From c030020cfb85e0180d1af93676e2bd7741fb9b35 Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Fri, 25 Apr 2025 23:29:05 +0200 Subject: [PATCH 1/7] port cipher to Rust Until the relevant keystore.c functions are ported too, we keep the cipher.c/cipher.h interface but have it call into Rust. The test_cipher.c tests were ported and the test generator script adatped to produce Rust output. --- .gitmodules | 3 - external/CMakeLists.txt | 5 - external/ctaes | 1 - src/CMakeLists.txt | 1 - src/cipher/cipher.c | 179 +- src/rust/Cargo.lock | 21 + src/rust/Cargo.toml | 1 + src/rust/bitbox-aes/.gitignore | 1 + src/rust/bitbox-aes/Cargo.toml | 35 + src/rust/bitbox-aes/src/lib.rs | 3065 ++++++++++++++++++ src/rust/bitbox02-rust-c/Cargo.toml | 1 + src/rust/bitbox02-rust-c/src/lib.rs | 34 + src/rust/bitbox02/build.rs | 1 - src/rust/vendor/ctaes/.cargo-checksum.json | 1 + src/rust/vendor/ctaes/Cargo.lock | 32 + src/rust/vendor/ctaes/Cargo.toml | 52 + src/rust/vendor/ctaes/LICENSE | 201 ++ src/rust/vendor/ctaes/README.md | 4 + src/rust/vendor/ctaes/build.rs | 8 + src/rust/vendor/ctaes/depend/ctaes/COPYING | 21 + src/rust/vendor/ctaes/depend/ctaes/README.md | 41 + src/rust/vendor/ctaes/depend/ctaes/bench.c | 175 + src/rust/vendor/ctaes/depend/ctaes/ctaes.c | 632 ++++ src/rust/vendor/ctaes/depend/ctaes/ctaes.h | 68 + src/rust/vendor/ctaes/depend/ctaes/test.c | 184 ++ src/rust/vendor/ctaes/src/lib.rs | 558 ++++ test/simulator/CMakeLists.txt | 5 - test/unit-test/CMakeLists.txt | 5 - test/unit-test/test_cipher.c | 13 - 29 files changed, 5150 insertions(+), 198 deletions(-) delete mode 160000 external/ctaes create mode 100644 src/rust/bitbox-aes/.gitignore create mode 100644 src/rust/bitbox-aes/Cargo.toml create mode 100644 src/rust/bitbox-aes/src/lib.rs create mode 100644 src/rust/vendor/ctaes/.cargo-checksum.json create mode 100644 src/rust/vendor/ctaes/Cargo.lock create mode 100644 src/rust/vendor/ctaes/Cargo.toml create mode 100644 src/rust/vendor/ctaes/LICENSE create mode 100644 src/rust/vendor/ctaes/README.md create mode 100644 src/rust/vendor/ctaes/build.rs create mode 100644 src/rust/vendor/ctaes/depend/ctaes/COPYING create mode 100644 src/rust/vendor/ctaes/depend/ctaes/README.md create mode 100644 src/rust/vendor/ctaes/depend/ctaes/bench.c create mode 100644 src/rust/vendor/ctaes/depend/ctaes/ctaes.c create mode 100644 src/rust/vendor/ctaes/depend/ctaes/ctaes.h create mode 100644 src/rust/vendor/ctaes/depend/ctaes/test.c create mode 100644 src/rust/vendor/ctaes/src/lib.rs diff --git a/.gitmodules b/.gitmodules index eec568ac9..300266113 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,9 +1,6 @@ [submodule "external/cryptoauthlib"] path = external/cryptoauthlib url = https://github.com/BitBoxSwiss/cryptoauthlib.git -[submodule "external/ctaes"] - path = external/ctaes - url = https://github.com/BitBoxSwiss/ctaes.git [submodule "external/libwally-core"] path = external/libwally-core url = https://github.com/BitBoxSwiss/libwally-core.git diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt index 633307dc8..b653656b4 100644 --- a/external/CMakeLists.txt +++ b/external/CMakeLists.txt @@ -250,11 +250,6 @@ set_property(TARGET fatfs PROPERTY INTERFACE_LINK_LIBRARIES "") target_include_directories(fatfs