vincent.hanquez@iohk.io"] -license = "MIT" -description = "A Rust implementation of cardano wallet" -keywords = [ "Cardano", "Wallet" ] - -[build-dependencies] - -[dependencies] -serde = "1.0" -serde_derive = "1.0" -rcw = { path = "../rcw" } diff --git a/wallet-crypto/src/address.rs b/wallet-crypto/src/address.rs deleted file mode 100644 index 4da09c9..0000000 --- a/wallet-crypto/src/address.rs +++ /dev/null @@ -1,587 +0,0 @@ -use std::fmt; -use std::collections::BTreeMap; -use serde; - -use rcw::digest::Digest; -use rcw::blake2b::Blake2b; -use rcw::sha3::Sha3; - -use util::base58; -use cbor; -use cbor::{ExtendedResult}; -use hdwallet::{XPub}; -use hdpayload::{HDAddressPayload}; - -/// Digest of the composition of `Blake2b_224 . Sha3_256` -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)] -pub struct DigestBlake2b224([u8;28]); -impl DigestBlake2b224 { - /// create digest from the given inputs by computing the SHA3_256 and - /// then the Blake2b_224. - /// - pub fn new(buf: &[u8]) -> Self - { - let mut b2b = Blake2b::new(28); - let mut sh3 = Sha3::sha3_256(); - let mut out1 = [0;32]; - let mut out2 = [0;28]; - sh3.input(buf); - sh3.result(&mut out1); - b2b.input(&out1); - b2b.result(&mut out2); - DigestBlake2b224::from_bytes(out2) - } - - /// create a Digest from the given 224 bits - pub fn from_bytes(bytes :[u8;28]) -> Self { DigestBlake2b224(bytes) } - pub fn from_slice(bytes: &[u8]) -> Option { - if bytes.len() != 28 { return None; } - let mut buf = [0;28]; - - buf[0..28].clone_from_slice(bytes); - Some(DigestBlake2b224::from_bytes(buf)) - } -} -impl fmt::Display for DigestBlake2b224 { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - self.0.iter().for_each(|byte| { - if byte < &0x10 { - write!(f, "0{:x}", byte).unwrap() - } else { - write!(f, "{:x}", byte).unwrap() - } - }); - Ok(()) - } -} -impl cbor::CborValue for DigestBlake2b224 { - fn encode(&self) -> cbor::Value { - cbor::Value::Bytes(cbor::Bytes::from_slice(self.0.as_ref())) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.bytes().and_then(|bytes| { - match DigestBlake2b224::from_slice(bytes.as_ref()) { - Some(digest) => Ok(digest), - None => { - cbor::Result::bytes(bytes, cbor::Error::InvalidSize(28)) - } - } - }).embed("while decoding DigestBlake2b224") - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)] -pub enum AddrType { - ATPubKey, - ATScript, - ATRedeem -} -// [TkListLen 1, TkInt (fromEnum t)] -impl AddrType { - fn from_u64(v: u64) -> Option { - match v { - 0 => Some(AddrType::ATPubKey), - 1 => Some(AddrType::ATScript), - 2 => Some(AddrType::ATRedeem), - _ => None, - } - } - fn to_byte(self) -> u8 { - match self { - AddrType::ATPubKey => 0, - AddrType::ATScript => 1, - AddrType::ATRedeem => 2 - } - } -} -impl cbor::CborValue for AddrType { - fn encode(&self) -> cbor::Value { - cbor::Value::U64(self.to_byte() as u64) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.u64().and_then(|v| { - match AddrType::from_u64(v) { - Some(addr_type) => Ok(addr_type), - None => cbor::Result::u64(v, cbor::Error::NotOneOf(&[cbor::Value::U64(0), cbor::Value::U64(1), cbor::Value::U64(2)])) - } - }).embed("while decoding AddrType") - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)] -pub struct StakeholderId(DigestBlake2b224); // of publickey (block2b 256) -impl StakeholderId { - pub fn new(pubk: &XPub) -> StakeholderId { - let buf = cbor::encode_to_cbor(pubk).unwrap(); - StakeholderId(DigestBlake2b224::new(buf.as_ref())) - } -} -impl cbor::CborValue for StakeholderId { - fn encode(&self) -> cbor::Value { cbor::CborValue::encode(&self.0) } - fn decode(value: cbor::Value) -> cbor::Result { - cbor::CborValue::decode(value).map(|digest| { StakeholderId(digest) }) - .embed("while decoding StakeholderId") - } -} -impl fmt::Display for StakeholderId { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - fmt::Display::fmt(&self.0, f) - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)] -pub enum StakeDistribution { - BootstrapEraDistr, - SingleKeyDistr(StakeholderId), -} - -const STAKE_DISTRIBUTION_TAG_BOOTSTRAP : u64 = 1; -const STAKE_DISTRIBUTION_TAG_SINGLEKEY : u64 = 0; - -impl StakeDistribution { - pub fn new_bootstrap_era() -> Self { StakeDistribution::BootstrapEraDistr } - pub fn new_single_stakeholder(si: StakeholderId) -> Self { - StakeDistribution::SingleKeyDistr(si) - } - pub fn new_single_key(pubk: &XPub) -> Self { - StakeDistribution::new_single_stakeholder(StakeholderId::new(pubk)) - } -} -impl cbor::CborValue for StakeDistribution { - fn encode(&self) -> cbor::Value { - let value = match self { - &StakeDistribution::BootstrapEraDistr => { - cbor::Value::Array( - vec![ cbor::Value::U64(STAKE_DISTRIBUTION_TAG_BOOTSTRAP) - ] - ) - } - &StakeDistribution::SingleKeyDistr(ref si) => { - cbor::Value::Array( - vec![ cbor::Value::U64(STAKE_DISTRIBUTION_TAG_SINGLEKEY) - , cbor::CborValue::encode(si) - ] - ) - } - }; - let bytes = cbor::encode_to_cbor(&value).unwrap(); - cbor::Value::Bytes(cbor::Bytes::new(bytes)) - } - fn decode(value: cbor::Value) -> cbor::Result { - let bytes = value.bytes() - .embed("while decoding `StakeDistribution''s first level of indirection")?; - let value = cbor::decode_from_cbor::(bytes.as_ref()) - .embed("while decoding `StakeDistribution`'s from cbor bytes")?; - value.array().and_then(|sum_type| { - let (sum_type, n) = cbor::array_decode_elem(sum_type, 0) - .embed("while decoding `StakeDistribution`'s sumtype indice")?; - if n == STAKE_DISTRIBUTION_TAG_BOOTSTRAP { - Ok(StakeDistribution::new_bootstrap_era()) - } else if n == STAKE_DISTRIBUTION_TAG_SINGLEKEY { - let (sum_type, k) = cbor::array_decode_elem(sum_type, 0) - .embed("while decoding single key stake distribution")?; - if sum_type.len() != 0 { - return cbor::Result::array(sum_type, cbor::Error::UnparsedValues); - } - Ok(StakeDistribution::new_single_stakeholder(k)) - } else { - cbor::Result::array(sum_type, cbor::Error::InvalidSumtype(n)) - } - }).embed("while decoding `StakeDistribution`") - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone)] -pub struct Attributes { - pub derivation_path: Option, - pub stake_distribution: StakeDistribution - // attr_remains ? whatever... -} -impl Attributes { - pub fn new_bootstrap_era(hdap: Option) -> Self { - Attributes { - derivation_path: hdap, - stake_distribution: StakeDistribution::BootstrapEraDistr - } - } - pub fn new_single_key(pubk: &XPub, hdap: Option) -> Self { - Attributes { - derivation_path: hdap, - stake_distribution: StakeDistribution::new_single_key(pubk) - } - } -} -const ATTRIBUTE_NAME_TAG_STAKE : u64 = 0; -const ATTRIBUTE_NAME_TAG_DERIVATION : u64 = 1; - -impl cbor::CborValue for Attributes { - fn encode(&self) -> cbor::Value { - let mut map = BTreeMap::new(); - match &self.stake_distribution { - &StakeDistribution::BootstrapEraDistr => { /**/ }, - &StakeDistribution::SingleKeyDistr(_) => { - map.insert( - cbor::ObjectKey::Integer(ATTRIBUTE_NAME_TAG_STAKE), - cbor::CborValue::encode(&self.stake_distribution) - ); - } - }; - map.insert( - cbor::ObjectKey::Integer(ATTRIBUTE_NAME_TAG_DERIVATION), - cbor::CborValue::encode(&self.derivation_path) - ); - cbor::Value::Object(map) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.object().and_then(|object| { - let (object, stake_distribution) = cbor::object_decode_elem(object, cbor::ObjectKey::Integer(ATTRIBUTE_NAME_TAG_STAKE)) - .or_else(|(val, _)| val.object().map(|obj| (obj, StakeDistribution::BootstrapEraDistr)))?; - let (object, derivation_path) = cbor::object_decode_elem(object, cbor::ObjectKey::Integer(ATTRIBUTE_NAME_TAG_DERIVATION)) - .embed("expected the derivation_path")?; - if object.len() != 0 { - return cbor::Result::object(object, cbor::Error::UnparsedValues); - } - Ok(Attributes { derivation_path: derivation_path, stake_distribution: stake_distribution }) - }).embed("while decoding `Attributes`") - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)] -pub struct Addr(DigestBlake2b224); -impl fmt::Display for Addr { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - fmt::Display::fmt(&self.0, f) - } -} -impl cbor::CborValue for Addr { - fn encode(&self) -> cbor::Value { cbor::CborValue::encode(&self.0) } - fn decode(value: cbor::Value) -> cbor::Result { - cbor::CborValue::decode(value).map(|digest| { Addr(digest) }) - .embed("while decoding Addr") - } -} -impl Addr { - pub fn new(addr_type: AddrType, spending_data: &SpendingData, attrs: &Attributes) -> Addr { - let d : (AddrType, SpendingData, Attributes) = (addr_type, spending_data.clone(), attrs.clone()); - let v = cbor::encode_to_cbor(&d).unwrap(); - Addr(DigestBlake2b224::new(v.as_slice())) - } - - /// create a Digest from the given 224 bits - pub fn from_bytes(bytes :[u8;28]) -> Self { Addr(DigestBlake2b224::from_bytes(bytes)) } -} - -#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone)] -pub struct ExtendedAddr { - pub addr: Addr, - pub attributes: Attributes, - pub addr_type: AddrType, -} -impl ExtendedAddr { - pub fn new(ty: AddrType, sd: SpendingData, attrs: Attributes) -> Self { - ExtendedAddr { - addr: Addr::new(ty, &sd, &attrs), - attributes: attrs, - addr_type: ty - } - } - - /// encode an `ExtendedAddr` to cbor with the extra details and `crc32` - /// - /// ``` - /// use wallet_crypto::address::{AddrType, ExtendedAddr, SpendingData, Attributes, Addr}; - /// use wallet_crypto::hdwallet; - /// use wallet_crypto::hdpayload::{HDAddressPayload}; - /// - /// let seed = hdwallet::Seed::from_bytes([0;32]); - /// let sk = hdwallet::XPrv::generate_from_seed(&seed); - /// let pk = sk.public(); - /// - /// let hdap = HDAddressPayload::from_vec(vec![1,2,3,4,5]); - /// let addr_type = AddrType::ATPubKey; - /// let sd = SpendingData::PubKeyASD(pk.clone()); - /// let attrs = Attributes::new_single_key(&pk, Some(hdap)); - /// - /// let ea = ExtendedAddr::new(addr_type, sd, attrs); - /// - /// let out = ea.to_bytes(); - /// - /// assert_eq!(out.len(), 86); // 86 is the length in this given case. - /// ``` - /// - pub fn to_bytes(&self) -> Vec { - cbor::encode_to_cbor(self).unwrap() - } - - /// decode an `ExtendedAddr` to cbor with the extra details and `crc32` - /// - /// ``` - /// use wallet_crypto::address::{AddrType, ExtendedAddr, SpendingData, Attributes, Addr}; - /// use wallet_crypto::hdwallet; - /// use wallet_crypto::hdpayload::{HDAddressPayload}; - /// - /// let seed = hdwallet::Seed::from_bytes([0;32]); - /// let sk = hdwallet::XPrv::generate_from_seed(&seed); - /// let pk = sk.public(); - /// - /// let hdap = HDAddressPayload::from_vec(vec![1,2,3,4,5]); - /// let addr_type = AddrType::ATPubKey; - /// let sd = SpendingData::PubKeyASD(pk.clone()); - /// let attrs = Attributes::new_single_key(&pk, Some(hdap)); - /// - /// let ea = ExtendedAddr::new(addr_type, sd, attrs); - /// - /// let out = ea.to_bytes(); - /// - /// let r = ExtendedAddr::from_bytes(&out).unwrap(); - /// assert_eq!(ea, r); - /// ``` - /// - pub fn from_bytes(buf: &[u8]) -> cbor::Result { - cbor::decode_from_cbor(buf) - } -} -impl cbor::CborValue for ExtendedAddr { - fn encode(&self) -> cbor::Value { - cbor::hs::util::encode_with_crc32(&(self.addr.clone(), self.attributes.clone(), self.addr_type.clone())) - } - fn decode(value: cbor::Value) -> cbor::Result { - let (addr, attr, ty) = cbor::hs::util::decode_with_crc32(value) - .embed("while decoding `ExtendedAddr`")?; - Ok(ExtendedAddr{addr:addr, attributes: attr, addr_type: ty}) - } -} -impl fmt::Display for ExtendedAddr { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - Ok(()) - } -} -impl serde::Serialize for ExtendedAddr -{ - #[inline] - fn serialize(&self, serializer: S) -> Result - where S: serde::Serializer, - { - let vec = cbor::encode_to_cbor(self).unwrap(); - if serializer.is_human_readable() { - serializer.serialize_str(&base58::encode(&vec)) - } else { - serializer.serialize_bytes(&vec) - } - } -} -struct XAddrVisitor(); -impl XAddrVisitor { fn new() -> Self { XAddrVisitor {} } } -impl<'de> serde::de::Visitor<'de> for XAddrVisitor { - type Value = ExtendedAddr; - - fn expecting(&self, fmt: &mut fmt::Formatter) -> fmt::Result { - write!(fmt, "Expecting an Extended Address (`ExtendedAddr`)") - } - - fn visit_str<'a, E>(self, v: &'a str) -> Result - where E: serde::de::Error - { - let bytes = base58::decode(v); - - match cbor::decode_from_cbor(&bytes) { - Err((val, err)) => { Err(E::custom(format!("{:?}\n{:?}", err, val))) }, - Ok(v) => Ok(v) - } - } - - fn visit_bytes<'a, E>(self, v: &'a [u8]) -> Result - where E: serde::de::Error - { - match cbor::decode_from_cbor(v) { - Err((val, err)) => { Err(E::custom(format!("{:?}\n{:?}", err, val))) }, - Ok(v) => Ok(v) - } - } -} -impl<'de> serde::Deserialize<'de> for ExtendedAddr -{ - fn deserialize(deserializer: D) -> Result - where D: serde::Deserializer<'de> - { - if deserializer.is_human_readable() { - deserializer.deserialize_str(XAddrVisitor::new()) - } else { - deserializer.deserialize_bytes(XAddrVisitor::new()) - } - } -} - -pub type Script = [u8;32]; // TODO -pub type RedeemPublicKey = [u8;32]; //TODO - -const SPENDING_DATA_TAG_PUBKEY : u64 = 0; -const SPENDING_DATA_TAG_SCRIPT : u64 = 1; // TODO -const SPENDING_DATA_TAG_REDEEM : u64 = 2; // TODO - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)] -pub enum SpendingData { - PubKeyASD (XPub), - ScriptASD (Script), - RedeemASD (RedeemPublicKey) - // UnknownASD... whatever... -} -impl cbor::CborValue for SpendingData { - fn encode(&self) -> cbor::Value { - let mut v = vec![]; - match self { - &SpendingData::PubKeyASD(ref pk) => { - v.push(cbor::CborValue::encode(&SPENDING_DATA_TAG_PUBKEY)); - v.push(cbor::CborValue::encode(pk)); - }, - &SpendingData::ScriptASD(_) => unimplemented!(), - &SpendingData::RedeemASD(_) => unimplemented!(), - }; - cbor::Value::Array(v) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.array().and_then(|sum_type| { - let (sum_type, n) = cbor::array_decode_elem(sum_type, 0) - .embed("while retrieving the ID of the sum type")?; - if n == SPENDING_DATA_TAG_PUBKEY { - let (sum_type, pk) = cbor::array_decode_elem(sum_type, 0) - .embed("while decoding the public key")?; - if sum_type.len() != 0 { - return cbor::Result::array(sum_type, cbor::Error::UnparsedValues); - } - Ok(SpendingData::PubKeyASD(pk)) - } else { - cbor::Result::array(sum_type, cbor::Error::InvalidSumtype(n)) - } - }).embed("while decoding `SpendingData`") - } -} - -#[cfg(test)] -mod tests { - use address::*; - use hdwallet; - use util::base58; - - #[test] - fn test_make_address() { - let v = [ 0x2a, 0xc3, 0xcc, 0x97, 0xbb, 0xec, 0x47, 0x64, 0x96, 0xe8, 0x48, 0x07 - , 0xf3, 0x5d, 0xf7, 0x34, 0x9a, 0xcf, 0xba, 0xec, 0xe2, 0x00, 0xa2, 0x4b - , 0x7e, 0x26, 0x25, 0x0c]; - let addr = Addr::from_bytes(v); - - let seed = hdwallet::Seed::from_bytes([0;hdwallet::SEED_SIZE]); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - - let hdap = HDAddressPayload::from_vec(vec![1,2,3,4,5]); - let addr_type = AddrType::ATPubKey; - let sd = SpendingData::PubKeyASD(pk.clone()); - let attrs = Attributes::new_single_key(&pk, Some(hdap)); - - let ea = ExtendedAddr::new(addr_type, sd, attrs); - - assert_eq!