SYSTEM PUBLIC fatfs/source) target_compile_options(fatfs PRIVATE -Wno-switch-default) -add_library(ctaes - ctaes/ctaes.c -) -target_include_directories(ctaes SYSTEM PUBLIC ctaes) - add_library(rtt SEGGER_RTT_V796b/RTT/SEGGER_RTT.c ) diff --git a/external/ctaes b/external/ctaes deleted file mode 160000 index 8012b062e..000000000 --- a/external/ctaes +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8012b062ea4931f10cc2fd2075fddc3782a57ee4 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 12ee976dd..aab0f4794 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -481,7 +481,6 @@ if(CMAKE_CROSSCOMPILING) optiga cryptoauthlib fatfs - ctaes c samd51a-ds asf4-drivers-min diff --git a/src/cipher/cipher.c b/src/cipher/cipher.c index fddcf8a40..8e80f987f 100644 --- a/src/cipher/cipher.c +++ b/src/cipher/cipher.c @@ -13,154 +13,34 @@ // limitations under the License. #include "cipher.h" -#include - -#include -#include #include -#include -#include +#include #ifdef TESTING #include #endif -#define N_BLOCK (16U) -// Used to sanity-check input to avoid large stack allocations -#define CIPHER_MAX_ALLOC (200U) - -static bool _derive_hmac_keys( - const uint8_t* secret, - uint8_t* encryption_key_out, - uint8_t* authentication_key_out) -{ - uint8_t hash[64]; - UTIL_CLEANUP_64(hash); - if (wally_sha512(secret, 32, hash, sizeof(hash)) != WALLY_OK) { - return false; - } - memcpy(encryption_key_out, hash, 32); - memcpy(authentication_key_out, hash + 32, 32); - return true; -} - -// out_len must be at least in_len + N_BLOCK + N_BLOCK -// necessary in_len/out_len range checks are done in cipher_aes_hmac_encrypt(). -static bool _aes_encrypt( - const uint8_t* in, +bool cipher_aes_hmac_encrypt( + const unsigned char* in, size_t in_len, uint8_t* out, size_t* out_len, - const uint8_t* key) + const uint8_t* secret) { - if (in_len > CIPHER_MAX_ALLOC) { - return false; - } - size_t padlen = N_BLOCK - in_len % N_BLOCK; - size_t inpadlen = in_len + padlen; - uint8_t inpad[inpadlen]; - *out_len = inpadlen + N_BLOCK; - - // PKCS7 padding - memcpy(inpad, in, in_len); - for (size_t i = 0; i < padlen; i++) { - inpad[in_len + i] = padlen; - } - uint8_t iv[32] = {0}; // only 16 bytes needed for IV. #ifdef TESTING cipher_mock_iv(iv); #else random_32_bytes(iv); #endif - memcpy(out, iv, N_BLOCK); - - AES256_CBC_ctx ctx = {0}; - AES256_CBC_init(&ctx, key, iv); - AES256_CBC_encrypt(&ctx, inpadlen / N_BLOCK, out + N_BLOCK, inpad); - *out_len = inpadlen + N_BLOCK; - - util_zero(inpad, inpadlen); - util_zero(&ctx, sizeof(ctx)); - return true; -} - -bool cipher_aes_hmac_encrypt( - const unsigned char* in, - size_t in_len, - uint8_t* out, - size_t* out_len, - const uint8_t* secret) -{ - // in_len + iv + pad + hmac - if (*out_len != in_len + N_BLOCK + N_BLOCK + 32) { - return false; - } - uint8_t encryption_key[32]; - UTIL_CLEANUP_32(encryption_key); - uint8_t authentication_key[32]; - UTIL_CLEANUP_32(authentication_key); - if (!_derive_hmac_keys(secret, encryption_key, authentication_key)) { - return false; - } - - size_t encrypt_len = in_len + 32; - if (!