(ea.addr, addr); - } - - #[test] - fn test_encode_extended_address() { - let v = vec![ 0x82, 0xd8, 0x18, 0x58, 0x4c, 0x83, 0x58, 0x1c, 0x2a, 0xc3, 0xcc, 0x97 - , 0xbb, 0xec, 0x47, 0x64, 0x96, 0xe8, 0x48, 0x07, 0xf3, 0x5d, 0xf7, 0x34 - , 0x9a, 0xcf, 0xba, 0xec, 0xe2, 0x00, 0xa2, 0x4b, 0x7e, 0x26, 0x25, 0x0c - , 0xa2, 0x00, 0x58, 0x20, 0x82, 0x00, 0x58, 0x1c, 0xa6, 0xd9, 0xae, 0xf4 - , 0x75, 0xf3, 0x41, 0x89, 0x67, 0xe8, 0x7f, 0x7e, 0x93, 0xf2, 0x0f, 0x99 - , 0xd8, 0xc7, 0xaf, 0x40, 0x6c, 0xba, 0x14, 0x6a, 0xff, 0xdb, 0x71, 0x91 - , 0x01, 0x46, 0x45, 0x01, 0x02, 0x03, 0x04, 0x05, 0x00, 0x1a, 0x89, 0xa5 - , 0x93, 0x71 - ]; - - let seed = hdwallet::Seed::from_bytes([0;hdwallet::SEED_SIZE]); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - - let hdap = HDAddressPayload::from_vec(vec![1,2,3,4,5]); - let addr_type = AddrType::ATPubKey; - let sd = SpendingData::PubKeyASD(pk.clone()); - let attrs = Attributes::new_single_key(&pk, Some(hdap)); - - let ea = ExtendedAddr::new(addr_type, sd, attrs); - - let out = cbor::encode_to_cbor(&ea).unwrap(); - - v.iter().for_each(|b| { - if *b < 0x10 { print!("0{:x}", b); } else { print!("{:x}", b); } - }); - println!(""); - out.iter().for_each(|b| { - if *b < 0x10 { print!("0{:x}", b); } else { print!("{:x}", b); } - }); - println!(""); - - assert_eq!(v, out); - - let r = ExtendedAddr::from_bytes(&out).unwrap(); - assert_eq!(ea, r); - } - - #[test] - fn encode_decode_digest_blake2b() { - let b = b"some random bytes..."; - let digest = DigestBlake2b224::new(b"some random bytes..."); - assert!(cbor::hs::encode_decode(&digest)) - } - #[test] - fn encode_decode_addr_type() { - let addr_type_1 = AddrType::ATPubKey; - let addr_type_2 = AddrType::ATScript; - let addr_type_3 = AddrType::ATRedeem; - assert!(cbor::hs::encode_decode(&addr_type_1)); - assert!(cbor::hs::encode_decode(&addr_type_2)); - assert!(cbor::hs::encode_decode(&addr_type_3)); - } - #[test] - fn encode_decode_stakeholderid() { - use hdwallet; - let seed = hdwallet::Seed::from_bytes([0;hdwallet::SEED_SIZE]); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - let si = StakeholderId::new(&pk); - assert!(cbor::hs::encode_decode(&si)); - } - #[test] - fn encode_decode_stakedistribution() { - use hdwallet; - let seed = hdwallet::Seed::from_bytes([0;hdwallet::SEED_SIZE]); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - let sd_1 = StakeDistribution::new_bootstrap_era(); - let sd_2 = StakeDistribution::new_single_key(&pk); - assert!(cbor::hs::encode_decode(&sd_1)); - assert!(cbor::hs::encode_decode(&sd_2)); - } - - #[test] - fn decode_address_1() { - let addr_str = "DdzFFzCqrhsyhumccfGyEj3WZzztSPr92ntRWB6UVVwzcMTpwoafVQ5vD9mdZ5Xind8ycugbmA8esxmo7NycjQFGSbDeKrxabTz8MVzf"; - let bytes = base58::decode(addr_str); - - let r = ExtendedAddr::from_bytes(&bytes).unwrap(); - - assert_eq!(r.addr_type, AddrType::ATPubKey); - assert_eq!(r.attributes.stake_distribution, StakeDistribution::BootstrapEraDistr); - } - - #[test] - fn decode_address_2() { - let addr_str = "DdzFFzCqrhsi8XFMabbnHecVusaebqQCkXTqDnCumx5esKB1pk1zbhX5BtdAivZbQePFVujgzNCpBVXactPSmphuHRC5Xk8qmBd49QjW"; - let bytes = base58::decode(addr_str); - - let r = ExtendedAddr::from_bytes(&bytes).unwrap(); - - let b = r.to_bytes(); - assert_eq!(addr_str, base58::encode(&b)); - - assert_eq!(r.addr_type, AddrType::ATPubKey); - assert_eq!(r.attributes.stake_distribution, StakeDistribution::BootstrapEraDistr); - } -} diff --git a/wallet-crypto/src/bip44.rs b/wallet-crypto/src/bip44.rs deleted file mode 100644 index d0f5c41..0000000 --- a/wallet-crypto/src/bip44.rs +++ /dev/null @@ -1,70 +0,0 @@ -use hdpayload::{Path}; - -pub const BIP44_PURPOSE : u32 = 0x8000002C; -pub const BIP44_COIN_TYPE : u32 = 0x80000717; - -#[derive(Clone, Serialize, Deserialize, Debug, PartialEq, Eq)] -pub struct Addressing { - pub account: u32, - pub change: u32, - pub index: u32, -} - -#[derive(Clone, Serialize, Deserialize, Debug, PartialEq, Eq)] -pub enum AddrType { - Internal, - External, -} - -impl Addressing { - pub fn new(account: u32, typ: AddrType) -> Self { - let change = match typ { - AddrType::Internal => 1, - AddrType::External => 0, - }; - Addressing { account: 0x80000000 | account, change: change, index: 0 } - } - - pub fn to_path(&self) -> Path { - Path::new(vec![BIP44_PURPOSE, BIP44_COIN_TYPE, self.account, self.change, self.index]) - } - - pub fn address_type(&self) -> AddrType { - if self.change == 0 { - AddrType::External - } else { - AddrType::Internal - } - } - - pub fn from_path(path: Path) -> Option { - if path.as_ref().len() != 5 { return None; } - if path.as_ref()[0] != BIP44_PURPOSE { return None; } - if path.as_ref()[1] != BIP44_COIN_TYPE { return None; } - if path.as_ref()[2] < 0x80000000 { return None; } - - Some(Addressing { - account: path.as_ref()[2], - change: path.as_ref()[3], - index: path.as_ref()[4], - }) - } - - pub fn incr(&self, incr: u32) -> Option { - if incr >= 0x80000000 { return None; } - let mut addr = self.clone(); - addr.index += incr; - Some(addr) - } - - pub fn next_chunks(&self, chunk_size: usize) -> Vec { - let mut v = Vec::with_capacity(chunk_size); - for i in 0..chunk_size { - match self.incr(i as u32) { - None => break, - Some(r) => v.push(r) - } - } - v - } -} diff --git a/wallet-crypto/src/cbor/hs.rs b/wallet-crypto/src/cbor/hs.rs deleted file mode 100644 index 75b0f30..0000000 --- a/wallet-crypto/src/cbor/hs.rs +++ /dev/null @@ -1,75 +0,0 @@ -//! the CBOR util and compatible with the haskell usage... - -#[cfg(test)] -use cbor::spec::{CborValue, encode_to_cbor, decode_from_cbor}; - -#[cfg(test)] -pub fn encode_decode(t: &T) -> bool { - let buf = encode_to_cbor(t).unwrap(); - - print!("what where encoded: "); - buf.iter().for_each(|b| {if *b<0x10 {print!("0{:x}", b);} else { print!("{:x}", b);}}); - println!(""); - - let v = decode_from_cbor(buf.as_ref()).expect("Should have decoded the CBOR"); - - t == &v -} - -pub mod util { - //! CBor util and other stuff - - use cbor; - use cbor::spec::{ExtendedResult}; - use crc32::{crc32}; - - pub fn encode_with_crc32(t: &T) -> cbor::Value { - let v = cbor::encode_to_cbor(t).unwrap(); - let crc32 = crc32(&v); - cbor::Value::Array( - vec![ cbor::Value::Tag(24, Box::new(cbor::Value::Bytes(cbor::Bytes::new(v)))) - , cbor::Value::U64(crc32 as u64) - ] - ) - } - pub fn decode_with_crc32(value: cbor::Value) -> cbor::Result { - value.array().and_then(|array| { - let (array, tag) : (Vec, cbor::Value) = cbor::array_decode_elem(array, 0) - .embed("tagged element for crc32")?; - let (array, crc) : (Vec, u32) = cbor::array_decode_elem(array, 0).embed("crc32 value")?; - if array.len() != 0 { - return cbor::Result::array(array, cbor::Error::UnparsedValues); - } - let bytes = tag.tag() - .and_then(|(t, b)| { - if t != 24 { - cbor::Result::tag(t, b, cbor::Error::InvalidTag(t)) - } else { - (*b).bytes() - } - }).embed("while decoding the tagged bytes")?; - let found_crc = crc32(bytes.as_ref()); - if crc != found_crc { - cbor::Result::u64(crc as u64, cbor::Error::InvalidValue(Box::new(cbor::Value::U64(found_crc as u64)))) - .embed("invalid CRC32") - } else { - cbor::decode_from_cbor(bytes.as_ref()) - } - }).embed("crc32 encoded CborValue") - } - - #[cfg(test)] - mod tests { - use super::*; - use cbor; - - #[test] - fn crc32() { - let bytes : Vec = b"some random string".iter().cloned().collect(); - let v = cbor::Bytes::new(bytes); - let dest = encode_with_crc32(&v); - let r : cbor::Bytes = decode_with_crc32(dest).unwrap(); - assert_eq!(v, r); - } - } -} diff --git a/wallet-crypto/src/cbor/mod.rs b/wallet-crypto/src/cbor/mod.rs deleted file mode 100644 index f8a1918..0000000 --- a/wallet-crypto/src/cbor/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -mod spec; - -// re-export the spec document as if it was defined here... -pub use self::spec::*; -pub mod hs; diff --git a/wallet-crypto/src/cbor/spec.rs b/wallet-crypto/src/cbor/spec.rs deleted file mode 100644 index dbe5b23..0000000 --- a/wallet-crypto/src/cbor/spec.rs +++ /dev/null @@ -1,762 +0,0 @@ -//! CBor as specified by the RFC - -use std::collections::{BTreeMap, LinkedList}; -use std::cmp::{min}; -use std::{io, result, fmt}; - -#[derive(Debug, PartialEq, PartialOrd, Eq, Ord, Copy, Clone)] -pub enum MajorType { - UINT, - NINT, - BYTES, - TEXT, - ARRAY, - MAP, - TAG, - T7 -} - -impl MajorType { - // serialize a major type in its highest bit form - fn to_byte(self, r: u8) -> u8 { - use self::MajorType::*; - assert!(r <= 0b0001_1111); - - r | match self { - UINT => 0b0000_0000, - NINT => 0b0010_0000, - BYTES => 0b0100_0000, - TEXT => 0b0110_0000, - ARRAY => 0b1000_0000, - MAP => 0b1010_0000, - TAG => 0b1100_0000, - T7 => 0b1110_0000 - } - } - - fn from_byte(byte: u8) -> Self { - use self::MajorType::*; - match byte & 0b1110_0000 { - 0b0000_0000 => UINT, - 0b0010_0000 => NINT, - 0b0100_0000 => BYTES, - 0b0110_0000 => TEXT, - 0b1000_0000 => ARRAY, - 0b1010_0000 => MAP, - 0b1100_0000 => TAG, - 0b1110_0000 => T7, - _ => panic!("the impossible happened!") - } - } -} - -#[test] -fn major_type_byte_encoding() { - for i in 0b0000_0000..0b0001_1111 { - assert!(MajorType::UINT == MajorType::from_byte(MajorType::to_byte(MajorType::UINT, i))); - assert!(MajorType::NINT == MajorType::from_byte(MajorType::to_byte(MajorType::NINT, i))); - assert!(MajorType::BYTES == MajorType::from_byte(MajorType::to_byte(MajorType::BYTES, i))); - assert!(MajorType::TEXT == MajorType::from_byte(MajorType::to_byte(MajorType::TEXT, i))); - assert!(MajorType::ARRAY == MajorType::from_byte(MajorType::to_byte(MajorType::ARRAY, i))); - assert!(MajorType::MAP == MajorType::from_byte(MajorType::to_byte(MajorType::MAP, i))); - assert!(MajorType::TAG == MajorType::from_byte(MajorType::to_byte(MajorType::TAG, i))); - assert!(MajorType::T7 == MajorType::from_byte(MajorType::to_byte(MajorType::T7, i))); - } -} - -#[derive(Clone, PartialEq, Eq)] -pub enum Error { - ExpectedU8, - ExpectedU16, - ExpectedU32, - ExpectedU64, - ExpectedI8, - ExpectedI16, - ExpectedI32, - ExpectedI64, - ExpectedBytes, - ExpectedText, - ExpectedArray, - ExpectedObject, - ExpectedTag, - ExpectedT7, - ArrayUndefinedIndex(usize), - ObjectUndefinedElement(ObjectKey), - InvalidSize(usize), - NotOneOf(&'static [Value]), - InvalidSumtype(u64), - InvalidTag(u64), - InvalidValue(Box), - UnparsedValues, - Between(u64, u64), - CannotParse, - - EmbedWith(&'static str, Box) -} -impl fmt::Debug for Error { - fn fmt(&self, f: &mut fmt::Formatter) -> result::Result<(), fmt::Error> { - match self { - &Error::ExpectedU8 => write!(f, "Expected U8"), - &Error::ExpectedU16 => write!(f, "Expected U16"), - &Error::ExpectedU32 => write!(f, "Expected U32"), - &Error::ExpectedU64 => write!(f, "Expected U64"), - &Error::ExpectedI8 => write!(f, "Expected I8"), - &Error::ExpectedI16 => write!(f, "Expected I16"), - &Error::ExpectedI32 => write!(f, "Expected I32"), - &Error::ExpectedI64 => write!(f, "Expected I64"), - &Error::ExpectedBytes => write!(f, "Expected Bytes"), - &Error::ExpectedText => write!(f, "Expected UTF8 String"), - &Error::ExpectedArray => write!(f, "Expected Array"), - &Error::ExpectedObject => write!(f, "Expected Object"), - &Error::ExpectedTag => write!(f, "Expected Tag"), - &Error::ExpectedT7 => write!(f, "Expected T7"), - &Error::ArrayUndefinedIndex(index) => write!(f, "Index {:?} undefined", index), - &Error::ObjectUndefinedElement(ref ok) => write!(f, "Key {:?} undefined", ok), - &Error::InvalidSize(size) => write!(f, "invalid size, expected {:?}", size), - &Error::NotOneOf(val) => write!(f, "Expected one of: {:?}", val), - &Error::InvalidSumtype(index) => write!(f, "expected sumtype's index {:?}", index), - &Error::InvalidTag(tag) => write!(f, "expected tag id {:?}", tag), - &Error::InvalidValue(ref val) => write!(f, "expected value {:?}", val), - &Error::UnparsedValues => write!(f, "unparsed values"), - &Error::Between(min, max) => write!(f, "expected between [{:?}..{:?}]", min, max), - &Error::CannotParse => write!(f, "cannot parse... generic error"), - &Error::EmbedWith(ref msg, ref embedded) => { - write!(f, "{}\n", msg)?; - write!(f, " {:?}", *embedded) - } - } - } -} - -pub type Result = result::Result; -pub trait ExtendedResult { - fn embed(self, &'static str) -> Self; - fn u64(v: u64, err: Error) -> Self; - fn i64(v: i64, err: Error) -> Self; - fn bytes(v: Bytes, err: Error) -> Self; - fn array(v: Vec, err: Error) -> Self; - fn iarray(v: LinkedList, err: Error) -> Self; - fn object(v: BTreeMap, err: Error) -> Self; - fn tag(tag: u64, v: Box, err:Error) -> Self; -} -impl ExtendedResult for Result { - fn embed(self, msg: &'static str) -> Self { - self.or_else(|(v, err)| { - Err((v, Error::EmbedWith(msg, Box::new(err)))) - }) - } - fn u64(v: u64, err: Error) -> Self { Err((Value::U64(v), err)) } - fn i64(v: i64, err: Error) -> Self { Err((Value::I64(v), err)) } - fn bytes(v: Bytes, err: Error) -> Self { Err((Value::Bytes(v), err)) } - fn array(v: Vec, err: Error) -> Self { Err((Value::Array(v), err)) } - fn iarray(v: LinkedList, err: Error) -> Self { Err((Value::IArray(v), err)) } - fn object(v: BTreeMap, err: Error) -> Self { Err((Value::Object(v), err)) } - fn tag(tag: u64, v: Box, err:Error) -> Self { - Err((Value::Tag(tag, v), err)) - } -} -pub fn array_decode_elem(mut array: Vec, index: usize) -> Result<(Vec, T)> - where T: CborValue -{ - match array.get(index).map(|v| v.clone()) { - Some(value) => { - array.remove(index); - CborValue::decode(value) - .map(|t| (array, t) ) - .embed("while decoding array's element") - }, - None => { Result::array(array, Error::ArrayUndefinedIndex(index)) } - } -} -pub fn object_decode_elem(mut object: BTreeMap, index: ObjectKey) -> Result<(BTreeMap, T)> - where T: CborValue -{ - match object.remove(&index) { - Some(value) => { - CborValue::decode(value) - .embed("while decoding object's element") - .and_then(|t| {Ok((object, t))}) - }, - None => { Result::object(object, Error::ObjectUndefinedElement(index)) } - } -} - -#[derive(Clone, Debug, PartialEq, Eq)] -pub enum Value { - U64(u64), - I64(i64), - Bytes(Bytes), - Array(Vec), - ArrayStart, - IArray(LinkedList), - Object(BTreeMap), - Tag(u64, Box), - Break, - Null, -} -impl Value { - pub fn u64(self) -> Result { - match self { - Value::U64(v) => Ok(v), - v => Err((v, Error::ExpectedU64)) - } - } - pub fn i64(self) -> Result { - match self { - Value::I64(v) => Ok(v), - v => Err((v, Error::ExpectedI64)) - } - } - pub fn bytes(self) -> Result { - match self { - Value::Bytes(v) => Ok(v), - v => Err((v, Error::ExpectedBytes)) - } - } - pub fn array(self) -> Result> { - match self { - Value::Array(v) => Ok(v), - v => Err((v, Error::ExpectedArray)) - } - } - pub fn iarray(self) -> Result> { - match self { - Value::IArray(v) => Ok(v), - v => Err((v, Error::ExpectedArray)) - } - } - pub fn object(self) -> Result> { - match self { - Value::Object(v) => Ok(v), - v => Err((v, Error::ExpectedObject)) - } - } - pub fn tag(self) -> Result<(u64, Box)> { - match self { - Value::Tag(t, v) => Ok((t, v)), - v => Err((v, Error::ExpectedTag)) - } - } - - pub fn decode(self) -> Result - where T: CborValue - { - CborValue::decode(self) - } -} - -#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)] -pub enum ObjectKey { - Integer(u64) -} - -pub trait CborValue: Sized { - fn encode(&self) -> Value; - fn decode(v: Value) -> Result; -} -impl CborValue for Value { - fn encode(&self) -> Value { self.clone() } - fn decode(v: Value) -> Result { Ok(v) } -} -impl CborValue for u8 { - fn encode(&self) -> Value { Value::U64(*self as u64) } - fn decode(v: Value) -> Result { - v.u64().and_then(|v| { - if v < 0x100 { Ok(v as Self) } else { Result::u64(v, Error::ExpectedU8) } - }).embed("while decoding `u8'") - } -} -impl CborValue for u16 { - fn encode(&self) -> Value { Value::U64(*self as u64) } - fn decode(v: Value) -> Result { - v.u64().and_then(|v| { - if v < 0x10000 { Ok(v as Self) } else { Result::u64(v, Error::ExpectedU16) } - }).embed("while decoding `u16'") - } -} -impl CborValue for u32 { - fn encode(&self) -> Value { Value::U64(*self as u64) } - fn decode(v: Value) -> Result { - v.u64().and_then(|v| { - if v < 0x100000000 { Ok(v as Self) } else { Result::u64(v, Error::ExpectedU32) } - }).embed("while decoding `u32'") - } -} -impl CborValue for u64 { - fn encode(&self) -> Value { Value::U64(*self) } - fn decode(v: Value) -> Result { - v.u64().embed("while decoding `u64'") - } -} -#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone)] -pub struct Bytes(Vec); -impl AsRef<[u8]> for Bytes { fn as_ref(&self) -> &[u8] { self.0.as_ref() } } -impl Bytes { - pub fn new(bytes: Vec) -> Self { Bytes(bytes) } - pub fn from_slice(bytes: &[u8]) -> Self { Bytes::new(bytes.iter().cloned().collect()) } - pub fn len(&self) -> usize { self.0.len() } - pub fn to_vec(self) -> Vec { self.0 } -} -impl CborValue for Bytes { - fn encode(&self) -> Value { Value::Bytes(self.clone()) } - fn decode(v: Value) -> Result { v.bytes() } -} -impl CborValue for Vec where T: CborValue { - fn encode(&self) -> Value { - let mut vec = vec![]; - for i in self.iter() { - let v = CborValue::encode(i); - vec.push(v); - } - Value::Array(vec) - } - fn decode(value: Value) -> Result { - value.array().and_then(|array| { - let mut vec = vec![]; - for i in array.iter() { - let v = CborValue::decode(i.clone())?; - vec.push(v); - } - Ok(vec) - }) - } -} -impl CborValue for LinkedList where T: CborValue { - fn encode(&self) -> Value { - let mut l = LinkedList::new(); - for i in self.iter() { - let v = CborValue::encode(i); - l.push_back(v); - } - Value::IArray(l) - } - fn decode(value: Value) -> Result { - value.iarray().and_then(|list| { - let mut r = LinkedList::new(); - for i in list.iter() { - let v = CborValue::decode(i.clone())?; - r.push_back(v); - } - Ok(r) - }) - } -} -impl CborValue for Option where T: CborValue { - fn encode(&self) -> Value { - match self { - &None => Value::Null, - &Some(ref v) => CborValue::encode(v) - } - } - fn decode(value: Value) -> Result { - CborValue::decode(value).map(|v| {Some(v)}).or(Ok(None)) - } -} -impl CborValue for (A, B) - where A: CborValue - , B: CborValue -{ - fn encode(&self) -> Value { - Value::Array( - vec![ CborValue::encode(&self.0) - , CborValue::encode(&self.1) - ] - ) - } - fn decode(v: Value) -> Result { - v.array().and_then(|tuple| { - let (tuple, x) = array_decode_elem(tuple, 0).embed("while decoding first's element of the tuple")?; - let (tuple, y) = array_decode_elem(tuple, 0).embed("while decoding second's element of the tuple")?; - if tuple.len() != 0 { - Result::array(tuple, Error::UnparsedValues) - } else { - Ok((x,y)) - } - }) - } -} -impl CborValue for (A, B, C) - where A: CborValue - , B: CborValue - , C: CborValue -{ - fn encode(&self) -> Value { - Value::Array( - vec![ CborValue::encode(&self.0) - , CborValue::encode(&self.1) - , CborValue::encode(&self.2) - ] - ) - } - fn decode(v: Value) -> Result { - v.array().and_then(|tuple| { - let (tuple, x) = array_decode_elem(tuple, 0).embed("while decoding first's element of the tuple")?; - let (tuple, y) = array_decode_elem(tuple, 0).embed("while decoding second's element of the tuple")?; - let (tuple, z) = array_decode_elem(tuple, 0).embed("while decoding third's element of the tuple")?; - if tuple.len() != 0 { - Result::array(tuple, Error::UnparsedValues) - } else { - Ok((x,y,z)) - } - }) - } -} - -const MAX_INLINE_ENCODING : u8 = 23; -const CBOR_PAYLOAD_LENGTH_U8 : u8 = 24; -const CBOR_PAYLOAD_LENGTH_U16 : u8 = 25; -const CBOR_PAYLOAD_LENGTH_U32 : u8 = 26; -const CBOR_PAYLOAD_LENGTH_U64 : u8 = 27; - -/// convenient macro to get the given bytes of the given value -/// -/// does all the job: Big Endian, bit shift and convertion -macro_rules! byte_slice { - ($value:ident, $shift:expr) => ({ - ($value >> $shift) as u8 - }); -} - -/// convenient function to encode a `CborValue` object to a byte array -/// -pub fn encode_to_cbor(v: &V) -> io::Result> - where V: CborValue -{ - let mut encoder = Encoder::new(vec![]); - - encoder.write(&CborValue::encode(v))?; - - Ok(encoder.writer) -} - -/// convenient function to decode the given bytes from cbor encoding -/// -pub fn decode_from_cbor(buf: &[u8]) -> Result - where V: CborValue -{ - let mut reader = vec![]; reader.extend_from_slice(buf); - let mut decoder = Decoder::new(reader); - - match decoder.value() { - None => Err((Value::Null, Error::CannotParse)), - Some(value) => { - CborValue::decode(value) - } - } -} - -/// create CBOR serialiser -pub struct Encoder { - writer: W -} -impl Encoder where W: io::Write { - pub fn new(w: W) -> Self { Encoder { writer: w } } - - fn write_bytes(&mut self, bytes: &[u8]) -> io::Result<()> { - self.writer.write_all(bytes) - } - - fn write_header_u8(&mut self, ty: MajorType, v: u8) -> io::Result<()> { - self.write_bytes(& - [ ty.to_byte(CBOR_PAYLOAD_LENGTH_U8) - , v - ] - ) - } - - fn write_header_u16(&mut self, ty: MajorType, v: u16) -> io::Result<()> { - self.write_bytes(& - [ ty.to_byte(CBOR_PAYLOAD_LENGTH_U16) - , byte_slice!(v, 8) - , byte_slice!(v, 0) - ] - ) - } - fn write_header_u32(&mut self, ty: MajorType, v: u32) -> io::Result<()> { - self.write_bytes(& - [ ty.to_byte(CBOR_PAYLOAD_LENGTH_U32) - , byte_slice!(v, 24) - , byte_slice!(v, 16) - , byte_slice!(v, 8) - , byte_slice!(v, 0) - ] - ) - } - fn write_header_u64(&mut self, ty: MajorType, v: u64) -> io::Result<()> { - self.write_bytes(& - [ ty.to_byte(CBOR_PAYLOAD_LENGTH_U64) - , byte_slice!(v, 56) - , byte_slice!(v, 48) - , byte_slice!(v, 40) - , byte_slice!(v, 32) - , byte_slice!(v, 24) - , byte_slice!(v, 16) - , byte_slice!(v, 8) - , byte_slice!(v, 0) - ] - ) - } - - fn write_header(&mut self, ty: MajorType, nb_elems: u64) -> io::Result<()> { - if nb_elems <= (MAX_INLINE_ENCODING as u64) { - self.write_bytes(&[ty.to_byte(nb_elems as u8)]) - } else { - if nb_elems < 0x100 { - self.write_header_u8(ty, nb_elems as u8) - } else if nb_elems < 0x10000 { - self.write_header_u16(ty, nb_elems as u16) - } else if nb_elems < 0x100000000 { - self.write_header_u32(ty, nb_elems as u32) - } else { - self.write_header_u64(ty, nb_elems as u64) - } - } - } - - fn write_bs(&mut self, v: &Bytes) -> io::Result<()> { - self.write_header(MajorType::BYTES, v.len() as u64)?; - self.write_bytes(v.as_ref()) - } - - fn write_array(&mut self, v: &Vec) -> io::Result<()> { - self.write_header(MajorType::ARRAY, v.len() as u64)?; - for e in v.iter() { self.write(e)?; } - Ok(()) - } - - fn write_object(&mut self, v: &BTreeMap) -> io::Result<()> { - self.write_header(MajorType::MAP, v.len() as u64)?; - for e in v.iter() { self.write_key(e.0)?; self.write(e.1)?; } - Ok(()) - } - - fn start_indefinite(&mut self, mt: MajorType) -> io::Result<()> { - self.write_bytes(&[mt.to_byte(0x1F)]) - } - - fn write_iarray(&mut self, v: &LinkedList) -> io::Result<()> { - self.start_indefinite(MajorType::ARRAY)?; - for e in v.iter() { self.write(e)?; } - self.write_bytes(&[0xFF]) // add the break - } - - pub fn write(&mut self, value: &Value) -> io::Result<()> { - match value { - &Value::U64(ref v) => self.write_header(MajorType::UINT, *v), - &Value::I64(ref v) => self.write_header(MajorType::NINT, *v as u64), - &Value::Bytes(ref v) => self.write_bs(v), - &Value::Array(ref v) => self.write_array(&v), - &Value::IArray(ref v) => self.write_iarray(&v), - &Value::ArrayStart => self.start_indefinite(MajorType::ARRAY), - &Value::Object(ref v) => self.write_object(&v), - &Value::Tag(ref t, ref v) => { - self.write_header(MajorType::TAG, *t)?; - self.write(v.as_ref()) - }, - &Value::Break => self.write_bytes(&[0xFF]), - &Value::Null => Ok(()), - } - } - pub fn write_key(&mut self, key: &ObjectKey) -> io::Result<()> { - match key { - &ObjectKey::Integer(ref v) => self.write_header(MajorType::UINT, *v) - } - } -} - -pub trait Read { - fn next(&mut self) -> Option; - fn peek(&self) -> Option; - fn discard(&mut self); - fn read(&mut self, len: usize) -> Vec; - fn read_into(&mut self, buf: &mut [u8]) -> usize; -} -impl Read for Vec { - fn next(&mut self) -> Option { - if self.len() > 0 { Some(self.remove(0)) } else { None } - } - fn peek(&self) -> Option { - if self.len() > 0 { Some(self[0]) } else { None } - } - fn discard(&mut self) { if self.len() > 0 { self.remove(0); } } - fn read(&mut self, sz: usize) -> Vec { - let len = min(self.len(), sz); - if len == 0 { return vec![]; } - - let mut v = vec![]; - v.extend_from_slice(&self[..len]); - for _ in 0..len { self.discard(); } - - v - } - fn read_into(&mut self, buf: &mut [u8]) -> usize { - let len = min(self.len(), buf.len()); - if len == 0 { return 0; } - - buf[..len].clone_from_slice(self.as_ref()); - for _ in 0..len { self.discard(); } - - len - } -} - -/// create CBOR serialiser -pub struct Decoder { - reader: R -} -impl Decoder where R: Read { - pub fn new(reader: R) -> Self { Decoder { reader: reader } } - - fn consume(&mut self) { self.reader.discard() } - - pub fn peek_type(&mut self) -> Option { - self.reader.peek().map(MajorType::from_byte) - } - - fn u8(&mut self) -> Option { self.reader.next().map(|b| { b as u64 } ) } - fn u16(&mut self) -> Option { - let b1 = self.u8()?; - let b2 = self.u8()?; - Some(b1 << 8 | b2) - } - fn u32(&mut self) -> Option { - let b1 = self.u8()?; - let b2 = self.u8()?; - let b3 = self.u8()?; - let b4 = self.u8()?; - Some(b1 << 24 | b2 << 16 | b3 << 8 | b4) - } - fn u64(&mut self) -> Option { - let b1 = self.u8()?; - let b2 = self.u8()?; - let b3 = self.u8()?; - let b4 = self.u8()?; - let b5 = self.u8()?; - let b6 = self.u8()?; - let b7 = self.u8()?; - let b8 = self.u8()?; - Some(b1 << 56 | b2 << 48 | b3 << 40 | b4 << 32 | b5 << 24 | b6 << 16 | b7 << 8 | b8) - } - - fn get_minor(&mut self) -> Option { - self.reader.peek().map(|b| { b & 0b0001_1111 } ) - } - - fn get_minor_type(&mut self) -> Option { - let b = self.get_minor()?; - match b & 0b0001_1111 { - 0x00...0x17 => { self.consume(); Some(b as u64) }, - 0x18 => { self.consume(); self.u8() }, - 0x19 => { self.consume(); self.u16() }, - 0x1a => { self.consume(); self.u32() }, - 0x1b => { self.consume(); self.u64() }, - 0x1c...0x1e => None, - 0x1f => None, - _ => None - } - } - - fn key(&mut self) -> Option { - let ty = self.peek_type()?; - match ty { - MajorType::UINT => { self.get_minor_type().map(ObjectKey::Integer) }, - _ => None, - } - } - - pub fn value(&mut self) -> Option { - let ty = self.peek_type()?; - match ty { - MajorType::UINT => { self.get_minor_type().map(Value::U64) }, - MajorType::NINT => { self.get_minor_type().map(|v| Value::I64(v as i64)) }, - MajorType::BYTES => { - let len = self.get_minor_type()?; - let buf = self.reader.read(len as usize); - if len as usize != buf.len() { None } else { Some(Value::Bytes(Bytes::new(buf)) ) } - }, - MajorType::TEXT => { unimplemented!() } - MajorType::ARRAY => { - let maybe_len = self.get_minor_type(); - match maybe_len { - None => { - if self.get_minor()? == 0x1F { - // this is an Indefinite array - let mut array = LinkedList::new(); - // consume the minor type - self.consume(); - loop { - let val = self.value()?; - if val == Value::Break { break; } - array.push_back(val); - } - Some(Value::IArray(array)) - } else { - None - } - }, - Some(len) => { - let mut array = vec![]; - for _ in 0..len { array.push(self.value()?); } - Some(Value::Array(array)) - } - } - }, - MajorType::MAP => { - let maybe_len = self.get_minor_type(); - match maybe_len { - None => { unimplemented!() /* test for an Indefinite array */ }, - Some(len) => { - let mut map = BTreeMap::new(); - for _ in 0..len { - let k = self.key()?; - let v = self.value()?; - map.insert(k, v); - } - Some(Value::Object(map)) - } - } - }, - MajorType::TAG => { - let tag = self.get_minor_type()?; - let obj = self.value()?; - Some(Value::Tag(tag, Box::new(obj))) - }, - MajorType::T7 => { - let v = self.get_minor(); - match v { - Some(0x1f) => { self.consume(); Some(Value::Break) }, - _ => { self.consume(); Some(Value::Null) }, - } - } - } - } -} - -/* -pub struct Indefinite(E); -impl Indefinite> { - pub fn start_array(e: Encoder) -> io::Result { - let mut encoder = e; - encoder.write_bytes(&[0x9F])?; - Ok(Indefinite(encoder)) - } - - pub fn write(& mut self, value: &Value) -> io::Result<()> { self.0.write(value) } - - pub fn stop_indefinite(self) -> io::Result> { - let mut encoder = self.0; - encoder.write_bytes(&[0xFF])?; - Ok(encoder) - } -} - -impl Indefinite> { - // start array, return the decoder if this is not a start of a array... - // otherwise returns the new Indefinite> - pub fn start_array(e: Decoder) -> Either, Self>; - // try to read a value `MajorType` that has been read that is ont a none value - pub fn read(&mut self) -> Either; - // - pub fn break(self) -> Either> -} -*/ diff --git a/wallet-crypto/src/config.rs b/wallet-crypto/src/config.rs deleted file mode 100644 index 5dd4665..0000000 --- a/wallet-crypto/src/config.rs +++ /dev/null @@ -1,54 +0,0 @@ -//! there are some settings that need to be set in order to guarantee -//! operability with the appropriate network or different option. -//! - -use cbor; - -/// this is the protocol magic number -/// -/// it is meant to be used on some places in order to guarantee -/// incompatibility between forks, test network and the main-net. -/// -/// # Default -/// -/// The default value is set to the mainnet -/// -/// ``` -/// use wallet_crypto::config::{ProtocolMagic}; -/// -/// assert_eq!