_aes_encrypt(in, in_len, out, &encrypt_len, encryption_key)) { - return false; - } - - *out_len = encrypt_len + 32; - - return wally_hmac_sha256( - authentication_key, - sizeof(authentication_key), - out, - encrypt_len, - out + encrypt_len, - 32) == WALLY_OK; -} - -// necessary in_len/out_len range checks are done in cipher_aes_hmac_decrypt(). -static bool _aes_decrypt( - const uint8_t* in, - size_t in_len, - uint8_t* out, - size_t* out_len, - const uint8_t* key) -{ - if (in_len > CIPHER_MAX_ALLOC) { - return false; - } - uint8_t dec_pad[in_len - N_BLOCK]; - const uint8_t* iv = in; // first 16 bytes - - AES256_CBC_ctx ctx = {0}; - AES256_CBC_init(&ctx, key, iv); - AES256_CBC_decrypt(&ctx, in_len / N_BLOCK - 1, dec_pad, in + N_BLOCK); - - // Strip PKCS7 padding - uint8_t padlen = dec_pad[in_len - N_BLOCK - 1]; - if (padlen > N_BLOCK) { - goto error; - } - if (in_len < N_BLOCK + padlen) { - goto error; - } - for (size_t i = 0; i < padlen; i++) { - if (dec_pad[in_len - N_BLOCK - 1 - i] != padlen) { - goto error; - } - } - memcpy(out, dec_pad, in_len - N_BLOCK - padlen); - *out_len = in_len - N_BLOCK - padlen; - util_zero(dec_pad, sizeof(dec_pad)); - util_zero(&ctx, sizeof(ctx)); + rust_cipher_encrypt( + rust_util_bytes(iv, 16), + rust_util_bytes(secret, 32), + rust_util_bytes(in, in_len), + rust_util_bytes_mut(out, *out_len), + out_len); return true; -error: - util_zero(dec_pad, sizeof(dec_pad)); - util_zero(&ctx, sizeof(ctx)); - return false; } bool cipher_aes_hmac_decrypt( @@ -170,38 +50,9 @@ bool cipher_aes_hmac_decrypt( size_t* out_len, const uint8_t* key) { - // iv + pad + hmac - if (in_len < N_BLOCK + N_BLOCK + 32) { - return false; - } - // have space for at least in_len - iv - hmac - if (*out_len != in_len - N_BLOCK - 32) { - return false; - } - - uint8_t encryption_key[32]; - UTIL_CLEANUP_32(encryption_key); - uint8_t authentication_key[32]; - UTIL_CLEANUP_32(authentication_key); - - if (!_derive_hmac_keys(key, encryption_key, authentication_key)) { - return false; - } - - uint8_t hmac[32]; - UTIL_CLEANUP_32(hmac); - if (wally_hmac_sha256( - authentication_key, - sizeof(authentication_key), - in, - in_len - sizeof(hmac), - hmac, - sizeof(hmac)) != WALLY_OK) { - return false; - } - - if (!MEMEQ(hmac, in + in_len - sizeof(hmac), sizeof(hmac))) { - return false; - } - return _aes_decrypt(in, in_len - sizeof(hmac), out, out_len, encryption_key); + return rust_cipher_decrypt( + rust_util_bytes(key, 32), + rust_util_bytes(in, in_len), + rust_util_bytes_mut(out, *out_len), + out_len); } diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index c937f9a3d..9db38a23b 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -78,6 +78,17 @@ dependencies = [ "zeroize", ] +[[package]] +name = "bitbox-aes" +version = "0.1.0" +dependencies = [ + "bitbox02", + "ctaes", + "hmac", + "sha2", + "zeroize", +] + [[package]] name = "bitbox02" version = "0.1.0" @@ -132,6 +143,7 @@ dependencies = [ name = "bitbox02-rust-c" version = "0.1.0" dependencies = [ + "bitbox-aes", "bitbox02", "bitbox02-noise", "bitbox02-rust", @@ -347,6 +359,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctaes" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4cbca3712c15d1e2dcc77f4eea8c838fb98f54ffe272d13a72516d488b098ce" +dependencies = [ + "cc", +] + [[package]] name = "curve25519-dalek" version = "4.1.3" diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml index 6187b738f..91e57b6a5 100644 --- a/src/rust/Cargo.toml +++ b/src/rust/Cargo.toml @@ -23,6 +23,7 @@ members = [ "bitbox02-sys", "erc20_params", "streaming-silent-payments", + "bitbox-aes", ] resolver = "2" diff --git a/src/rust/bitbox-aes/.gitignore b/src/rust/bitbox-aes/.gitignore new file mode 100644 index 000000000..eb5a316cb --- /dev/null +++ b/src/rust/bitbox-aes/.gitignore @@ -0,0 +1 @@ +target diff --git a/src/rust/bitbox-aes/Cargo.toml b/src/rust/bitbox-aes/Cargo.toml new file mode 100644 index 000000000..6fff2698c --- /dev/null +++ b/src/rust/bitbox-aes/Cargo.toml @@ -0,0 +1,35 @@ +# Copyright 2025 Shift Cryptos AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[package] +name = "bitbox-aes" +version = "0.1.0" +authors = ["Shift Crypto AG "] +edition = "2024" +license = "Apache-2.0" + +[dependencies] +bitbox02 = { path = "../bitbox02", optional = true } +sha2 = { workspace = true } +hmac = { version = "0.12", default-features = false, features = ["reset"] } +ctaes = { version = "0.1.0" } +zeroize = { workspace = true } + +[features] +# We use wally_sha512 over `sha2::Sha512`, which bloats the binary by an additional ~12.7kB (at the +# time of writing). This should be enabled for production builds until we can get rid of +# wally_sha512 completely. This feature exists so `cargo test` works. +use-wally-sha512 = [ + "dep:bitbox02", +] diff --git a/src/rust/bitbox-aes/src/lib.rs b/src/rust/bitbox-aes/src/lib.rs new file mode 100644 index 000000000..2c054e802 --- /dev/null +++ b/src/rust/bitbox-aes/src/lib.rs @@ -0,0 +1,3065 @@ +// Copyright 2025 Shift Crypto AG +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#![no_std] + +#[cfg_attr(test, macro_use)] +extern crate alloc; + +use alloc::vec::Vec; + +use hmac::{digest::FixedOutput, Mac, SimpleHmac}; +use sha2::Sha256; + +// AES block size. +const BLOCK_SIZE: usize = 16; + +fn pad_length(buf_len: usize) -> usize { + BLOCK_SIZE - buf_len % BLOCK_SIZE +} + +fn pkcs7_pad(buf: &mut Vec) { + let pad_len = pad_length(buf.len()); + buf.resize(buf.len() + pad_len, pad_len as u8); +} + +fn pkcs7_unpad(buf: &mut Vec) -> Result<(), ()> { + if buf.len() % BLOCK_SIZE != 0 { + return Err(()); + } + let pad_len = *buf.last().ok_or(())? as usize; + if pad_len == 0 || pad_len > BLOCK_SIZE { + return Err(()); + } + // The subtraction can't underflow due to the above conditions. + buf.truncate(buf.len() - pad_len); + Ok(()) +} + +fn encrypt(iv: &[u8; 16], key: &[u8; 32], plain: &[u8]) -> Vec { + // Allocate enough space so copying plain into it and padding it does not create copies that + // won't get zeroed. + let mut padded = zeroize::Zeroizing::new(Vec::with_capacity(pad_length(plain.len()))); + padded.extend_from_slice(plain); + pkcs7_pad(&mut padded); + let enc = ctaes::Aes256Cbc::new(key, iv).encrypt(&padded); + let mut out = iv.to_vec(); + out.extend_from_slice(&enc); + out +} + +fn decrypt(key: &[u8; 32], cipher: &[u8]) -> Result>, ()> { + let (iv, cipher) = cipher.split_at_checked(16).ok_or(())?; + let mut result = zeroize::Zeroizing::new(cipher.to_vec()); + ctaes::Aes256Cbc::new(key, &iv.try_into().unwrap()) + .decrypt_to_slice(cipher, result.as_mut_slice()); + pkcs7_unpad(&mut result)?; + Ok(result) +} + +fn sha512(buf: &[u8]) -> [u8; 64] { + #[cfg(feature = "use-wally-sha512")] + { + bitbox02::sha512(buf) + } + #[cfg(not(feature = "use-wally-sha512"))] + { + use sha2::Digest; + sha2::Sha512::digest(buf).into() + } +} + +fn hmac_sha256(key: &[u8], msg: &[u8]) -> [u8; 32] { + let mut mac = SimpleHmac::::new_from_slice(key).unwrap(); + mac.update(msg); + mac.finalize_fixed().into() +} + +pub fn encrypt_with_hmac(iv: &[u8; 16], key: &[u8], plain: &[u8]) -> Vec { + let hash: [u8; 64] = sha512(key); + let (encryption_key, authentication_key) = hash.split_at(32); + let mut cipher = encrypt(iv, encryption_key.try_into().unwrap(), plain); + let mac: [u8; 32] = hmac_sha256(authentication_key, &cipher); + cipher.extend_from_slice(&mac); + cipher +} + +pub fn decrypt_with_hmac(key: &[u8], cipher: &[u8]) -> Result>, ()> { + let hash: [u8; 64] = sha512(key); + let (encryption_key, authentication_key) = hash.split_at(32); + if cipher.len() < 32 { + return Err(()); + } + let (cipher, mac) = cipher.split_at(cipher.len() - 32); + + let expected_mac: [u8; 32] = hmac_sha256(authentication_key, cipher); + if mac != expected_mac { + return Err(()); + } + decrypt(encryption_key.try_into().unwrap(), cipher) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_pad_empty_buffer() { + let mut buf = vec![]; + pkcs7_pad(&mut buf); + assert_eq!(buf.len(), BLOCK_SIZE); + assert!(buf.iter().all(|&b| b == BLOCK_SIZE as u8)); + } + + #[test] + fn test_pad_partial_block() { + let mut buf = vec![0x01; 15]; + pkcs7_pad(&mut buf); + assert_eq!(buf.len(), BLOCK_SIZE); + assert_eq!(buf.last(), Some(&1)); + } + + #[test] + fn pad_full_block() { + let mut buf = vec![0x01; BLOCK_SIZE]; + pkcs7_pad(&mut buf); + assert_eq!(buf.len(), BLOCK_SIZE * 2); + assert!(buf[BLOCK_SIZE..].iter().all(|&b| b == BLOCK_SIZE as u8)); + } + + #[test] + fn test_unpad_single_byte_padding() { + let mut buf = vec![0u8; BLOCK_SIZE]; + *buf.last_mut().unwrap() = 1; + pkcs7_unpad(&mut buf).unwrap(); + assert_eq!(buf.len(), BLOCK_SIZE - 1); + } + + #[test] + fn test_unpad_full_block_padding() { + let mut buf = vec![BLOCK_SIZE as u8; BLOCK_SIZE]; + pkcs7_unpad(&mut buf).unwrap(); + assert!(buf.is_empty()); + } + + #[test] + fn test_unpad_invalid_length() { + let mut buf = vec![0u8; BLOCK_SIZE - 1]; + assert_eq!(pkcs7_unpad(&mut buf), Err(())); + } + + #[test] + fn test_unpad_zero_padding() { + let mut buf = vec![0u8; BLOCK_SIZE]; + *buf.last_mut().unwrap() = 0; + assert_eq!(pkcs7_unpad(&mut buf), Err(())); + } + + #[test] + fn test_unpad_padding_too_big() { + let mut buf = vec![0u8; BLOCK_SIZE]; + *buf.last_mut().unwrap() = BLOCK_SIZE as u8 + 1; + assert_eq!(pkcs7_unpad(&mut buf), Err(())); + } + + #[test] + fn test_unpad_empty_buffer() { + let mut buf = vec![]; + assert_eq!(pkcs7_unpad(&mut buf), Err(())); + } + + #[test] + fn test_padding_roundtrip_short_data() { + let mut data = b"hello".to_vec(); + let original = data.clone(); + pkcs7_pad(&mut data); + pkcs7_unpad(&mut data).unwrap(); + assert_eq!(data, original); + } + + #[test] + fn test_padding_roundtrip_full_block() { + let mut data = vec![0x42; BLOCK_SIZE]; + let original = data.clone(); + pkcs7_pad(&mut data); + pkcs7_unpad(&mut data).unwrap(); + assert_eq!(data, original); + } + + #[test] + fn test_wrong_hmac() { + let iv = [0u8; 16]; + let key = [0u8; 32]; + let mut enc = encrypt_with_hmac(&iv, &key, b"msg"); + // Modify MAC. + *enc.last_mut().unwrap() += 1; + assert!