(ProtocolMagic::default(), ProtocolMagic::new(764824073)); -/// ``` -/// -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone, Copy)] -pub struct ProtocolMagic(u32); -impl ProtocolMagic { - pub fn new(val: u32) -> Self { ProtocolMagic(val) } -} -impl cbor::CborValue for ProtocolMagic { - fn encode(&self) -> cbor::Value { cbor::CborValue::encode(&self.0) } - fn decode(value: cbor::Value) -> cbor::Result { - let v : u32 = cbor::CborValue::decode(value)?; - Ok(ProtocolMagic::new(v)) - } -} -impl Default for ProtocolMagic { - fn default() -> Self { ProtocolMagic::new(764824073) } -} - -/// Configuration for the wallet-crypto -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone, Copy)] -pub struct Config { - pub protocol_magic: ProtocolMagic -} -impl Config { - pub fn new(protocol_magic: ProtocolMagic) -> Self { - Config { - protocol_magic: protocol_magic - } - } -} -impl Default for Config { - fn default() -> Self { - Config::new(ProtocolMagic::default()) - } -} diff --git a/wallet-crypto/src/crc32.rs b/wallet-crypto/src/crc32.rs deleted file mode 100644 index b690994..0000000 --- a/wallet-crypto/src/crc32.rs +++ /dev/null @@ -1,70 +0,0 @@ - -const CRC_TABLE : [u32;256] = [ - 0x00000000u32, 0x77073096u32, 0xee0e612cu32, 0x990951bau32, 0x076dc419u32, - 0x706af48fu32, 0xe963a535u32, 0x9e6495a3u32, 0x0edb8832u32, 0x79dcb8a4u32, - 0xe0d5e91eu32, 0x97d2d988u32, 0x09b64c2bu32, 0x7eb17cbdu32, 0xe7b82d07u32, - 0x90bf1d91u32, 0x1db71064u32, 0x6ab020f2u32, 0xf3b97148u32, 0x84be41deu32, - 0x1adad47du32, 0x6ddde4ebu32, 0xf4d4b551u32, 0x83d385c7u32, 0x136c9856u32, - 0x646ba8c0u32, 0xfd62f97au32, 0x8a65c9ecu32, 0x14015c4fu32, 0x63066cd9u32, - 0xfa0f3d63u32, 0x8d080df5u32, 0x3b6e20c8u32, 0x4c69105eu32, 0xd56041e4u32, - 0xa2677172u32, 0x3c03e4d1u32, 0x4b04d447u32, 0xd20d85fdu32, 0xa50ab56bu32, - 0x35b5a8fau32, 0x42b2986cu32, 0xdbbbc9d6u32, 0xacbcf940u32, 0x32d86ce3u32, - 0x45df5c75u32, 0xdcd60dcfu32, 0xabd13d59u32, 0x26d930acu32, 0x51de003au32, - 0xc8d75180u32, 0xbfd06116u32, 0x21b4f4b5u32, 0x56b3c423u32, 0xcfba9599u32, - 0xb8bda50fu32, 0x2802b89eu32, 0x5f058808u32, 0xc60cd9b2u32, 0xb10be924u32, - 0x2f6f7c87u32, 0x58684c11u32, 0xc1611dabu32, 0xb6662d3du32, 0x76dc4190u32, - 0x01db7106u32, 0x98d220bcu32, 0xefd5102au32, 0x71b18589u32, 0x06b6b51fu32, - 0x9fbfe4a5u32, 0xe8b8d433u32, 0x7807c9a2u32, 0x0f00f934u32, 0x9609a88eu32, - 0xe10e9818u32, 0x7f6a0dbbu32, 0x086d3d2du32, 0x91646c97u32, 0xe6635c01u32, - 0x6b6b51f4u32, 0x1c6c6162u32, 0x856530d8u32, 0xf262004eu32, 0x6c0695edu32, - 0x1b01a57bu32, 0x8208f4c1u32, 0xf50fc457u32, 0x65b0d9c6u32, 0x12b7e950u32, - 0x8bbeb8eau32, 0xfcb9887cu32, 0x62dd1ddfu32, 0x15da2d49u32, 0x8cd37cf3u32, - 0xfbd44c65u32, 0x4db26158u32, 0x3ab551ceu32, 0xa3bc0074u32, 0xd4bb30e2u32, - 0x4adfa541u32, 0x3dd895d7u32, 0xa4d1c46du32, 0xd3d6f4fbu32, 0x4369e96au32, - 0x346ed9fcu32, 0xad678846u32, 0xda60b8d0u32, 0x44042d73u32, 0x33031de5u32, - 0xaa0a4c5fu32, 0xdd0d7cc9u32, 0x5005713cu32, 0x270241aau32, 0xbe0b1010u32, - 0xc90c2086u32, 0x5768b525u32, 0x206f85b3u32, 0xb966d409u32, 0xce61e49fu32, - 0x5edef90eu32, 0x29d9c998u32, 0xb0d09822u32, 0xc7d7a8b4u32, 0x59b33d17u32, - 0x2eb40d81u32, 0xb7bd5c3bu32, 0xc0ba6cadu32, 0xedb88320u32, 0x9abfb3b6u32, - 0x03b6e20cu32, 0x74b1d29au32, 0xead54739u32, 0x9dd277afu32, 0x04db2615u32, - 0x73dc1683u32, 0xe3630b12u32, 0x94643b84u32, 0x0d6d6a3eu32, 0x7a6a5aa8u32, - 0xe40ecf0bu32, 0x9309ff9du32, 0x0a00ae27u32, 0x7d079eb1u32, 0xf00f9344u32, - 0x8708a3d2u32, 0x1e01f268u32, 0x6906c2feu32, 0xf762575du32, 0x806567cbu32, - 0x196c3671u32, 0x6e6b06e7u32, 0xfed41b76u32, 0x89d32be0u32, 0x10da7a5au32, - 0x67dd4accu32, 0xf9b9df6fu32, 0x8ebeeff9u32, 0x17b7be43u32, 0x60b08ed5u32, - 0xd6d6a3e8u32, 0xa1d1937eu32, 0x38d8c2c4u32, 0x4fdff252u32, 0xd1bb67f1u32, - 0xa6bc5767u32, 0x3fb506ddu32, 0x48b2364bu32, 0xd80d2bdau32, 0xaf0a1b4cu32, - 0x36034af6u32, 0x41047a60u32, 0xdf60efc3u32, 0xa867df55u32, 0x316e8eefu32, - 0x4669be79u32, 0xcb61b38cu32, 0xbc66831au32, 0x256fd2a0u32, 0x5268e236u32, - 0xcc0c7795u32, 0xbb0b4703u32, 0x220216b9u32, 0x5505262fu32, 0xc5ba3bbeu32, - 0xb2bd0b28u32, 0x2bb45a92u32, 0x5cb36a04u32, 0xc2d7ffa7u32, 0xb5d0cf31u32, - 0x2cd99e8bu32, 0x5bdeae1du32, 0x9b64c2b0u32, 0xec63f226u32, 0x756aa39cu32, - 0x026d930au32, 0x9c0906a9u32, 0xeb0e363fu32, 0x72076785u32, 0x05005713u32, - 0x95bf4a82u32, 0xe2b87a14u32, 0x7bb12baeu32, 0x0cb61b38u32, 0x92d28e9bu32, - 0xe5d5be0du32, 0x7cdcefb7u32, 0x0bdbdf21u32, 0x86d3d2d4u32, 0xf1d4e242u32, - 0x68ddb3f8u32, 0x1fda836eu32, 0x81be16cdu32, 0xf6b9265bu32, 0x6fb077e1u32, - 0x18b74777u32, 0x88085ae6u32, 0xff0f6a70u32, 0x66063bcau32, 0x11010b5cu32, - 0x8f659effu32, 0xf862ae69u32, 0x616bffd3u32, 0x166ccf45u32, 0xa00ae278u32, - 0xd70dd2eeu32, 0x4e048354u32, 0x3903b3c2u32, 0xa7672661u32, 0xd06016f7u32, - 0x4969474du32, 0x3e6e77dbu32, 0xaed16a4au32, 0xd9d65adcu32, 0x40df0b66u32, - 0x37d83bf0u32, 0xa9bcae53u32, 0xdebb9ec5u32, 0x47b2cf7fu32, 0x30b5ffe9u32, - 0xbdbdf21cu32, 0xcabac28au32, 0x53b39330u32, 0x24b4a3a6u32, 0xbad03605u32, - 0xcdd70693u32, 0x54de5729u32, 0x23d967bfu32, 0xb3667a2eu32, 0xc4614ab8u32, - 0x5d681b02u32, 0x2a6f2b94u32, 0xb40bbe37u32, 0xc30c8ea1u32, 0x5a05df1bu32, - 0x2d02ef8du32 -]; - -pub fn crc32(input: &[u8]) -> u32 { - !input.iter().fold(0xFFFFFFFFu32, |acc, &byte| { - CRC_TABLE[((acc & 0xFF) ^ byte as u32) as usize] ^ (acc >> 8) - }) -} - -#[cfg(test)] -mod tests { - #[test] - fn crc32() { - let s = b"The quick brown fox jumps over the lazy dog"; - assert_eq!(0x414fa339, super::crc32(s)); - } -} diff --git a/wallet-crypto/src/hdpayload.rs b/wallet-crypto/src/hdpayload.rs deleted file mode 100644 index 3462045..0000000 --- a/wallet-crypto/src/hdpayload.rs +++ /dev/null @@ -1,203 +0,0 @@ -extern crate rcw; - -use self::rcw::chacha20poly1305::{ChaCha20Poly1305}; -use self::rcw::aead::{AeadEncryptor, AeadDecryptor}; -use self::rcw::hmac::{Hmac}; -use self::rcw::sha2::{Sha512}; -use self::rcw::pbkdf2::{pbkdf2}; - -use std::iter::repeat; - -use hdwallet::{XPub}; -use cbor; -use cbor::{ExtendedResult}; - -const NONCE : &'static [u8] = b"serokellfore"; -const SALT : &'static [u8] = b"address-hashing"; -const TAG_LEN : usize = 16; - -const BIP44_PATH_LENGTH: usize = 5; -const BIP44_PURPOSE : u32 = 0x8000002C; -const BIP44_COIN_TYPE : u32 = 0x80000717; - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone)] -pub struct Path(Vec); -impl AsRef<[u32]> for Path { - fn as_ref(&self) -> &[u32] { self.0.as_ref() } -} -impl Path { - pub fn new(v: Vec) -> Self { Path(v) } - fn from_cbor(bytes: &[u8]) -> cbor::Result { - cbor::decode_from_cbor(bytes) - } - fn cbor(&self) -> Vec { cbor::encode_to_cbor(self).unwrap() } - - pub fn bip44_new(account: u32, change: u32, index: u32) -> Path { - Path(vec![BIP44_PURPOSE, BIP44_COIN_TYPE, account, change, index]) - } - pub fn bip44_acount(&self) -> u32 { - assert!(self.as_ref().len() == BIP44_PATH_LENGTH); - self.0[2] - } - pub fn bip44_change(&self) -> u32 { - assert!(self.as_ref().len() == BIP44_PATH_LENGTH); - self.0[3] - } - pub fn bip44_index(&self) -> u32 { - assert!(self.as_ref().len() == BIP44_PATH_LENGTH); - self.0[4] - } - pub fn bip44_next(&self) -> Path { - assert!(self.as_ref().len() == BIP44_PATH_LENGTH); - let index = self.as_ref()[4]; - Path::bip44_new(self.bip44_acount(), 0, self.bip44_index() + 1) - } - pub fn bip44_next_change(&self) -> Path { - assert!(self.as_ref().len() == BIP44_PATH_LENGTH); - let index = self.as_ref()[4]; - Path::bip44_new(self.bip44_acount(), 1, self.bip44_index() + 1) - } -} -impl cbor::CborValue for Path { - fn encode(&self) -> cbor::Value { cbor::Value::Array(self.0.iter().map(cbor::CborValue::encode).collect()) } - fn decode(value: cbor::Value) -> cbor::Result { - value.array().and_then(|vec| { - let mut v = vec![]; - for el in vec.iter() { v.push(cbor::CborValue::decode(el.clone())?); } - Ok(Path::new(v)) - }).embed("while decoding Path") - } -} - -pub const HDKEY_SIZE : usize = 32; - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone)] -pub struct HDKey([u8;HDKEY_SIZE]); -impl AsRef<[u8]> for HDKey { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } -} -impl HDKey { - pub fn new(root_pub: &XPub) -> Self { - let mut mac = Hmac::new(Sha512::new(), root_pub.as_ref()); - let mut result = [0;HDKEY_SIZE]; - let iters = 500; - pbkdf2(&mut mac, &SALT[..], iters, &mut result); - HDKey(result) - } - - /// create a `HDKey` by taking ownership of the given bytes - pub fn from_bytes(bytes: [u8;HDKEY_SIZE]) -> Self { HDKey(bytes) } - /// create a `HDKey` fromt the given slice - pub fn from_slice(bytes: &[u8]) -> Option { - if bytes.len() == HDKEY_SIZE { - let mut v = [0u8;HDKEY_SIZE]; - v[0..HDKEY_SIZE].clone_from_slice(bytes); - Some(HDKey::from_bytes(v)) - } else { - None - } - } - - pub fn encrypt(&self, input: &[u8]) -> Vec { - let mut ctx = ChaCha20Poly1305::new(self.as_ref(), &NONCE[..], &[]); - - let len = input.len(); - - let mut out: Vec = repeat(0).take(len).collect(); - let mut tag = [0;TAG_LEN]; - - ctx.encrypt(&input, &mut out[0..len], &mut tag); - out.extend_from_slice(&tag[..]); - out - } - - pub fn decrypt(&self, input: &[u8]) -> Option> { - let len = input.len() - TAG_LEN; - if len <= 0 { return None; }; - - let mut ctx = ChaCha20Poly1305::new(self.as_ref(), &NONCE[..], &[]); - - let mut out: Vec = repeat(0).take(len).collect(); - - if ctx.decrypt(&input[..len], &mut out[..], &input[len..]) { - Some(out) - } else { - None - } - } - - pub fn encrypt_path(&self, derivation_path: &Path) -> HDAddressPayload { - let input = derivation_path.cbor(); - let out = self.encrypt(&input); - - HDAddressPayload::from_vec(out) - } - - pub fn decrypt_path(&self, payload: &HDAddressPayload) -> Option { - let out = self.decrypt(payload.as_ref())?; - Path::from_cbor(&out).ok() - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone)] -pub struct HDAddressPayload(Vec); -impl AsRef<[u8]> for HDAddressPayload { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } -} -impl HDAddressPayload { - pub fn from_vec(v: Vec) -> Self { HDAddressPayload(v) } - pub fn from_bytes(bytes: &[u8]) -> Self { - HDAddressPayload::from_vec(bytes.iter().cloned().collect()) - } - pub fn len(&self) -> usize { self.0.len() } -} -impl cbor::CborValue for HDAddressPayload { - fn encode(&self) -> cbor::Value { - let vec = cbor::encode_to_cbor(&cbor::Bytes::new(self.0.clone())).unwrap(); - cbor::Value::Bytes(cbor::Bytes::new(vec)) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.bytes().and_then(|bytes| { - let b : cbor::Bytes = cbor::decode_from_cbor(bytes.as_ref()).embed("while decoding the serialised cbor")?; - Ok(b.to_vec()) - }).map(HDAddressPayload::from_vec) - .embed("while decoding HDAddressPayload") - } -} - -#[cfg(test)] -mod tests { - use super::*; - use hdwallet; - - #[test] - fn encrypt() { - let bytes = vec![42u8; 256]; - let seed = hdwallet::Seed::from_bytes([0;hdwallet::SEED_SIZE]); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - - let key = HDKey::new(&pk); - let payload = key.encrypt(&bytes); - assert_eq!(Some(bytes), key.decrypt(&payload)) - } - - #[test] - fn path_cbor_encoding() { - let path = Path::new(vec![0,1,2]); - let cbor = path.cbor(); - assert_eq!(Ok(path), Path::from_cbor(cbor.as_ref())); - } - - #[test] - fn hdpayload() { - let path = Path::new(vec![0,1,2]); - let seed = hdwallet::Seed::from_bytes([0;hdwallet::SEED_SIZE]); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - - let key = HDKey::new(&pk); - let payload = key.encrypt_path(&path); - assert_eq!(Some(path), key.decrypt_path(&payload)) - } -} diff --git a/wallet-crypto/src/hdwallet.rs b/wallet-crypto/src/hdwallet.rs deleted file mode 100644 index 1e55167..0000000 --- a/wallet-crypto/src/hdwallet.rs +++ /dev/null @@ -1,744 +0,0 @@ -extern crate rcw; - -use self::rcw::digest::Digest; -use self::rcw::sha2::Sha512; -use self::rcw::hmac::Hmac; -use self::rcw::mac::Mac; -use self::rcw::curve25519::{GeP3, ge_scalarmult_base}; -use self::rcw::ed25519::signature_extended; -use self::rcw::ed25519; -use self::rcw::util::fixed_time_eq; - -use std::fmt; -use std::marker::PhantomData; -use util::hex; -use cbor; -use cbor::{ExtendedResult}; - -use serde; - -pub const SEED_SIZE: usize = 32; -pub const XPRV_SIZE: usize = 96; -pub const XPUB_SIZE: usize = 64; -pub const SIGNATURE_SIZE: usize = 64; - -pub const PUBLIC_KEY_SIZE: usize = 32; -pub const CHAIN_CODE_SIZE: usize = 32; - -/// Seed used to generate the root private key of the HDWallet. -/// -#[derive(Serialize, Deserialize, Debug)] -pub struct Seed([u8; SEED_SIZE]); -impl Seed { - /// create a Seed by taking ownership of the given array - /// - /// ``` - /// use wallet_crypto::hdwallet::{Seed, SEED_SIZE}; - /// - /// let bytes = [0u8;SEED_SIZE]; - /// let seed = Seed::from_bytes(bytes); - /// - /// assert!(seed.as_ref().len() == SEED_SIZE); - /// ``` - pub fn from_bytes(buf: [u8;SEED_SIZE]) -> Self { Seed(buf) } - - /// create a Seed by copying the given slice into a new array - /// - /// ``` - /// use wallet_crypto::hdwallet::{Seed, SEED_SIZE}; - /// - /// let bytes = [0u8;SEED_SIZE]; - /// let wrong = [0u8;31]; - /// - /// assert!(Seed::from_slice(&wrong[..]).is_none()); - /// assert!(Seed::from_slice(&bytes[..]).is_some()); - /// ``` - pub fn from_slice(buf: &[u8]) -> Option { - if buf.len() == SEED_SIZE { - let mut v = [0u8;SEED_SIZE]; - v[..].clone_from_slice(buf); - Some(Seed::from_bytes(v)) - } else { - None - } - } -} -impl AsRef<[u8]> for Seed { - fn as_ref(&self) -> &[u8] { &self.0 } -} - -/// HDWallet private key -/// -pub struct XPrv([u8; XPRV_SIZE]); -impl XPrv { - /// create the Root private key `XPrv` of the HDWallet associated to this `Seed` - /// - /// This is a deterministic construction. The `XPrv` returned will always be the - /// same for the same given `Seed`. - /// - /// ``` - /// use wallet_crypto::hdwallet::{Seed, SEED_SIZE, XPrv, XPRV_SIZE}; - /// - /// let seed = Seed::from_bytes([0u8; SEED_SIZE]); - /// let expected_xprv = XPrv::from_hex("301604045de9138b8b23b6730495f7e34b5151d29ba3456bc9b332f6f084a551d646bc30cf126fa8ed776c05a8932a5ab35c8bac41eb01bb9a16cfe229b94b405d3661deb9064f2d0e03fe85d68070b2fe33b4916059658e28ac7f7f91ca4b12").unwrap(); - /// - /// assert_eq!(expected_xprv, XPrv::generate_from_seed(&seed)); - /// ``` - /// - pub fn generate_from_seed(seed: &Seed) -> Self { - let mut mac = Hmac::new(Sha512::new(), seed.as_ref()); - - let mut iter = 1; - let mut out = [0u8; XPRV_SIZE]; - - loop { - let s = format!("Root Seed Chain {}", iter); - mac.reset(); - mac.input(s.as_bytes()); - let mut block = [0u8; 64]; - mac.raw_result(&mut block); - mk_ed25519_extended(&mut out[0..64], &block[0..32]); - - if (out[31] & 0x20) == 0 { - out[64..96].clone_from_slice(&block[32..64]); - break; - } - iter = iter + 1; - } - - Self::from_bytes(out) - } - - /// create a `XPrv` by taking ownership of the given array - /// - pub fn from_bytes(bytes: [u8;XPRV_SIZE]) -> Self { XPrv(bytes) } - - /// create a `XPrv` from the given slice. This slice must be of size `XPRV_SIZE` - /// otherwise it will return `Option::None`. - /// - pub fn from_slice(bytes: &[u8]) -> Option { - if bytes.len() == XPRV_SIZE { - let mut buf = [0u8;XPRV_SIZE]; - buf[..].clone_from_slice(bytes); - Some(XPrv::from_bytes(buf)) - } else { - None - } - } - - /// create a `XPrv` from a given hexadecimal string - /// - /// ``` - /// use wallet_crypto::hdwallet::{XPrv}; - /// - /// let xprv = XPrv::from_hex("301604045de9138b8b23b6730495f7e34b5151d29ba3456bc9b332f6f084a551d646bc30cf126fa8ed776c05a8932a5ab35c8bac41eb01bb9a16cfe229b94b405d3661deb9064f2d0e03fe85d68070b2fe33b4916059658e28ac7f7f91ca4b12"); - /// - /// assert!