(decrypt_with_hmac(&key, &enc).is_err()); + } + + #[test] + fn test_wrong_key() { + let iv = [0u8; 16]; + let key = [0u8; 32]; + let wrong_key = [1u8; 32]; + let enc = encrypt_with_hmac(&iv, &key, b"msg"); + assert!(decrypt_with_hmac(&wrong_key, &enc).is_err()); + } + + #[test] + fn test_vectors() { + struct Test<'a> { + secret: &'a [u8], + msg: &'a [u8], + iv: &'a [u8], + cipher: &'a [u8], + } + + /* + # pip3 install pycryptodome + from Crypto.Cipher import AES + from Crypto.Random import get_random_bytes + from Crypto.Util.Padding import pad + import hashlib, hmac + + def encrypt(msg, iv, secret): + h = hashlib.sha512(secret).digest() + enc_key, auth_key = h[:32], h[32:] + cipher = iv + AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pad(msg, 16)) + return cipher + hmac.new(auth_key, cipher, hashlib.sha256).digest() + + def hexformat(b): + hex_bytes = [f'0x{byte:02x}' for byte in b] + lines = [] + for i in range(0, len(hex_bytes), 13): + chunk = hex_bytes[i:i+13] + lines.append(', '.join(chunk)) + elements = ',\n '.join(lines) + return f'&[\n {elements},\n ]' + + for i in range(100): + msg = get_random_bytes(i+1) + iv = get_random_bytes(16) + secret = get_random_bytes(32) + cipher = encrypt(msg, iv, secret) + print('Test {') + print(f' secret: {hexformat(secret)},') + print(f' msg: {hexformat(msg)},') + print(f' iv: {hexformat(iv)},') + print(f' cipher: {hexformat(cipher)},') + print('},') + */ + + let tests = &[ + Test { + secret: &[ + 0x0b, 0xf0, 0x4d, 0x38, 0x6d, 0x92, 0x12, 0x5f, 0x85, 0xc4, 0xe8, 0x28, 0x82, + 0x87, 0x48, 0xac, 0xfc, 0xdc, 0xdc, 0xc3, 0x39, 0xf4, 0xa6, 0xd1, 0x9a, 0x78, + 0x5f, 0x3b, 0x32, 0xf8, 0xc0, 0xb6, + ], + msg: &[0x17], + iv: &[ + 0xbb, 0x86, 0x00, 0x90, 0x26, 0x91, 0xc3, 0x61, 0xcf, 0xf1, 0x89, 0x4b, 0x22, + 0x70, 0x18, 0xa6, + ], + cipher: &[ + 0xbb, 0x86, 0x00, 0x90, 0x26, 0x91, 0xc3, 0x61, 0xcf, 0xf1, 0x89, 0x4b, 0x22, + 0x70, 0x18, 0xa6, 0x8a, 0xd8, 0x54, 0x99, 0x53, 0xba, 0x3c, 0x89, 0x9d, 0x8e, + 0x8e, 0x31, 0xfc, 0xcc, 0x9b, 0x11, 0x58, 0xa7, 0x1f, 0x8c, 0xfa, 0xe1, 0x40, + 0x2a, 0xaa, 0x85, 0xb5, 0x1f, 0xc1, 0x71, 0x04, 0x5a, 0xa3, 0x05, 0xc9, 0xf8, + 0xf4, 0x10, 0x8d, 0x6f, 0xe8, 0x7e, 0x86, 0xae, 0x3f, 0x6d, 0xfc, 0x38, + ], + }, + Test { + secret: &[ + 0xe3, 0x3e, 0x8f, 0xbb, 0x11, 0x85, 0xad, 0xa6, 0x74, 0x8b, 0x41, 0x53, 0x1a, + 0x9a, 0xcb, 0xf6, 0x88, 0xd2, 0x0b, 0xb6, 0x68, 0x8b, 0x3b, 0x60, 0x96, 0xf2, + 0xc1, 0x1b, 0x8e, 0x8e, 0x0b, 0x19, + ], + msg: &[0xe6, 0x20], + iv: &[ + 0x0c, 0x51, 0x2b, 0x19, 0x0f, 0x22, 0x5d, 0x68, 0x9d, 0x3b, 0x9f, 0x27, 0xd5, + 0x16, 0x1f, 0xf4, + ], + cipher: &[ + 0x0c, 0x51, 0x2b, 0x19, 0x0f, 0x22, 0x5d, 0x68, 0x9d, 0x3b, 0x9f, 0x27, 0xd5, + 0x16, 0x1f, 0xf4, 0x87, 0x53, 0xb9, 0xbd, 0x1c, 0xce, 0xa4, 0xb5, 0xd8, 0xf7, + 0x82, 0x8d, 0x56, 0xe3, 0x29, 0x53, 0xe6, 0x01, 0x49, 0xb8, 0x04, 0xc1, 0x96, + 0xa2, 0x83, 0x57, 0xce, 0x8b, 0x56, 0x1b, 0x73, 0x93, 0x67, 0xe0, 0x72, 0x8d, + 0x2e, 0x14, 0xce, 0x27, 0x6f, 0x40, 0xcc, 0x25, 0x09, 0x01, 0xaf, 0x9d, + ], + }, + Test { + secret: &[ + 0x6b, 0x88, 0x14, 0x36, 0x88, 0xc2, 0x73, 0x87, 0xa6, 0x5a, 0x58, 0xeb, 0x42, + 0x4e, 0xbe, 0xf4, 0x5a, 0xf6, 0x97, 0x31, 0x22, 0xfb, 0xa3, 0x64, 0x68, 