(xprv.is_some()); - /// ``` - /// - pub fn from_hex(hex: &str) -> Option { - Self::from_slice(hex::decode(hex).as_ref()) - } - - /// get te associated `XPub` - /// - /// ``` - /// use wallet_crypto::hdwallet::{XPrv, XPub}; - /// - /// let xprv = XPrv::from_hex("301604045de9138b8b23b6730495f7e34b5151d29ba3456bc9b332f6f084a551d646bc30cf126fa8ed776c05a8932a5ab35c8bac41eb01bb9a16cfe229b94b405d3661deb9064f2d0e03fe85d68070b2fe33b4916059658e28ac7f7f91ca4b12").unwrap(); - /// - /// let xpub = xprv.public(); - /// ``` - pub fn public(&self) -> XPub { - let pk = mk_public_key(&self.as_ref()[0..64]); - let mut out = [0u8; XPUB_SIZE]; - out[0..32].clone_from_slice(&pk); - out[32..64].clone_from_slice(&self.as_ref()[64..]); - XPub::from_bytes(out) - } - - /// sign the given message with the `XPrv`. - /// - /// ``` - /// use wallet_crypto::hdwallet::{XPrv, XPub, Signature}; - /// - /// let xprv = XPrv::from_hex("301604045de9138b8b23b6730495f7e34b5151d29ba3456bc9b332f6f084a551d646bc30cf126fa8ed776c05a8932a5ab35c8bac41eb01bb9a16cfe229b94b405d3661deb9064f2d0e03fe85d68070b2fe33b4916059658e28ac7f7f91ca4b12").unwrap(); - /// let msg = b"Some message..."; - /// - /// let signature : Signature = xprv.sign(msg); - /// assert!(xprv.verify(msg, &signature)); - /// ``` - pub fn sign(&self, message: &[u8]) -> Signature { - Signature::from_bytes(signature_extended(message, &self.as_ref()[0..64])) - } - - /// verify a given signature - /// - pub fn verify(&self, message: &[u8], signature: &Signature) -> bool { - let xpub = self.public(); - xpub.verify(message, signature) - } - - pub fn derive(&self, index: DerivationIndex) -> Self { - derive_private(self, index) - } -} -impl PartialEq for XPrv { - fn eq(&self, rhs: &XPrv) -> bool { fixed_time_eq(self.as_ref(), rhs.as_ref()) } -} -impl Eq for XPrv {} -impl fmt::Debug for XPrv { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - for b in self.as_ref().iter() { - if b < &0x10 { - write!(f, "0{:x}", b)?; - } else { - write!(f, "{:x}", b)?; - } - } - Ok(()) - } -} -impl AsRef<[u8]> for XPrv { - fn as_ref(&self) -> &[u8] { &self.0 } -} -impl serde::Serialize for XPrv -{ - #[inline] - fn serialize(&self, serializer: S) -> Result - where S: serde::Serializer, - { - serializer.serialize_bytes(self.as_ref()) - } -} -struct XPrvVisitor(); -impl XPrvVisitor { fn new() -> Self { XPrvVisitor {} } } -impl<'de> serde::de::Visitor<'de> for XPrvVisitor { - type Value = XPrv; - - fn expecting(&self, fmt: &mut fmt::Formatter) -> fmt::Result { - write!(fmt, "Expecting an Extended Private Key (`XPrv`) of {} bytes.", XPRV_SIZE) - } - - fn visit_bytes<'a, E>(self, v: &'a [u8]) -> Result - where E: serde::de::Error - { - match XPrv::from_slice(v) { - None => Err(E::invalid_length(v.len(), &"96 bytes")), - Some(xpub) => Ok(xpub) - } - } -} -impl<'de> serde::Deserialize<'de> for XPrv -{ - fn deserialize(deserializer: D) -> Result - where D: serde::Deserializer<'de> - { - deserializer.deserialize_bytes(XPrvVisitor::new()) - } -} - -#[derive(Clone, Copy)] -pub struct XPub([u8; XPUB_SIZE]); -impl XPub { - /// create a `XPub` by taking ownership of the given array - /// - pub fn from_bytes(bytes: [u8;XPUB_SIZE]) -> Self { XPub(bytes) } - - /// create a `XPub` from the given slice. This slice must be of size `XPUB_SIZE` - /// otherwise it will return `Option::None`. - /// - pub fn from_slice(bytes: &[u8]) -> Option { - if bytes.len() == XPUB_SIZE { - let mut buf = [0u8;XPUB_SIZE]; - buf[..].clone_from_slice(bytes); - Some(Self::from_bytes(buf)) - } else { - None - } - } - - /// create a `XPrv` from a given hexadecimal string - /// - /// ``` - /// use wallet_crypto::hdwallet::{XPub}; - /// - /// let xpub = XPub::from_hex("1c0c3ae1825e90b6ddda3f40a122c007e1008e83b2e102c142baefb721d72c1a5d3661deb9064f2d0e03fe85d68070b2fe33b4916059658e28ac7f7f91ca4b12"); - /// - /// assert!(xpub.is_some()); - /// ``` - /// - pub fn from_hex(hex: &str) -> Option { - Self::from_slice(hex::decode(hex).as_ref()) - } - - /// verify a signature - /// - /// ``` - /// use wallet_crypto::hdwallet::{XPrv, XPub, Signature}; - /// - /// let xprv = XPrv::from_hex("301604045de9138b8b23b6730495f7e34b5151d29ba3456bc9b332f6f084a551d646bc30cf126fa8ed776c05a8932a5ab35c8bac41eb01bb9a16cfe229b94b405d3661deb9064f2d0e03fe85d68070b2fe33b4916059658e28ac7f7f91ca4b12").unwrap(); - /// let xpub = xprv.public(); - /// let msg = b"Some message..."; - /// - /// let signature : Signature = xprv.sign(msg); - /// assert!(xpub.verify(msg, &signature)); - /// ``` - pub fn verify(&self, message: &[u8], signature: &Signature) -> bool { - ed25519::verify(message, &self.as_ref()[0..32], signature.as_ref()) - } - - pub fn derive(&self, index: DerivationIndex) -> Result { - derive_public(self, index) - } -} -impl PartialEq for XPub { - fn eq(&self, rhs: &XPub) -> bool { fixed_time_eq(self.as_ref(), rhs.as_ref()) } -} -impl Eq for XPub {} -impl fmt::Debug for XPub { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - for b in self.as_ref().iter() { - if b < &0x10 { - write!(f, "0{:x}", b)?; - } else { - write!(f, "{:x}", b)?; - } - } - Ok(()) - } -} -impl AsRef<[u8]> for XPub { - fn as_ref(&self) -> &[u8] { &self.0 } -} -impl cbor::CborValue for XPub { - fn encode(&self) -> cbor::Value { - cbor::Value::Bytes(cbor::Bytes::from_slice(self.as_ref())) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.bytes().and_then(|bytes| { - match XPub::from_slice(bytes.as_ref()) { - Some(pk) => Ok(pk), - None => cbor::Result::bytes(bytes, cbor::Error::InvalidSize(XPUB_SIZE)) - } - }).embed("while decoding `XPub`") - } -} -impl serde::Serialize for XPub -{ - #[inline] - fn serialize(&self, serializer: S) -> Result - where S: serde::Serializer, - { - serializer.serialize_bytes(self.as_ref()) - } -} -struct XPubVisitor(); -impl XPubVisitor { fn new() -> Self { XPubVisitor {} } } -impl<'de> serde::de::Visitor<'de> for XPubVisitor { - type Value = XPub; - - fn expecting(&self, fmt: &mut fmt::Formatter) -> fmt::Result { - write!(fmt, "Expecting an Extended Public Key (`XPub`) of {} bytes.", XPUB_SIZE) - } - - fn visit_bytes<'a, E>(self, v: &'a [u8]) -> Result - where E: serde::de::Error - { - match XPub::from_slice(v) { - None => Err(E::invalid_length(v.len(), &"64 bytes")), - Some(xpub) => Ok(xpub) - } - } -} -impl<'de> serde::Deserialize<'de> for XPub -{ - fn deserialize(deserializer: D) -> Result - where D: serde::Deserializer<'de> - { - deserializer.deserialize_bytes(XPubVisitor::new()) - } -} - -/// a signature with an associated type tag -/// -#[derive(Clone)] -pub struct Signature { - bytes: [u8; SIGNATURE_SIZE], - _phantom: PhantomData, -} -impl Signature { - pub fn from_bytes(bytes: [u8;SIGNATURE_SIZE]) -> Self { - Signature { bytes: bytes, _phantom: PhantomData } - } - - pub fn from_slice(bytes: &[u8]) -> Option { - if bytes.len() == SIGNATURE_SIZE { - let mut buf = [0u8;SIGNATURE_SIZE]; - buf[..].clone_from_slice(bytes); - Some(Self::from_bytes(buf)) - } else { - None - } - } - - pub fn from_hex(hex: &str) -> Option { - Self::from_slice(hex::decode(hex).as_ref()) - } - - pub fn coerce(self) -> Signature { - Signature::::from_bytes(self.bytes) - } -} -impl PartialEq for Signature { - fn eq(&self, rhs: &Signature) -> bool { fixed_time_eq(self.as_ref(), rhs.as_ref()) } -} -impl Eq for Signature {} -impl fmt::Debug for Signature { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - for b in self.as_ref().iter() { - if b < &0x10 { - write!(f, "0{:x}", b)?; - } else { - write!(f, "{:x}", b)?; - } - } - Ok(()) - } -} -impl AsRef<[u8]> for Signature { - fn as_ref(&self) -> &[u8] { &self.bytes } -} -impl cbor::CborValue for Signature { - fn encode(&self) -> cbor::Value { cbor::Value::Bytes(cbor::Bytes::from_slice(self.as_ref())) } - fn decode(value: cbor::Value) -> cbor::Result { - value.bytes().and_then(|bytes| { - match Signature::from_slice(bytes.as_ref()) { - Some(digest) => Ok(digest), - None => { - cbor::Result::bytes(bytes, cbor::Error::InvalidSize(SIGNATURE_SIZE)) - } - } - }).embed("while decoding Signature") - } -} -impl serde::Serialize for Signature -{ - #[inline] - fn serialize(&self, serializer: S) -> Result - where S: serde::Serializer, - { - serializer.serialize_bytes(self.as_ref()) - } -} -struct SignatureVisitor(PhantomData); -impl SignatureVisitor { fn new() -> Self { SignatureVisitor (PhantomData) } } -impl<'de, T> serde::de::Visitor<'de> for SignatureVisitor { - type Value = Signature; - - fn expecting(&self, fmt: &mut fmt::Formatter) -> fmt::Result { - write!(fmt, "Expected a signature (`Signature`) of {} bytes.", SIGNATURE_SIZE) - } - - fn visit_bytes<'a, E>(self, v: &'a [u8]) -> Result - where E: serde::de::Error - { - match Signature::from_slice(v) { - None => Err(E::invalid_length(v.len(), &"64 bytes")), - Some(sig) => Ok(sig) - } - } -} -impl<'de, T> serde::Deserialize<'de> for Signature -{ - fn deserialize(deserializer: D) -> Result - where D: serde::Deserializer<'de> - { - deserializer.deserialize_bytes(SignatureVisitor::new()) - } -} - -pub type ChainCode = [u8; CHAIN_CODE_SIZE]; - -type DerivationIndex = u32; - -#[derive(Debug, PartialEq, Eq, Deserialize, Serialize)] -enum DerivationType { - Soft(u32), - Hard(u32), -} - -fn to_type(index: DerivationIndex) -> DerivationType { - if index >= 0x80000000 { - DerivationType::Hard(index) - } else { - DerivationType::Soft(index) - } -} - -fn mk_ed25519_extended(extended_out: &mut [u8], secret: &[u8]) { - assert!(extended_out.len() == 64); - assert!(secret.len() == 32); - let mut hasher = Sha512::new(); - hasher.input(secret); - hasher.result(extended_out); - extended_out[0] &= 248; - extended_out[31] &= 63; - extended_out[31] |= 64; -} - -fn le32(i: u32) -> [u8; 4] { - [i as u8, (i >> 8) as u8, (i >> 16) as u8, (i >> 24) as u8] -} - -fn mk_xprv(out: &mut [u8; XPRV_SIZE], kl: &[u8], kr: &[u8], cc: &[u8]) { - assert!(kl.len() == 32); - assert!(kr.len() == 32); - assert!(cc.len() == CHAIN_CODE_SIZE); - - out[0..32].clone_from_slice(kl); - out[32..64].clone_from_slice(kr); - out[64..96].clone_from_slice(cc); -} - -fn mk_xpub(out: &mut [u8; XPUB_SIZE], pk: &[u8], cc: &[u8]) { - assert!(pk.len() == 32); - assert!(cc.len() == CHAIN_CODE_SIZE); - - out[0..32].clone_from_slice(pk); - out[32..64].clone_from_slice(cc); -} - -fn add_256bits(x: &[u8], y: &[u8]) -> [u8; 32] { - assert!(x.len() == 32); - assert!(y.len() == 32); - - let mut carry: u16 = 0; - let mut out = [0u8; 32]; - for i in 0..32 { - let r = (x[i] as u16) + (y[i] as u16) + carry; - out[i] = r as u8; - carry = r >> 8; - } - out -} - -fn add_28_mul8(x: &[u8], y: &[u8]) -> [u8; 32] { - assert!(x.len() == 32); - assert!(y.len() == 32); - - let mut carry: u16 = 0; - let mut out = [0u8; 32]; - - for i in 0..28 { - let r = x[i] as u16 + ((y[i] as u16) << 3) + carry; - out[i] = (r & 0xff) as u8; - carry = r >> 8; - } - for i in 28..32 { - let r = x[i] as u16 + carry; - out[i] = (r & 0xff) as u8; - carry = r >> 8; - } - out -} - -fn derive_private(xprv: &XPrv, index: DerivationIndex) -> XPrv { - /* - * If so (hardened child): - * let Z = HMAC-SHA512(Key = cpar, Data = 0x00 || ser256(left(kpar)) || ser32(i)). - * let I = HMAC-SHA512(Key = cpar, Data = 0x01 || ser256(left(kpar)) || ser32(i)). - * If not (normal child): - * let Z = HMAC-SHA512(Key = cpar, Data = 0x02 || serP(point(kpar)) || ser32(i)). - * let I = HMAC-SHA512(Key = cpar, Data = 0x03 || serP(point(kpar)) || ser32(i)). - **/ - - let ekey = &xprv.as_ref()[0..64]; - let kl = &ekey[0..32]; - let kr = &ekey[32..64]; - let chaincode = &xprv.as_ref()[64..96]; - - let mut zmac = Hmac::new(Sha512::new(), &chaincode); - let mut imac = Hmac::new(Sha512::new(), &chaincode); - let seri = le32(index); - match to_type(index) { - DerivationType::Soft(_) => { - let pk = mk_public_key(ekey); - zmac.input(&[0x2]); - zmac.input(&pk); - zmac.input(&seri); - imac.input(&[0x3]); - imac.input(&pk); - imac.input(&seri); - } - DerivationType::Hard(_) => { - zmac.input(&[0x0]); - zmac.input(ekey); - zmac.input(&seri); - imac.input(&[0x1]); - imac.input(ekey); - imac.input(&seri); - } - }; - - let mut zout = [0u8; 64]; - zmac.raw_result(&mut zout); - let zl = &zout[0..32]; - let zr = &zout[32..64]; - - // left = kl + 8 * trunc28(zl) - let left = add_28_mul8(kl, zl); - // right = zr + kr - let right = add_256bits(kr, zr); - - let mut iout = [0u8; 64]; - imac.raw_result(&mut iout); - let cc = &iout[32..]; - - let mut out = [0u8; XPRV_SIZE]; - mk_xprv(&mut out, &left, &right, cc); - - imac.reset(); - zmac.reset(); - - XPrv::from_bytes(out) -} - -fn point_of_trunc28_mul8(sk: &[u8]) -> GeP3 { - assert!(sk.len() == 32); - let a = ge_scalarmult_base(sk); - a -} - -fn derive_public(xpub: &XPub, index: DerivationIndex) -> Result { - let pk = &xpub.as_ref()[0..32]; - let chaincode = &xpub.as_ref()[32..64]; - - let mut zmac = Hmac::new(Sha512::new(), &chaincode); - let mut imac = Hmac::new(Sha512::new(), &chaincode); - let seri = le32(index); - match to_type(index) { - DerivationType::Soft(_) => { - zmac.input(&[0x2]); - zmac.input(&pk); - zmac.input(&seri); - imac.input(&[0x3]); - imac.input(&pk); - imac.input(&seri); - } - DerivationType::Hard(_) => { - return Err(()); - } - }; - - let mut zout = [0u8; 64]; - zmac.raw_result(&mut zout); - let zl = &zout[0..32]; - let _zr = &zout[32..64]; - - let a = match GeP3::from_bytes_negate_vartime(pk) { - Some(g) => g, - None => { - return Err(()); - } - }; - - // left = kl + 8 * trunc28(zl) - let left = a + point_of_trunc28_mul8(zl).to_cached(); - - let mut iout = [0u8; 64]; - imac.raw_result(&mut iout); - let cc = &iout[32..]; - - let mut out = [0u8; XPUB_SIZE]; - mk_xpub(&mut out, &left.to_p2().to_bytes(), cc); - - imac.reset(); - zmac.reset(); - - Ok(XPub::from_bytes(out)) - -} - -fn mk_public_key(extended_secret: &[u8]) -> [u8; PUBLIC_KEY_SIZE] { - assert!(extended_secret.len() == 64); - let a = ge_scalarmult_base(&extended_secret[0..32]); - a.to_bytes() -} - -#[cfg(test)] -mod tests { - use super::*; - - const D1: [u8;XPRV_SIZE] = - [0xf8, 0xa2, 0x92, 0x31, 0xee, 0x38, 0xd6, 0xc5, 0xbf, 0x71, 0x5d, 0x5b, 0xac, 0x21, 0xc7, - 0x50, 0x57, 0x7a, 0xa3, 0x79, 0x8b, 0x22, 0xd7, 0x9d, 0x65, 0xbf, 0x97, 0xd6, 0xfa, 0xde, - 0xa1, 0x5a, 0xdc, 0xd1, 0xee, 0x1a, 0xbd, 0xf7, 0x8b, 0xd4, 0xbe, 0x64, 0x73, 0x1a, 0x12, - 0xde, 0xb9, 0x4d, 0x36, 0x71, 0x78, 0x41, 0x12, 0xeb, 0x6f, 0x36, 0x4b, 0x87, 0x18, 0x51, - 0xfd, 0x1c, 0x9a, 0x24, 0x73, 0x84, 0xdb, 0x9a, 0xd6, 0x00, 0x3b, 0xbd, 0x08, 0xb3, 0xb1, - 0xdd, 0xc0, 0xd0, 0x7a, 0x59, 0x72, 0x93, 0xff, 0x85, 0xe9, 0x61, 0xbf, 0x25, 0x2b, 0x33, - 0x12, 0x62, 0xed, 0xdf, 0xad, 0x0d]; - - const D1_H0: [u8;XPRV_SIZE] = - [0x60, 0xd3, 0x99, 0xda, 0x83, 0xef, 0x80, 0xd8, 0xd4, 0xf8, 0xd2, 0x23, 0x23, 0x9e, 0xfd, - 0xc2, 0xb8, 0xfe, 0xf3, 0x87, 0xe1, 0xb5, 0x21, 0x91, 0x37, 0xff, 0xb4, 0xe8, 0xfb, 0xde, - 0xa1, 0x5a, 0xdc, 0x93, 0x66, 0xb7, 0xd0, 0x03, 0xaf, 0x37, 0xc1, 0x13, 0x96, 0xde, 0x9a, - 0x83, 0x73, 0x4e, 0x30, 0xe0, 0x5e, 0x85, 0x1e, 0xfa, 0x32, 0x74, 0x5c, 0x9c, 0xd7, 0xb4, - 0x27, 0x12, 0xc8, 0x90, 0x60, 0x87, 0x63, 0x77, 0x0e, 0xdd, 0xf7, 0x72, 0x48, 0xab, 0x65, - 0x29, 0x84, 0xb2, 0x1b, 0x84, 0x97, 0x60, 0xd1, 0xda, 0x74, 0xa6, 0xf5, 0xbd, 0x63, 0x3c, - 0xe4, 0x1a, 0xdc, 0xee, 0xf0, 0x7a]; - - const MSG: &'static [u8] = b"Hello World"; - - const D1_H0_SIGNATURE: [u8; 64] = - [0x90, 0x19, 0x4d, 0x57, 0xcd, 0xe4, 0xfd, 0xad, 0xd0, 0x1e, 0xb7, 0xcf, 0x16, 0x17, 0x80, - 0xc2, 0x77, 0xe1, 0x29, 0xfc, 0x71, 0x35, 0xb9, 0x77, 0x79, 0xa3, 0x26, 0x88, 0x37, 0xe4, - 0xcd, 0x2e, 0x94, 0x44, 0xb9, 0xbb, 0x91, 0xc0, 0xe8, 0x4d, 0x23, 0xbb, 0xa8, 0x70, 0xdf, - 0x3c, 0x4b, 0xda, 0x91, 0xa1, 0x10, 0xef, 0x73, 0x56, 0x38, 0xfa, 0x7a, 0x34, 0xea, 0x20, - 0x46, 0xd4, 0xbe, 0x04]; - - fn compare_xprv(xprv: &[u8], expected_xprv: &[u8]) { - assert_eq!(xprv[64..].to_vec(), - expected_xprv[64..].to_vec(), - "chain code"); - assert_eq!(xprv[..64].to_vec(), - expected_xprv[..64].to_vec(), - "extended key"); - } - - fn seed_xprv_eq(seed: &Seed, expected_xprv: &[u8;XPRV_SIZE]) { - let xprv = XPrv::generate_from_seed(&seed); - compare_xprv(xprv.as_ref(), expected_xprv); - } - - #[test] - fn seed_cases() { - let bytes = [0xe3, 0x55, 0x24, 0xa5, 0x18, 0x03, 0x4d, 0xdc, 0x11, 0x92, 0xe1, 0xda, - 0xcd, 0x32, 0xc1, 0xed, 0x3e, 0xaa, 0x3c, 0x3b, 0x13, 0x1c, 0x88, 0xed, - 0x8e, 0x7e, 0x54, 0xc4, 0x9a, 0x5d, 0x09, 0x98]; - let seed = Seed::from_bytes(bytes); - seed_xprv_eq(&seed, &D1); - } - - fn derive_xprv_eq(parent_xprv: &XPrv, idx: DerivationIndex, expected_xprv: [u8; 96]) { - let child_xprv = derive_private(parent_xprv, idx); - compare_xprv(child_xprv.as_ref(), &expected_xprv); - } - - #[test] - fn xprv_derive() { - let prv = XPrv::from_bytes(D1); - derive_xprv_eq(&prv, 0x80000000, D1_H0); - } - - fn do_sign(xprv: &XPrv, expected_signature: &[u8]) { - let signature : Signature> = xprv.sign(MSG); - assert_eq!(signature.as_ref(), expected_signature); - } - - #[test] - fn xprv_sign() { - let prv = XPrv::from_bytes(D1_H0); - do_sign(&prv, &D1_H0_SIGNATURE); - } -} diff --git a/wallet-crypto/src/lib.rs b/wallet-crypto/src/lib.rs deleted file mode 100644 index f704eb3..0000000 --- a/wallet-crypto/src/lib.rs +++ /dev/null @@ -1,19 +0,0 @@ -#[macro_use] -extern crate serde_derive; -extern crate serde; - -extern crate rcw; - -mod crc32; -mod util; -mod merkle; -pub mod config; -pub mod hdwallet; -pub mod paperwallet; -pub mod address; -pub mod hdpayload; -pub mod tx; - -pub mod cbor; -pub mod bip44; -pub mod wallet; diff --git a/wallet-crypto/src/merkle.rs b/wallet-crypto/src/merkle.rs deleted file mode 100644 index 1ba3641..0000000 --- a/wallet-crypto/src/merkle.rs +++ /dev/null @@ -1,12 +0,0 @@ -use std::marker::PhantomData; - -type Hash = Vec; -pub struct Root { - hash: Hash, - _phantom: PhantomData, -} - -pub enum Node { - Leaf(Hash, T), - Branch(Box>, Root, Box>), -} diff --git a/wallet-crypto/src/paperwallet.rs b/wallet-crypto/src/paperwallet.rs deleted file mode 100644 index 7fc69e1..0000000 --- a/wallet-crypto/src/paperwallet.rs +++ /dev/null @@ -1,126 +0,0 @@ -extern crate rcw; -use self::rcw::sha2::Sha512; -use self::rcw::hmac::Hmac; -use self::rcw::pbkdf2::{pbkdf2}; - -const ITERS : u32 = 10000; -pub const IV_SIZE: usize = 8; -const SALT_SIZE: usize = IV_SIZE; - - -fn gen(iv: &[u8], password: &[u8], buf: &mut [u8]) { - assert!(iv.len() == IV_SIZE); - let mut salt = [0u8;SALT_SIZE]; - salt[0..IV_SIZE].clone_from_slice(iv); - let mut mac = Hmac::new(Sha512::new(), password); - pbkdf2(&mut mac, &salt[..], ITERS, buf); -} - -/// Given a 4 bytes IV, and a password, scramble the input -/// using a simple XOR, and returning the IV prepended to the shielded input -pub fn scramble(iv: &[u8], password: &[u8], input: &[u8]) -> Vec { - assert!(iv.len() == IV_SIZE); - let sz = IV_SIZE + input.len(); - let mut out = Vec::with_capacity(sz); - - out.extend_from_slice(iv); - for _ in IV_SIZE..sz { - out.push(0); - } - - gen(iv, password, &mut out[IV_SIZE..sz]); - - for i in IV_SIZE..sz { - out[i] = out[i] ^ input[i-IV_SIZE]; - } - out -} - -/// Try to reverse the scramble operation, using -/// the first `IV_SIZE` bytes as IV, and the rest as the shielded input. -pub fn unscramble(password: &[u8], input: &[u8]) -> Vec{ - assert!(input.len() > IV_SIZE); - - let out_sz = input.len() - IV_SIZE; - - let mut out = Vec::with_capacity(out_sz); - for _ in 0..out_sz { - out.push(0); - } - - gen(&input[0..IV_SIZE], password, &mut out[0..out_sz]); - for i in 0..out_sz { - out[i] = out[i] ^ input[IV_SIZE+i]; - } - out -} - - -#[cfg(test)] -mod tests { - //use paperwallet::{scramble,unscramble}; - use paperwallet; - -/// # GOLDEN_TEST: cardano/crypto/scramble128 -/// -/// -/// -/// ## Input(s) -/// -/// ``` -/// iv ([u8,4]) = "hexadecimal encoded bytes" -/// input (&'static str) = "UTF8 BIP39 passphrase (english)" -/// passphrase (&'static str) = "Bouble quoted, encoded string." -/// ``` -/// -/// ## Output(s) -/// -/// ``` -/// shielded_input (&'static str) = "UTF8 BIP39 passphrase (english)" -/// ``` -struct TestVector { - iv : [u8;8], - input : [u8;16], - passphrase : &'static str, - shielded_input : [u8;24] -} - -const GOLDEN_TESTS : [TestVector;3] = - [ TestVector - { iv : [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00] - , input : [0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f, 0x7f] - , passphrase : "" - , shielded_input : [0, 0, 0, 0, 0, 0, 0, 0, 250, 194, 41, 40, 102, 196, 34, 60, 90, 125, 175, 186, 222, 152, 14, 9] - } - , TestVector - { iv : [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07] - , input : [0x5a, 0x94, 0x0d, 0x50, 0xab, 0x0d, 0x4e, 0x2e, 0xbf, 0x3b, 0x2c, 0x6e, 0xb3, 0x99, 0xe8, 0x27] - , passphrase : "Cardano Ada" - , shielded_input : [0, 1, 2, 3, 4, 5, 6, 7, 193, 34, 111, 15, 127, 245, 15, 164, 3, 24, 171, 35, 99, 32, 181, 158] - } - , TestVector - { iv : [0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a] - , input : [0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff] - , passphrase : "This is a very long passphrase. This is a very long passphrase. This is a very long passphrase. This is a very long passphrase." - , shielded_input : [42, 42, 42, 42, 42, 42, 42, 42, 199, 113, 24, 116, 236, 196, 179, 147, 0, 136, 72, 43, 59, 108, 139, 133] - } - ]; - - - #[test] - fn paper_scramble() { - for tv in GOLDEN_TESTS.iter() { - let r = paperwallet::scramble(&tv.iv[..], tv.passphrase.as_bytes(), &tv.input[..]); - assert_eq!(&r[..], &tv.shielded_input[..]); - } - } - - #[test] - fn paper_unscramble() { - for tv in GOLDEN_TESTS.iter() { - let r = paperwallet::unscramble(tv.passphrase.as_bytes(), &tv.shielded_input[..]); - assert_eq!(&r[..], &tv.input[..]); - } - } - -} diff --git a/wallet-crypto/src/tx.rs b/wallet-crypto/src/tx.rs deleted file mode 100644 index e7c5a97..0000000 --- a/wallet-crypto/src/tx.rs +++ /dev/null @@ -1,860 +0,0 @@ -use std::{fmt, ops, iter, vec, slice, convert}; -use std::collections::{LinkedList, BTreeMap}; - -use rcw::digest::Digest; -use rcw::blake2b::Blake2b; - -use util::hex; -use cbor; -use cbor::{ExtendedResult}; -use config::{Config}; - -use hdwallet::{Signature, XPub, XPrv}; -use address::{ExtendedAddr, SpendingData}; -use hdpayload; -use merkle; -use bip44::{Addressing}; - -use serde; - -pub const HASH_SIZE : usize = 32; - -/// Blake2b 256 bits -#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Copy, Clone)] -pub struct Hash([u8;HASH_SIZE]); -impl AsRef<[u8]> for Hash { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } -} -impl Hash { - pub fn new(buf: &[u8]) -> Self - { - let mut b2b = Blake2b::new(HASH_SIZE); - let mut out = [0;HASH_SIZE]; - b2b.input(buf); - b2b.result(&mut out); - Self::from_bytes(out) - } - - pub fn from_bytes(bytes :[u8;HASH_SIZE]) -> Self { Hash(bytes) } - pub fn from_slice(bytes: &[u8]) -> Option { - if bytes.len() != HASH_SIZE { return None; } - let mut buf = [0;HASH_SIZE]; - - buf[0..HASH_SIZE].clone_from_slice(bytes); - Some(Self::from_bytes(buf)) - } -} -impl fmt::Display for Hash { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - self.0.iter().for_each(|byte| { - if byte < &0x10 { - write!(f, "0{:x}", byte).unwrap() - } else { - write!(f, "{:x}", byte).unwrap() - } - }); - Ok(()) - } -} -impl cbor::CborValue for Hash { - fn encode(&self) -> cbor::Value { cbor::Value::Bytes(cbor::Bytes::from_slice(self.as_ref())) } - fn decode(value: cbor::Value) -> cbor::Result { - value.bytes().and_then(|bytes| { - match Hash::from_slice(bytes.as_ref()) { - Some(digest) => Ok(digest), - None => { - cbor::Result::bytes(bytes, cbor::Error::InvalidSize(32)) - } - } - }).embed("while decoding Hash") - } -} -impl serde::Serialize for Hash -{ - #[inline] - fn serialize(&self, serializer: S) -> Result - where S: serde::Serializer, - { - if serializer.is_human_readable() { - serializer.serialize_str(&hex::encode(self.as_ref())) - } else { - serializer.serialize_bytes(&self.as_ref()) - } - } -} -struct HashVisitor(); -impl HashVisitor { fn new() -> Self { HashVisitor {} } } -impl<'de> serde::de::Visitor<'de> for HashVisitor { - type Value = Hash; - - fn expecting(&self, fmt: &mut fmt::Formatter) -> fmt::Result { - write!(fmt, "Expecting a Blake2b_256 hash (`Hash`)") - } - - fn visit_str<'a, E>(self, v: &'a str) -> Result - where E: serde::de::Error - { - let bytes = hex::decode(v); - - match Hash::from_slice(&bytes) { - None => Err(E::invalid_length(bytes.len(), &"32 bytes")), - Some(r) => Ok(r) - } - } - - fn visit_bytes<'a, E>(self, v: &'a [u8]) -> Result - where E: serde::de::Error - { - match Hash::from_slice(v) { - None => Err(E::invalid_length(v.len(), &"32 bytes")), - Some(r) => Ok(r) - } - } -} -impl<'de> serde::Deserialize<'de> for Hash -{ - fn deserialize(deserializer: D) -> Result - where D: serde::Deserializer<'de> - { - if deserializer.is_human_readable() { - deserializer.deserialize_str(HashVisitor::new()) - } else { - deserializer.deserialize_bytes(HashVisitor::new()) - } - } -} - -// TODO: this seems to be the hash of the serialisation CBOR of a given Tx. -// if this is confirmed, we need to make a proper type, wrapping it around -// to hash a `Tx` by serializing it cbor first. -pub type TxId = Hash; - -const MAX_COIN: u64 = 45000000000000000; - -// TODO: add custom implementation of `serde::de::Deserialize` so we can check the -// upper bound of the `Coin`. -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Clone, Copy)] -pub struct Coin(u64); -impl Coin { - pub fn zero() -> Self { Coin(0) } - pub fn new(v: u64) -> Option { - if v <= MAX_COIN { Some(Coin(v)) } else { None } - } -} -impl cbor::CborValue for Coin { - fn encode(&self) -> cbor::Value { cbor::Value::U64(self.0) } - fn decode(value: cbor::Value) -> cbor::Result { - value.u64().and_then(|v| { - match Coin::new(v) { - Some(coin) => Ok(coin), - None => cbor::Result::u64(v, cbor::Error::Between(0, MAX_COIN)) - } - }) - } -} -impl ops::Add for Coin { - type Output = Coin; - fn add(self, other: Coin) -> Self::Output { - Coin(self.0 + other.0) - } -} -impl<'a> ops::Add<&'a Coin> for Coin { - type Output = Coin; - fn add(self, other: &'a Coin) -> Self::Output { - Coin(self.0 + other.0) - } -} -impl ops::Sub for Coin { - type Output = Option; - fn sub(self, other: Coin) -> Self::Output { - if other.0 > self.0 { None } else { Some(Coin(self.0 - other.0)) } - } -} -impl<'a> ops::Sub<&'a Coin> for Coin { - type Output = Option; - fn sub(self, other: &'a Coin) -> Self::Output { - if other.0 > self.0 { None } else { Some(Coin(self.0 - other.0)) } - } -} -// this instance is necessary to chain the substraction operations -// -// i.e. `coin1 - coin2 - coin3` -impl ops::Sub for Option { - type Output = Option; - fn sub(self, other: Coin) -> Self::Output { - if other.0 > self?.0 { None } else { Some(Coin(self?.0 - other.0)) } - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)] -pub struct TxOut { - pub address: ExtendedAddr, - pub value: Coin, -} -impl TxOut { - pub fn new(addr: ExtendedAddr, value: Coin) -> Self { - TxOut { address: addr, value: value } - } -} -impl cbor::CborValue for TxOut { - fn encode(&self) -> cbor::Value { - cbor::Value::Array( - vec![ cbor::CborValue::encode(&self.address) - , cbor::CborValue::encode(&self.value) - ] - ) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.array().and_then(|array| { - let (array, addr) = cbor::array_decode_elem(array, 0)?; - let (array, val) = cbor::array_decode_elem(array, 0)?; - if !array.is_empty() { - cbor::Result::array(array, cbor::Error::UnparsedValues) - } else { - Ok(TxOut::new(addr, val)) - } - }) - } -} - -type TODO = u8; -type ValidatorScript = TODO; -type RedeemerScript = TODO; -type RedeemPublicKey = TODO; -type RedeemSignature = TODO; - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)] -pub enum TxInWitness { - /// signature of the `Tx` with the associated `XPub` - /// the `XPub` is the public key set in the AddrSpendingData - PkWitness(XPub, Signature), - ScriptWitness(ValidatorScript, RedeemerScript), - RedeemWitness(RedeemPublicKey, RedeemSignature), -} -impl TxInWitness { - /// create a TxInWitness from a given private key `XPrv` for the given transaction `Tx`. - pub fn new(cfg: &Config, key: &XPrv, tx: &Tx) -> Self { - let txid = cbor::encode_to_cbor(&tx.id()).unwrap(); - - let mut vec = vec![ 0x01 ]; // this is the tag for TxSignature - vec.extend_from_slice(&cbor::encode_to_cbor(&cfg.protocol_magic).unwrap()); - vec.extend_from_slice(&txid); - TxInWitness::PkWitness(key.public(), key.sign(&vec)) - } - - /// verify a given extended address is associated to the witness. - /// - pub fn verify_address(&self, address: &ExtendedAddr) -> bool { - match self { - &TxInWitness::PkWitness(ref pk, _) => { - let sd = SpendingData::PubKeyASD(pk.clone()); - let ea = ExtendedAddr::new(address.addr_type, sd, address.attributes.clone()); - - &ea == address - }, - &TxInWitness::ScriptWitness(_, _) => { unimplemented!() }, - &TxInWitness::RedeemWitness(_, _) => { unimplemented!() }, - } - } - - /// verify the signature against the given transation `Tx` - /// - pub fn verify_tx(&self, cfg: &Config, tx: &Tx) -> bool { - match self { - &TxInWitness::PkWitness(ref pk, ref sig) => { - let txid = cbor::encode_to_cbor(&tx.id()).unwrap(); - - let mut vec = vec![ 0x01 ]; // this is the tag for TxSignature - vec.extend_from_slice(&cbor::encode_to_cbor(&cfg.protocol_magic).unwrap()); - vec.extend_from_slice(&txid); - - pk.verify(&vec, sig) - }, - &TxInWitness::ScriptWitness(_, _) => { unimplemented!() }, - &TxInWitness::RedeemWitness(_, _) => { unimplemented!() }, - } - } - - /// verify the address's public key and the transaction signature - pub fn verify(&self, cfg: &Config, address: &ExtendedAddr, tx: &Tx) -> bool { - self.verify_address(address) && self.verify_tx(&cfg, tx) - } -} -impl cbor::CborValue for TxInWitness { - fn encode(&self) -> cbor::Value { - let (i, bytes) = match self { - &TxInWitness::PkWitness(ref pk, ref sig) => { - let v = cbor::Value::Array( - vec![ cbor::CborValue::encode(pk) - , cbor::CborValue::encode(sig) - ] - ); - (0u64, cbor::encode_to_cbor(&v).unwrap()) - }, - &TxInWitness::ScriptWitness(_, _) => { unimplemented!() }, - &TxInWitness::RedeemWitness(_, _) => { unimplemented!