0xc1, + 0xa6, 0xa4, 0x28, 0x63, 0x32, 0x4a, + ], + msg: &[0xd4, 0xea, 0x11], + iv: &[ + 0x31, 0x98, 0xe9, 0x70, 0x4b, 0x44, 0xc8, 0x54, 0x5c, 0xfa, 0x4d, 0x2f, 0x70, + 0x0e, 0x02, 0xd9, + ], + cipher: &[ + 0x31, 0x98, 0xe9, 0x70, 0x4b, 0x44, 0xc8, 0x54, 0x5c, 0xfa, 0x4d, 0x2f, 0x70, + 0x0e, 0x02, 0xd9, 0x5a, 0x95, 0xc3, 0x88, 0x6d, 0x1d, 0x37, 0xc1, 0x79, 0xfe, + 0x03, 0x7e, 0x9a, 0xa2, 0xe7, 0x57, 0x7d, 0x87, 0xcf, 0x7f, 0x36, 0xf3, 0x45, + 0x13, 0xa7, 0x30, 0xca, 0x58, 0xc3, 0xdc, 0x4c, 0xb4, 0x37, 0xb3, 0x71, 0xd9, + 0xa1, 0x25, 0x0a, 0xe4, 0x2c, 0xf3, 0xc6, 0xcb, 0xfb, 0x7a, 0x02, 0x6f, + ], + }, + Test { + secret: &[ + 0x49, 0x89, 0x5f, 0x2c, 0xb9, 0x4d, 0x25, 0x02, 0x92, 0x22, 0x9d, 0x02, 0x41, + 0x11, 0xdf, 0x9d, 0x4a, 0x80, 0x21, 0x00, 0xf8, 0xca, 0x65, 0xc5, 0x0f, 0xb6, + 0x61, 0xf8, 0x27, 0xf4, 0xe1, 0xde, + ], + msg: &[0xfb, 0x19, 0x64, 0x4b], + iv: &[ + 0xee, 0x61, 0x8d, 0x10, 0xc4, 0x12, 0xe4, 0xda, 0xd5, 0xab, 0xc1, 0xa1, 0x30, + 0xcc, 0xb4, 0xe5, + ], + cipher: &[ + 0xee, 0x61, 0x8d, 0x10, 0xc4, 0x12, 0xe4, 0xda, 0xd5, 0xab, 0xc1, 0xa1, 0x30, + 0xcc, 0xb4, 0xe5, 0xc7, 0x72, 0xdb, 0xcc, 0x09, 0x0e, 0xc9, 0x5f, 0xdf, 0xfe, + 0x25, 0xe5, 0x75, 0xd4, 0x5b, 0xbb, 0x48, 0x79, 0x5a, 0xa4, 0xe9, 0xda, 0xdd, + 0x73, 0xa5, 0xec, 0xaa, 0xc7, 0x14, 0x96, 0x43, 0xc9, 0xa4, 0x33, 0x3e, 0x3a, + 0xdc, 0xf5, 0x20, 0xe2, 0xf6, 0x10, 0xac, 0x3f, 0xf2, 0x19, 0x40, 0xf9, + ], + }, + Test { + secret: &[ + 0x2a, 0xa2, 0x4a, 0xf9, 0x3d, 0xde, 0x18, 0x60, 0x00, 0xe2, 0xd2, 0xe5, 0x62, + 0xea, 0x73, 0xff, 0x61, 0xc6, 0x45, 0x29, 0x5d, 0x55, 0x45, 0xcc, 0xa5, 0xde, + 0xa4, 0x84, 0xa0, 0x86, 0xc6, 0x48, + ], + msg: &[0xa1, 0xd3, 0x41, 0x55, 0xff], + iv: &[ + 0x46, 0xb4, 0x7f, 0xa8, 0x95, 0xeb, 0x14, 0x7d, 0x6d, 0xdd, 0x82, 0xe3, 0x2d, + 0x83, 0x85, 0xfc, + ], + cipher: &[ + 0x46, 0xb4, 0x7f, 0xa8, 0x95, 0xeb, 0x14, 0x7d, 0x6d, 0xdd, 0x82, 0xe3, 0x2d, + 0x83, 0x85, 0xfc, 0xb1, 0x89, 0xda, 0xa9, 0xaa, 0x38, 0x56, 0x7f, 0xcb, 0xb6, + 0xaa, 0x84, 0x24, 0x41, 0x85, 0x35, 0x4e, 0xc4, 0xf9, 0x16, 0x1c, 0x36, 0x9b, + 0x5d, 0x35, 0x18, 0xf6, 0x31, 0x51, 0xa9, 0x43, 0x25, 0x79, 0x5a, 0xb4, 0x8d, + 0x56, 0xf3, 0xfc, 0x4d, 0xfb, 0x2a, 0xe1, 0x5e, 0x2c, 0x82, 0xca, 0x72, + ], + }, + Test { + secret: &[ + 0x62, 0xe9, 0x87, 0xfd, 0x0d, 0xba, 0xc5, 0x14, 0xe2, 0xc3, 0xe0, 0x26, 0x26, + 0x6b, 0x9c, 0x8e, 0x0a, 0x3d, 0x2b, 0xf7, 0xa9, 0x8f, 0xeb, 0x0f, 0x94, 0x43, + 0x16, 0x5e, 0xdd, 0x9a, 0xa7, 0x31, + ], + msg: &[0x06, 0x97, 0xe7, 0x5c, 0x59, 0x29], + iv: &[ + 0xc4, 0xc9, 0x81, 0xb0, 0xec, 0x59, 0x50, 0xf1, 0x98, 0x80, 0xb8, 0x43, 0x08, + 0xeb, 0xd2, 0xd0, + ], + cipher: &[ + 0xc4, 0xc9, 0x81, 0xb0, 0xec, 0x59, 0x50, 0xf1, 0x98, 0x80, 0xb8, 0x43, 0x08, + 0xeb, 0xd2, 0xd0, 0x71, 0x59, 0x9e, 0x4d, 0x4e, 0x97, 0x20, 0xfe, 0x49, 0x09, + 0x08, 0x3e, 0x34, 0x9f, 0x85, 0xa1, 0xf2, 0x79, 0xbb, 0x4f, 0xa7, 0x7f, 0xe6, + 0xf6, 0x92, 0xea, 0x19, 0xd0, 0xb1, 0xe9, 0xf0, 0xea, 0xdb, 0xc1, 0xe0, 0xb7, + 0xc8, 0x8f, 0x89, 0x62, 0x7a, 0x55, 0xde, 0x1a, 0x49, 0x58, 0x7c, 0xd6, + ], + }, + Test { + secret: &[ + 0xc4, 0x77, 0x3b, 0xd0, 0x3f, 0xb1, 0xe8, 0x8f, 0x8d, 0x74, 0x32, 0x45, 0x14, + 0x1b, 0xca, 0x26, 0xca, 0xeb, 0x0e, 0x07, 0xb6, 0xcb, 0xd9, 0xf4, 0x21, 0x61, + 0x2b, 0xd3, 0xab, 0xf4, 0xe1, 0xdf, + ], + msg: &[0x3e, 0xf1, 0x18, 0x4f, 