() }, - }; - cbor::Value::Array( - vec![ cbor::CborValue::encode(&i) - , cbor::Value::Tag(24, Box::new(cbor::Value::Bytes(cbor::Bytes::new(bytes)))) - ] - ) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.array().and_then(|sum_type| { - let (sum_type, v) = cbor::array_decode_elem(sum_type, 0).embed("sum_type's id")?; - match v { - 0u64 => { - let (sum_type, tag) : (Vec, cbor::Value) = cbor::array_decode_elem(sum_type, 0).embed("sum_type's value")?; - if !sum_type.is_empty() { return cbor::Result::array(sum_type, cbor::Error::UnparsedValues); } - tag.tag().and_then(|(t, v)| { - if t != 24 { return cbor::Result::tag(t, v, cbor::Error::InvalidTag(t)); } - (*v).bytes() - }).and_then(|bytes| { - let (pk, sig) = cbor::decode_from_cbor(bytes.as_ref())?; - Ok(TxInWitness::PkWitness(pk, sig)) - }).embed("while decoding `TxInWitness::PkWitness`") - }, - _ => { unimplemented!() } - } - }).embed("While decoding TxInWitness") - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)] -pub struct TxIn { - pub id: TxId, - pub index: u32, -} -impl TxIn { - pub fn new(id: TxId, index: u32) -> Self { TxIn { id: id, index: index } } -} -impl cbor::CborValue for TxIn { - fn encode(&self) -> cbor::Value { - let v = cbor::encode_to_cbor(&(self.id.clone(), self.index)).unwrap(); - cbor::Value::Array( - vec![ cbor::CborValue::encode(&0u64) - , cbor::Value::Tag(24, Box::new(cbor::Value::Bytes(cbor::Bytes::new(v)))) - ] - ) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.array().and_then(|sum_type| { - let (sum_type, v) = cbor::array_decode_elem(sum_type, 0).embed("sum_type id")?; - if v != 0u64 { return cbor::Result::array(sum_type, cbor::Error::InvalidSumtype(v)); } - let (sum_type, tag) : (Vec, cbor::Value) = cbor::array_decode_elem(sum_type, 0).embed("sum_type's value")?; - if !sum_type.is_empty() { return cbor::Result::array(sum_type, cbor::Error::UnparsedValues); } - tag.tag().and_then(|(t, v)| { - if t != 24 { return cbor::Result::tag(t, v, cbor::Error::InvalidTag(t)); } - (*v).bytes() - }).and_then(|bytes| { - let (id, index) = cbor::decode_from_cbor(bytes.as_ref())?; - Ok(TxIn::new(id, index)) - }).embed("while decoding `TxIn's inner sumtype`") - }).embed("while decoding TxIn") - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)] -pub struct Tx { - inputs: LinkedList, - outputs: LinkedList, - // attributes: TxAttributes - // - // So far, there is no TxAttributes... the structure contains only the unparsed/unknown stuff -} -impl Tx { - pub fn new() -> Self { Tx::new_with(LinkedList::new(), LinkedList::new()) } - pub fn new_with(ins: LinkedList, outs: LinkedList) -> Self { - Tx { inputs: ins, outputs: outs } - } - pub fn id(&self) -> TxId { - let buf = cbor::encode_to_cbor(self).expect("to cbor-encode a Tx in a vector in memory"); - TxId::new(&buf) - } - pub fn add_input(&mut self, i: TxIn) { - self.inputs.push_back(i) - } - pub fn add_output(&mut self, o: TxOut) { - self.outputs.push_back(o) - } -} -impl cbor::CborValue for Tx { - fn encode(&self) -> cbor::Value { - let inputs = cbor::CborValue::encode(&self.inputs); - let outputs = cbor::CborValue::encode(&self.outputs); - let attr = cbor::Value::Object(BTreeMap::new()); - cbor::Value::Array( - vec![ inputs - , outputs - , attr - ] - ) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.decode().and_then(|(input_values, output_values, _attributes) : (cbor::Value, cbor::Value, cbor::Value)| { - let inputs = input_values.decode().embed("while decoding Tx's TxIn")?; - let outputs = output_values.decode().embed("while decoding Tx's TxOut")?; - Ok(Tx::new_with(inputs, outputs)) - }).embed("while decoding Tx") - } - -} - -/// This is a Resolved version of a `TxIn`. -/// -/// It contains the `TxIn` which is the value we need to put in the -/// transaction to reference funds to input to the transation. -/// -/// It also contains the `TxOut` the value present at the given -/// `TxIn`'s `TxId` and _index_ in the block chain. -/// -#[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone)] -pub struct Input { - pub ptr: TxIn, - pub value: TxOut, - pub addressing: Addressing -} -impl Input { - pub fn new(ptr: TxIn, value: TxOut, addressing: Addressing) -> Self - { Input { ptr: ptr, value: value, addressing: addressing } } - - pub fn value(&self) -> Coin { self.value.value } - - pub fn get_derivation_path(&self, key: &hdpayload::HDKey) -> Option { - match &self.value.address.attributes.derivation_path { - &Some(ref payload) => { key.decrypt_path(payload) }, - &None => { None } - } - } -} - -/// Collection of `Input` that will be used for creating a `Tx` and fee stabilisation -#[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone)] -pub struct Inputs(Vec); -impl Inputs { - pub fn new() -> Self { Inputs(Vec::new()) } - pub fn as_slice(&self) -> &[Input] { self.0.as_slice() } - pub fn push(&mut self, i: Input) { self.0.push(i) } - pub fn len(&self) -> usize { self.0.len() } - pub fn is_empty(&self) -> bool { self.0.is_empty() } - pub fn append(&mut self, other: &mut Self) { self.0.append(&mut other.0)} -} -impl convert::AsRef for Inputs { - fn as_ref(&self) -> &Self { self } -} -impl convert::AsRef<[Input]> for Inputs { - fn as_ref(&self) -> &[Input] { self.0.as_ref() } -} -impl ops::Deref for Inputs { - type Target = [Input]; - - fn deref(&self) -> &[Input] { self.0.deref() } -} -impl iter::FromIterator for Inputs { - fn from_iter>(iter: I) -> Inputs { - Inputs(iter::FromIterator::from_iter(iter)) - } -} -impl iter::Extend for Inputs { - fn extend(&mut self, i: I) where I: IntoIterator { - self.0.extend(i) - } -} -impl IntoIterator for Inputs { - type Item = Input; - type IntoIter = vec::IntoIter; - - fn into_iter(self) -> Self::IntoIter { self.0.into_iter() } -} -impl<'a> IntoIterator for &'a Inputs { - type Item = &'a Input; - type IntoIter = slice::Iter<'a, Input>; - - fn into_iter(self) -> Self::IntoIter { self.0.iter() } -} - -/// Collection of `Input` that will be used for creating a `Tx` and fee stabilisation -#[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone)] -pub struct Outputs(Vec); -impl Outputs { - pub fn new() -> Self { Outputs(Vec::new()) } - pub fn as_slice(&self) -> &[TxOut] { self.0.as_slice() } - pub fn push(&mut self, i: TxOut) { self.0.push(i) } - pub fn len(&self) -> usize { self.0.len() } - pub fn is_empty(&self) -> bool { self.0.is_empty() } - pub fn append(&mut self, other: &mut Self) { self.0.append(&mut other.0)} - - pub fn total(&self) -> Coin { self.iter().fold(Coin::zero(), |acc, ref c| acc + c.value) } -} -impl convert::AsRef for Outputs { - fn as_ref(&self) -> &Self { self } -} -impl convert::AsRef<[TxOut]> for Outputs { - fn as_ref(&self) -> &[TxOut] { self.0.as_ref() } -} -impl ops::Deref for Outputs { - type Target = [TxOut]; - - fn deref(&self) -> &[TxOut] { self.0.deref() } -} -impl iter::FromIterator for Outputs { - fn from_iter>(iter: I) -> Outputs { - Outputs(iter::FromIterator::from_iter(iter)) - } -} -impl iter::Extend for Outputs { - fn extend(&mut self, i: I) where I: IntoIterator { - self.0.extend(i) - } -} -impl IntoIterator for Outputs { - type Item = TxOut; - type IntoIter = vec::IntoIter; - - fn into_iter(self) -> Self::IntoIter { self.0.into_iter() } -} -impl<'a> IntoIterator for &'a Outputs { - type Item = &'a TxOut; - type IntoIter = slice::Iter<'a, TxOut>; - - fn into_iter(self) -> Self::IntoIter { self.0.iter() } -} - -pub mod fee { - //! fee stabilisation related algorithm - - use std::{result}; - use super::*; - - /// fee - #[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone, Copy)] - pub struct Fee(Coin); - impl Fee { - pub fn new(coin: Coin) -> Self { Fee(coin) } - pub fn to_coin(&self) -> Coin { self.0 } - } - - #[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone, Copy)] - pub enum Error { - NoInputs, - NoOutputs, - NotEnoughInput, - } - - type Result = result::Result; - - pub trait Algorithm { - fn compute(&self, policy: SelectionPolicy, inputs: &Inputs, outputs: &Outputs, change_addr: &ExtendedAddr, fee_addr: &ExtendedAddr) -> Result<(Fee, Inputs, Coin)>; - } - - #[derive(Serialize, Deserialize, PartialEq, PartialOrd, Debug, Clone, Copy)] - pub struct LinearFee { - /// this is the minimal fee - constant: f64, - /// the transaction's size coefficient fee - coefficient: f64 - } - impl LinearFee { - pub fn new(constant: f64, coefficient: f64) -> Self { - LinearFee { constant: constant, coefficient: coefficient } - } - - pub fn estimate(&self, sz: usize) -> Fee { - let fee = self.constant + self.coefficient * (sz as f64); - Fee(Coin::new(fee as u64).unwrap()) - } - } - impl Default for LinearFee { - fn default() -> Self { LinearFee::new(155381.0, 43.946) } - } - impl Algorithm for LinearFee { - fn compute( &self - , policy: SelectionPolicy - , inputs: &Inputs - , outputs: &Outputs - , change_addr: &ExtendedAddr - , fee_addr: &ExtendedAddr - ) - -> Result<(Fee, Inputs, Coin)> - { - if inputs.is_empty() { return Err(Error::NoInputs); } - if outputs.is_empty() { return Err(Error::NoOutputs); } - - let output_value = outputs.total(); - let mut fee = self.estimate(0); - let mut input_value = Coin::zero(); - let mut selected_inputs = Inputs::new(); - - // create the Tx on the fly - let mut txins = LinkedList::new(); - let txouts : LinkedList = outputs.iter().cloned().collect(); - - // for now we only support this selection algorithm - // we need to remove this assert when we extend to more - // granulated selection policy - assert!(policy == SelectionPolicy::FirstMatchFirst); - - for input in inputs.iter() { - input_value = input_value + input.value(); - selected_inputs.push(input.clone()); - txins.push_back(input.ptr.clone()); - - // calculate fee from the Tx serialised + estimated size for signing - let mut tx = Tx::new_with(txins.clone(), txouts.clone()); - let txbytes = cbor::encode_to_cbor(&tx).unwrap(); - - let estimated_fee = self.estimate(txbytes.len() + 5 + (42 * selected_inputs.len())); - - // add the fee in the correction of the fee - tx.add_output(TxOut::new(fee_addr.clone(), estimated_fee.to_coin())); - // add the change in the estimated fee - match output_value - input_value - estimated_fee.to_coin() { - None => {}, - Some(change_value) => { - tx.add_output(TxOut::new(change_addr.clone(), change_value)) - } - }; - - let txbytes = cbor::encode_to_cbor(&tx).unwrap(); - let corrected_fee = self.estimate(txbytes.len() + 5 + (42 * selected_inputs.len())); - - fee = corrected_fee; - - if input_value >= (output_value + fee.to_coin()) { break; } - } - - if input_value < (output_value + fee.to_coin()) { - return Err(Error::NotEnoughInput); - } - - Ok((fee, selected_inputs, (input_value - output_value - fee.to_coin()).unwrap())) - } - } - - /// the input selection method. - /// - #[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone, Copy)] - pub enum SelectionPolicy { - /// select the first inputs that matches, no optimisation - FirstMatchFirst - } - impl Default for SelectionPolicy { - fn default() -> Self { SelectionPolicy::FirstMatchFirst } - } -} - -#[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)] -pub struct TxAux { - tx: Tx, - witnesses: Vec, -} -impl TxAux { - pub fn new(tx: Tx, witnesses: Vec) -> Self { - TxAux { tx: tx, witnesses: witnesses } - } -} -impl cbor::CborValue for TxAux { - fn encode(&self) -> cbor::Value { - cbor::Value::Array( - vec![ cbor::CborValue::encode(&self.tx) - , cbor::CborValue::encode(&self.witnesses) - ] - ) - } - fn decode(value: cbor::Value) -> cbor::Result { - value.array().and_then(|array| { - let (array, tx) = cbor::array_decode_elem(array, 0).embed("decoding Tx")?; - let (array, witnesses) = cbor::array_decode_elem(array, 0).embed("decoding vector of witnesses")?; - if ! array.is_empty() { return cbor::Result::array(array, cbor::Error::UnparsedValues); } - Ok(TxAux::new(tx, witnesses)) - }).embed("While decoding TxAux.") - } - -} - -pub struct TxProof { - number: u32, - root: merkle::Root, - witnesses_hash: Hash, -} - -#[cfg(test)] -mod tests { - use super::*; - use address; - use hdpayload; - use hdwallet; - use cbor; - use config::{Config}; - - const SEED: [u8;hdwallet::SEED_SIZE] = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]; - - const HDPAYLOAD: &'static [u8] = &[1,2,3,4,5]; - - // CBOR encoded TxOut - const TX_OUT: &'static [u8] = &[0x82, 0x82, 0xd8, 0x18, 0x58, 0x29, 0x83, 0x58, 0x1c, 0x83, 0xee, 0xa1, 0xb5, 0xec, 0x8e, 0x80, 0x26, 0x65, 0x81, 0x46, 0x4a, 0xee, 0x0e, 0x2d, 0x6a, 0x45, 0xfd, 0x6d, 0x7b, 0x9e, 0x1a, 0x98, 0x3a, 0x50, 0x48, 0xcd, 0x15, 0xa1, 0x01, 0x46, 0x45, 0x01, 0x02, 0x03, 0x04, 0x05, 0x00, 0x1a, 0x9d, 0x45, 0x88, 0x4a, 0x18, 0x2a]; - const TX_IN: &'static [u8] = &[0x82, 0x00, 0xd8, 0x18, 0x58, 0x26, 0x82, 0x58, 0x20, 0xaa, 0xd7, 0x8a, 0x13, 0xb5, 0x0a, 0x01, 0x4a, 0x24, 0x63, 0x3c, 0x7d, 0x44, 0xfd, 0x8f, 0x8d, 0x18, 0xf6, 0x7b, 0xbb, 0x3f, 0xa9, 0xcb, 0xce, 0xdf, 0x83, 0x4a, 0xc8, 0x99, 0x75, 0x9d, 0xcd, 0x19, 0x02, 0x9a]; - - const TX: &'static [u8] = &[0x83, 0x9f, 0x82, 0x00, 0xd8, 0x18, 0x58, 0x26, 0x82, 0x58, 0x20, 0xaa, 0xd7, 0x8a, 0x13, 0xb5, 0x0a, 0x01, 0x4a, 0x24, 0x63, 0x3c, 0x7d, 0x44, 0xfd, 0x8f, 0x8d, 0x18, 0xf6, 0x7b, 0xbb, 0x3f, 0xa9, 0xcb, 0xce, 0xdf, 0x83, 0x4a, 0xc8, 0x99, 0x75, 0x9d, 0xcd, 0x19, 0x02, 0x9a, 0xff, 0x9f, 0x82, 0x82, 0xd8, 0x18, 0x58, 0x29, 0x83, 0x58, 0x1c, 0x83, 0xee, 0xa1, 0xb5, 0xec, 0x8e, 0x80, 0x26, 0x65, 0x81, 0x46, 0x4a, 0xee, 0x0e, 0x2d, 0x6a, 0x45, 0xfd, 0x6d, 0x7b, 0x9e, 0x1a, 0x98, 0x3a, 0x50, 0x48, 0xcd, 0x15, 0xa1, 0x01, 0x46, 0x45, 0x01, 0x02, 0x03, 0x04, 0x05, 0x00, 0x1a, 0x9d, 0x45, 0x88, 0x4a, 0x18, 0x2a, 0xff, 0xa0]; - - const TX_IN_WITNESS: &'static [u8] = &[0x82, 0x00, 0xd8, 0x18, 0x58, 0x85, 0x82, 0x58, 0x40, 0x1c, 0x0c, 0x3a, 0xe1, 0x82, 0x5e, 0x90, 0xb6, 0xdd, 0xda, 0x3f, 0x40, 0xa1, 0x22, 0xc0, 0x07, 0xe1, 0x00, 0x8e, 0x83, 0xb2, 0xe1, 0x02, 0xc1, 0x42, 0xba, 0xef, 0xb7, 0x21, 0xd7, 0x2c, 0x1a, 0x5d, 0x36, 0x61, 0xde, 0xb9, 0x06, 0x4f, 0x2d, 0x0e, 0x03, 0xfe, 0x85, 0xd6, 0x80, 0x70, 0xb2, 0xfe, 0x33, 0xb4, 0x91, 0x60, 0x59, 0x65, 0x8e, 0x28, 0xac, 0x7f, 0x7f, 0x91, 0xca, 0x4b, 0x12, 0x58, 0x40, 0x9d, 0x6d, 0x91, 0x1e, 0x58, 0x8d, 0xd4, 0xfb, 0x77, 0xcb, 0x80, 0xc2, 0xc6, 0xad, 0xbc, 0x2b, 0x94, 0x2b, 0xce, 0xa5, 0xd8, 0xa0, 0x39, 0x22, 0x0d, 0xdc, 0xd2, 0x35, 0xcb, 0x75, 0x86, 0x2c, 0x0c, 0x95, 0xf6, 0x2b, 0xa1, 0x11, 0xe5, 0x7d, 0x7c, 0x1a, 0x22, 0x1c, 0xf5, 0x13, 0x3e, 0x44, 0x12, 0x88, 0x32, 0xc1, 0x49, 0x35, 0x4d, 0x1e, 0x57, 0xb6, 0x80, 0xfe, 0x57, 0x2d, 0x76, 0x0c]; - - const TX_AUX : &'static [u8] = &[0x82, 0x83, 0x9f, 0x82, 0x00, 0xd8, 0x18, 0x58, 0x26, 0x82, 0x58, 0x20, 0xaa, 0xd7, 0x8a, 0x13, 0xb5, 0x0a, 0x01, 0x4a, 0x24, 0x63, 0x3c, 0x7d, 0x44, 0xfd, 0x8f, 0x8d, 0x18, 0xf6, 0x7b, 0xbb, 0x3f, 0xa9, 0xcb, 0xce, 0xdf, 0x83, 0x4a, 0xc8, 0x99, 0x75, 0x9d, 0xcd, 0x19, 0x02, 0x9a, 0xff, 0x9f, 0x82, 0x82, 0xd8, 0x18, 0x58, 0x29, 0x83, 0x58, 0x1c, 0x83, 0xee, 0xa1, 0xb5, 0xec, 0x8e, 0x80, 0x26, 0x65, 0x81, 0x46, 0x4a, 0xee, 0x0e, 0x2d, 0x6a, 0x45, 0xfd, 0x6d, 0x7b, 0x9e, 0x1a, 0x98, 0x3a, 0x50, 0x48, 0xcd, 0x15, 0xa1, 0x01, 0x46, 0x45, 0x01, 0x02, 0x03, 0x04, 0x05, 0x00, 0x1a, 0x9d, 0x45, 0x88, 0x4a, 0x18, 0x2a, 0xff, 0xa0, 0x81, 0x82, 0x00, 0xd8, 0x18, 0x58, 0x85, 0x82, 0x58, 0x40, 0x1c, 0x0c, 0x3a, 0xe1, 0x82, 0x5e, 0x90, 0xb6, 0xdd, 0xda, 0x3f, 0x40, 0xa1, 0x22, 0xc0, 0x07, 0xe1, 0x00, 0x8e, 0x83, 0xb2, 0xe1, 0x02, 0xc1, 0x42, 0xba, 0xef, 0xb7, 0x21, 0xd7, 0x2c, 0x1a, 0x5d, 0x36, 0x61, 0xde, 0xb9, 0x06, 0x4f, 0x2d, 0x0e, 0x03, 0xfe, 0x85, 0xd6, 0x80, 0x70, 0xb2, 0xfe, 0x33, 0xb4, 0x91, 0x60, 0x59, 0x65, 0x8e, 0x28, 0xac, 0x7f, 0x7f, 0x91, 0xca, 0x4b, 0x12, 0x58, 0x40, 0x9d, 0x6d, 0x91, 0x1e, 0x58, 0x8d, 0xd4, 0xfb, 0x77, 0xcb, 0x80, 0xc2, 0xc6, 0xad, 0xbc, 0x2b, 0x94, 0x2b, 0xce, 0xa5, 0xd8, 0xa0, 0x39, 0x22, 0x0d, 0xdc, 0xd2, 0x35, 0xcb, 0x75, 0x86, 0x2c, 0x0c, 0x95, 0xf6, 0x2b, 0xa1, 0x11, 0xe5, 0x7d, 0x7c, 0x1a, 0x22, 0x1c, 0xf5, 0x13, 0x3e, 0x44, 0x12, 0x88, 0x32, 0xc1, 0x49, 0x35, 0x4d, 0x1e, 0x57, 0xb6, 0x80, 0xfe, 0x57, 0x2d, 0x76, 0x0c]; - - #[test] - fn txout_decode() { - let txout : TxOut = cbor::decode_from_cbor(TX_OUT).unwrap(); - - let hdap = hdpayload::HDAddressPayload::from_bytes(HDPAYLOAD); - assert_eq!(Coin::new(42).unwrap(), txout.value); - assert_eq!(address::AddrType::ATPubKey, txout.address.addr_type); - assert_eq!(address::StakeDistribution::new_bootstrap_era(), txout.address.attributes.stake_distribution); - assert_eq!(txout.address.attributes.derivation_path, Some(hdap)); - } - - #[test] - fn txout_encode_decode() { - let seed = hdwallet::Seed::from_bytes(SEED); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - let hdap = hdpayload::HDAddressPayload::from_bytes(HDPAYLOAD); - let addr_type = address::AddrType::ATPubKey; - let sd = address::SpendingData::PubKeyASD(pk.clone()); - let attrs = address::Attributes::new_single_key(&pk, Some(hdap)); - - let ea = address::ExtendedAddr::new(addr_type, sd, attrs); - let value = Coin::new(42).unwrap(); - - assert!(cbor::hs::encode_decode(&TxOut::new(ea, value))); - } - - #[test] - fn txin_decode() { - let txin : TxIn = cbor::decode_from_cbor(TX_IN).unwrap(); - - assert!(txin.index == 666); - } - - #[test] - fn txin_encode_decode() { - let txid = TxId::new(&[0;32]); - assert!(cbor::hs::encode_decode(&TxIn::new(txid, 666))); - } - - #[test] - fn tx_decode() { - let txin : TxIn = cbor::decode_from_cbor(TX_IN).unwrap(); - let txout : TxOut = cbor::decode_from_cbor(TX_OUT).unwrap(); - let mut tx : Tx = cbor::decode_from_cbor(TX) - .expect("Expecting to decode a `Tx`"); - - assert!(tx.inputs.len() == 1); - assert_eq!(Some(txin), tx.inputs.pop_front()); - assert!(tx.outputs.len() == 1); - assert_eq!(Some(txout), tx.outputs.pop_front()); - } - - #[test] - fn tx_encode_decode() { - let txid = TxId::new(&[0;32]); - let txin = TxIn::new(txid, 666); - - let seed = hdwallet::Seed::from_bytes(SEED); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - let hdap = hdpayload::HDAddressPayload::from_bytes(HDPAYLOAD); - let addr_type = address::AddrType::ATPubKey; - let sd = address::SpendingData::PubKeyASD(pk.clone()); - let attrs = address::Attributes::new_single_key(&pk, Some(hdap)); - let ea = address::ExtendedAddr::new(addr_type, sd, attrs); - let value = Coin::new(42).unwrap(); - let txout = TxOut::new(ea, value); - - let mut tx = Tx::new(); - tx.add_input(txin); - tx.add_output(txout); - - assert!(cbor::hs::encode_decode(&tx)); - } - - #[test] - fn txinwitness_decode() { - let cfg = Config::default(); - let txinwitness : TxInWitness = cbor::decode_from_cbor(TX_IN_WITNESS).expect("to decode a `TxInWitness`"); - let tx : Tx = cbor::decode_from_cbor(TX).expect("to decode a `Tx`"); - - let seed = hdwallet::Seed::from_bytes(SEED); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - - assert!(txinwitness == TxInWitness::new(&cfg, &sk, &tx)); - } - - #[test] - fn txinwitness_encode_decode() { - let cfg = Config::default(); - let tx : Tx = cbor::decode_from_cbor(TX).expect("to decode a `Tx`"); - - let seed = hdwallet::Seed::from_bytes(SEED); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - - let txinwitness = TxInWitness::new(&cfg, &sk, &tx); - - assert!(cbor::hs::encode_decode(&txinwitness)); - } - - #[test] - fn txinwitness_sign_verify() { - let cfg = Config::default(); - // create wallet's keys - let seed = hdwallet::Seed::from_bytes(SEED); - let sk = hdwallet::XPrv::generate_from_seed(&seed); - let pk = sk.public(); - - // create an Address - let hdap = hdpayload::HDAddressPayload::from_bytes(HDPAYLOAD); - let addr_type = address::AddrType::ATPubKey; - let sd = address::SpendingData::PubKeyASD(pk.clone()); - let attrs = address::Attributes::new_single_key(&pk, Some(hdap)); - let ea = address::ExtendedAddr::new(addr_type, sd, attrs); - - // create a transaction - let txid = TxId::new(&[0;32]); - let txin = TxIn::new(txid, 666); - let value = Coin::new(42).unwrap(); - let txout = TxOut::new(ea.clone(), value); - let mut tx = Tx::new(); - tx.add_input(txin); - tx.add_output(txout); - - // here we pretend that `ea` is the address we find from the found we want - // to take. In the testing case, it is not important that it is also the - // txout of this given transation - - // create a TxInWitness (i.e. sign the given transaction) - let txinwitness = TxInWitness::new(&cfg, &sk, &tx); - - // check the address is the correct one - assert!(txinwitness.verify_address(&ea)); - assert!(txinwitness.verify_tx(&cfg, &tx)); - assert!(txinwitness.verify(&cfg, &ea, &tx)); - } - - #[test] - fn txaux_decode() { - let _txaux : TxAux = cbor::decode_from_cbor(TX_AUX).expect("to decode a TxAux"); - } - - #[test] - fn txaux_encode_decode() { - let cfg = Config::default(); - let tx : Tx = cbor::decode_from_cbor(TX).expect("to decode a `Tx`"); - let txinwitness : TxInWitness = cbor::decode_from_cbor(TX_IN_WITNESS).expect("to decode a `TxInWitness`"); - - let witnesses = vec![txinwitness]; - - let txaux = TxAux::new(tx, witnesses); - - assert!(cbor::hs::encode_decode(&txaux)); - } -} diff --git a/wallet-crypto/src/util.rs b/wallet-crypto/src/util.rs deleted file mode 100644 index 991e995..0000000 --- a/wallet-crypto/src/util.rs +++ /dev/null @@ -1,213 +0,0 @@ -pub mod hex { - const ALPHABET : &'static [u8] = b"0123456789abcdef"; - - pub fn encode(input: &[u8]) -> String { - let mut v = Vec::with_capacity(input.len() * 2); - for &byte in input.iter() { - v.push(ALPHABET[(byte >> 4) as usize]); - v.push(ALPHABET[(byte & 0xf) as usize]); - } - - unsafe { - String::from_utf8_unchecked(v) - } - } - pub fn decode(input: &str) -> Vec { - let mut b = Vec::with_capacity(input.len() / 2); - let mut modulus = 0; - let mut buf = 0; - - for (idx, byte) in input.bytes().enumerate() { - buf <<= 4; - - match byte { - b'A'...b'F' => buf |= byte - b'A' + 10, - b'a'...b'f' => buf |= byte - b'a' + 10, - b'0'...b'9' => buf |= byte - b'0', - b' '|b'\r'|b'\n'|b'\t' => { - buf >>= 4; - continue - } - _ => { - // we only assume correct inputs - unimplemented!() - } - } - - modulus += 1; - if modulus == 2 { - modulus = 0; - b.push(buf); - } - } - - b - } - - #[cfg(test)] - mod tests { - fn encode(input: &[u8], expected: &str) { - let encoded = super::encode(input); - assert_eq!(encoded, expected); - } - fn decode(expected: &[u8], input: &str) { - let decoded = super::decode(input); - assert_eq!(decoded.as_slice(), expected); - } - - #[test] - fn test_vector_1() { - encode(&[1,2,3,4], "01020304"); - decode(&[1,2,3,4], "01020304"); - } - - #[test] - fn test_vector_2() { - encode(&[0xff,0x0f,0xff,0xff], "ff0fffff"); - decode(&[0xff,0x0f,0xff,0xff], "ff0fffff"); - } - } -} - -pub mod base58 { - use super::{base_decode, base_encode}; - - const ALPHABET : &'static str = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; - - pub fn encode(input: &[u8]) -> String { - String::from_utf8(base_encode(ALPHABET, input)).unwrap() - } - pub fn decode(input: &str) -> Vec { - base_decode(ALPHABET, input.as_bytes()) - } - - #[cfg(test)] - mod tests { - fn encode(input: &[u8], expected: &str) { - let encoded = super::encode(input); - assert_eq!(encoded, expected); - } - fn decode(expected: &[u8], input: &str) { - let decoded = super::decode(input); - assert_eq!(decoded.as_slice(), expected); - } - - #[test] - fn test_vector_1() { - encode(b"\0\0\0\0", "11111"); - decode(b"\0\0\0\0", "11111"); - } - - #[test] - fn test_vector_2() { - encode(b"This is awesome!", "BRY7dK2V98Sgi7CFWiZbap"); - decode(b"This is awesome!", "BRY7dK2V98Sgi7CFWiZbap"); - } - - #[test] - fn test_vector_3() { - encode(b"Hello World...", "TcgsE5dzphUWfjcb9i5"); - decode(b"Hello World...", "TcgsE5dzphUWfjcb9i5"); - } - - #[test] - fn test_vector_4() { - encode(b"\0abc", "1ZiCa"); - decode(b"\0abc", "1ZiCa"); - } - - #[test] - fn test_vector_5() { - encode(b"\0\0abc", "11ZiCa"); - decode(b"\0\0abc", "11ZiCa"); - } - - #[test] - fn test_vector_6() { - encode(b"\0\0\0abc", "111ZiCa"); - decode(b"\0\0\0abc", "111ZiCa"); - } - - #[test] - fn test_vector_7() { - encode(b"\0\0\0\0abc", "1111ZiCa"); - decode(b"\0\0\0\0abc", "1111ZiCa"); - } - - #[test] - fn test_vector_8() { - encode(b"abcdefghijklmnopqrstuvwxyz", "3yxU3u1igY8WkgtjK92fbJQCd4BZiiT1v25f"); - decode(b"abcdefghijklmnopqrstuvwxyz", "3yxU3u1igY8WkgtjK92fbJQCd4BZiiT1v25f"); - } - } -} - -pub fn base_encode(alphabet_s: &str, input: &[u8]) -> Vec { - let alphabet = alphabet_s.as_bytes(); - let base = alphabet.len() as u32; - - let mut digits = vec![0 as u8]; - for input in input.iter() { - let mut carry = input.clone() as u32; - for j in 0..digits.len() { - carry = carry + ((digits[j] as u32) << 8); - digits[j] = (carry % base) as u8; - carry = carry / base; - } - - while carry > 0 { - digits.push((carry % base) as u8); - carry = carry / base; - } - } - - let mut string = vec![]; - - let mut k = 0; - while (k < input.len()) && (input[k] == 0) { - string.push(alphabet[0]); - k += 1; - } - for digit in digits.iter().rev() { - string.push(alphabet[digit.clone() as usize]); - } - - string -} - - -pub fn base_decode(alphabet_s: &str, input: &[u8]) -> Vec { - let alphabet = alphabet_s.as_bytes(); - let base = alphabet.len() as u32; - - let mut bytes : Vec = vec![0]; - let zcount = input.iter().take_while(|x| **x == alphabet[0]).count(); - - for i in zcount..input.len() { - let value = match alphabet.iter().position(|&x| x == input[i]) { - Some(idx) => idx, - None => panic!() - }; - let mut carry = value as u32; - for j in 0..bytes.len() { - carry = carry + (bytes[j] as u32 * base); - bytes[j] = carry as u8; - carry = carry >> 8; - } - - while carry > 0 { - bytes.push(carry as u8); - carry = carry >> 8; - } - } - let leading_zeros = bytes.iter().rev().take_while(|x| **x == 0).count(); - if zcount > leading_zeros { - if leading_zeros > 0 { - for _ in 0..(zcount - leading_zeros - 1) { bytes.push(0); } - } else { - for _ in 0..zcount { bytes.push(0); } - } - } - bytes.reverse(); - bytes -} diff --git a/wallet-crypto/src/wallet.rs b/wallet-crypto/src/wallet.rs deleted file mode 100644 index 2a93368..0000000 --- a/wallet-crypto/src/wallet.rs +++ /dev/null @@ -1,130 +0,0 @@ -//! unlike the hdwallet object, this the stateful wallet implementation -//! -//! # definition -//! -//! While other modules tries to be stateless as much as possible -//! here we want to provide all the logic one may want from a wallet. -//! - -use hdwallet; -use address; -use tx; -use config; -use bip44::{Addressing, AddrType, BIP44_PURPOSE, BIP44_COIN_TYPE}; -use tx::fee::Algorithm; - -use std::{result}; - -#[derive(Serialize, Deserialize, Debug,PartialEq,Eq)] -pub enum Error { - NotMyAddress_NoPayload, - NotMyAddress_CannotDecodePayload, - NotMyAddress_NotMyPublicKey, - NotMyAddress_InvalidAddressing, - FeeCalculationError(tx::fee::Error) -} -impl From for Error { - fn from(j: tx::fee::Error) -> Self { Error::FeeCalculationError(j) } -} - -pub type Result = result::Result; - -/// the Wallet object -#[derive(Serialize, Deserialize, Debug, PartialEq, Eq)] -pub struct Wallet { - cached_root_key: hdwallet::XPrv, - - config: config::Config, - selection_policy: tx::fee::SelectionPolicy, -} -impl Wallet { - /// generate a new wallet - /// - pub fn new() -> Self { unimplemented!() } - - /// create a new wallet from the given seed - pub fn new_from_seed(seed: &hdwallet::Seed) -> Self { - let key= hdwallet::XPrv::generate_from_seed(&seed) - .derive(BIP44_PURPOSE) - .derive(BIP44_COIN_TYPE); - Wallet { - cached_root_key: key, - config: config::Config::default(), - selection_policy: tx::fee::SelectionPolicy::default() - } - } - - /// create an extended address from the given addressing - /// - pub fn gen_addresses(&self, account: u32, addr_type: AddrType, indices: Vec) -> Vec - { - let addressing = Addressing::new(account, addr_type); - - let change_prv = self.get_root_key() - .derive(addressing.account) - .derive(addressing.change); - - indices.iter().cloned().map(|index| { - let pk = change_prv.derive(index).public(); - let addr_type = address::AddrType::ATPubKey; - let sd = address::SpendingData::PubKeyASD(pk.clone()); - let attrs = address::Attributes::new_single_key(&pk, None); - - address::ExtendedAddr::new(addr_type, sd, attrs) - }).collect() - } - - /// function to create a ready to send transaction to the network - /// - /// it select the needed inputs, compute the fee and possible change - /// signes every TxIn as needed. - /// - pub fn new_transaction( &self - , inputs: &tx::Inputs - , outputs: &tx::Outputs - , fee_addr: &address::ExtendedAddr - , change_addr: &address::ExtendedAddr - ) - -> Result - { - let alg = tx::fee::LinearFee::default(); - - let (fee, selected_inputs, change) = alg.compute(self.selection_policy, inputs, outputs, change_addr, fee_addr)?; - - let mut tx = tx::Tx::new_with( - selected_inputs.iter().cloned().map(|input| input.ptr).collect(), - outputs.iter().cloned().collect() - ); - - tx.add_output(tx::TxOut::new(fee_addr.clone(), fee.to_coin())); - tx.add_output(tx::TxOut::new(change_addr.clone(), change)); - - let mut witnesses = vec![]; - - for input in selected_inputs { - let key = self.get_xprv(&input.addressing); - - witnesses.push(tx::TxInWitness::new(&self.config, &key, &tx)); - } - - Ok(tx::TxAux::new(tx, witnesses)) - } - - /// retrieve the root extended private key from the wallet but pre - /// derived for the purpose and coin type. - /// - /// TODO: this function is not meant to be public - fn get_root_key<'a>(&'a self) -> &'a hdwallet::XPrv { - &self.cached_root_key - } - - /// retrieve the key from the wallet and the given path - /// - /// TODO: this function is not meant to be public - fn get_xprv(&self, addressing: &Addressing) -> hdwallet::XPrv { - self.get_root_key() - .derive(addressing.account) - .derive(addressing.change) - .derive(addressing.index) - } -} diff --git a/wallet-wasm/Cargo.toml b/wallet-wasm/Cargo.toml index 0014ebb..123016e 100644 --- a/wallet-wasm/Cargo.toml +++ b/wallet-wasm/Cargo.toml @@ -12,8 +12,8 @@ keywords = [ "Cardano", "Wallet", "Wasm" ] serde = "1.0" serde_derive = "1.0" serde_json = "1.0" -rcw = { path = "../rcw" } -wallet-crypto = { path = "../wallet-crypto" } +rcw = { path = "../rust/rcw" } +wallet-crypto = { path = "../rust/wallet-crypto" } [lib] crate-type = ["cdylib"]