0x80, 0x7a, 0x02], + iv: &[ + 0x33, 0x2a, 0x9b, 0x74, 0x18, 0xd8, 0x1d, 0xbd, 0x1d, 0x5e, 0xb4, 0x26, 0x1b, + 0xd6, 0x8c, 0x18, + ], + cipher: &[ + 0x33, 0x2a, 0x9b, 0x74, 0x18, 0xd8, 0x1d, 0xbd, 0x1d, 0x5e, 0xb4, 0x26, 0x1b, + 0xd6, 0x8c, 0x18, 0x76, 0x3c, 0xa2, 0xe5, 0x4d, 0x05, 0xf5, 0x7f, 0x2f, 0xf9, + 0x46, 0x41, 0x32, 0x61, 0xc9, 0x3f, 0xcc, 0xcd, 0x9d, 0xb5, 0x1f, 0x22, 0x51, + 0xff, 0xf6, 0x28, 0x1a, 0x02, 0x40, 0x8d, 0xab, 0x7b, 0xf5, 0x59, 0x56, 0x77, + 0x64, 0xd1, 0x1a, 0xd1, 0x9c, 0x51, 0xc8, 0x25, 0x66, 0x60, 0x28, 0x83, + ], + }, + Test { + secret: &[ + 0x0a, 0x9b, 0xde, 0xc8, 0xf0, 0x18, 0x91, 0x65, 0x2e, 0x8a, 0x34, 0xfe, 0x66, + 0x64, 0x1c, 0xd7, 0x3f, 0xd6, 0x80, 0x36, 0x0e, 0x53, 0x57, 0x97, 0xbf, 0x01, + 0xa4, 0xf6, 0xd3, 0x8e, 0x3a, 0x2c, + ], + msg: &[0x83, 0xaa, 0x05, 0x5e, 0xf1, 0xa9, 0x42, 0xa0], + iv: &[ + 0xb1, 0x07, 0x68, 0x13, 0xb9, 0xb4, 0x59, 0xbb, 0x5f, 0xf9, 0xcf, 0x59, 0xcd, + 0x61, 0x5d, 0x48, + ], + cipher: &[ + 0xb1, 0x07, 0x68, 0x13, 0xb9, 0xb4, 0x59, 0xbb, 0x5f, 0xf9, 0xcf, 0x59, 0xcd, + 0x61, 0x5d, 0x48, 0x9a, 0xa2, 0x2f, 0x78, 0x3a, 0x2a, 0xe1, 0xf6, 0xc9, 0xcd, + 0x5e, 0x5a, 0x55, 0xd9, 0xf1, 0x1e, 0xae, 0xf5, 0xb5, 0xc4, 0x15, 0x8d, 0x09, + 0xa6, 0x5b, 0xbf, 0xbe, 0x93, 0x7c, 0xbe, 0x37, 0xfd, 0xdb, 0x07, 0x80, 0x47, + 0x43, 0x2f, 0xad, 0x9b, 0x0f, 0x07, 0xbd, 0x88, 0x29, 0x71, 0x68, 0xf7, + ], + }, + Test { + secret: &[ + 0xd5, 0x5f, 0x73, 0x89, 0xc4, 0x08, 0x8b, 0x5e, 0x5d, 0x4b, 0x9a, 0x4a, 0x30, + 0x73, 0x21, 0xf4, 0x18, 0x06, 0xce, 0x2c, 0xbf, 0x2b, 0xd8, 0x4c, 0x14, 0xc4, + 0xed, 0x4d, 0xee, 0xfe, 0x0c, 0xde, + ], + msg: &[0x50, 0x9b, 0x7f, 0x54, 0x2a, 0x86, 0x1d, 0x2d, 0x68], + iv: &[ + 0xa7, 0xa2, 0x36, 0xac, 0xb8, 0x4c, 0x2e, 0x49, 0xed, 0x91, 0xe8, 0x76, 0xcc, + 0xca, 0xf9, 0x2a, + ], + cipher: &[ + 0xa7, 0xa2, 0x36, 0xac, 0xb8, 0x4c, 0x2e, 0x49, 0xed, 0x91, 0xe8, 0x76, 0xcc, + 0xca, 0xf9, 0x2a, 0x75, 0xf6, 0x96, 0x0c, 0xc6, 0xc7, 0xcd, 0xb7, 0x8f, 0xe7, + 0xe5, 0xdc, 0xda, 0x0c, 0x32, 0x8a, 0x09, 0xc2, 0xd9, 0x56, 0x51, 0x2b, 0xd3, + 0x0d, 0xa2, 0x8a, 0x89, 0x60, 0x71, 0x0a, 0xf6, 0x93, 0x19, 0xd7, 0x40, 0x02, + 0x9b, 0x43, 0xce, 0x03, 0xf7, 0x4f, 0xa2, 0x21, 0xb1, 0xe1, 0xed, 0x7e, + ], + }, + Test { + secret: &[ + 0x1f, 0x84, 0xf3, 0x0f, 0xc9, 0x47, 0x45, 0x78, 0xc7, 0xe1, 0x95, 0x74, 0x39, + 0x5d, 0xfa, 0x2d, 0x62, 0x8c, 0xe5, 0xef, 0x7d, 0x00, 0x64, 0xa2, 0xc0, 0x8b, + 0x69, 0x68, 0xcc, 0xf3, 0x28, 0xf5, + ], + msg: &[0x90, 0xc3, 0x54, 0x3c, 0xcb, 0x55, 0x9c, 0x41, 0x4a, 0x49], + iv: &[ + 0x97, 0x72, 0x39, 0x79, 0xe6, 0x2c, 0xad, 0x42, 0xf1, 0x5e, 0x6a, 0xb9, 0x4e, + 0xba, 0x1e, 0x20, + ], + cipher: &[ + 0x97, 0x72, 0x39, 0x79, 0xe6, 0x2c, 0xad, 0x42, 0xf1, 0x5e, 0x6a, 0xb9, 0x4e, + 0xba, 0x1e, 0x20, 0xb0, 0xb1, 0x2c, 0x5e, 0x0a, 0xef, 0x3d, 0xa2, 0x95, 0x09, + 0xa5, 0x7d, 0x1e, 0xa4, 0xa5, 0x6a, 0xe4, 0xb0, 0xb0, 0x20, 0xc3, 0x9e, 0x21, + 0xe8, 0x84, 0x32, 0x00, 0x6a, 0x76, 0xa1, 0x3a, 0x82, 0x34, 0x5b, 0x16, 0xe1, + 0x03, 0x9f, 0xe4, 0x6f, 0x65, 0x6d, 0xff, 0xca, 0xdf, 0xb3, 0xae, 0x27, + ], + }, + Test { + secret: &[ + 0xdc, 0x2f, 0x7e, 0x02, 0xf6, 0xb8, 0x37, 0x98, 0x97, 0x33, 0xe3, 0x7f, 0x85, + 0x08, 0xa9, 0xb7, 0xbf, 0x42, 0x38, 0xbb, 0xee, 0x6d, 0x62, 0x29, 0x69, 0x34, + 0x3a, 0xd7, 0xce, 0xa9, 0x7d, 0x35, + ], + msg: &[ + 0xb9, 0x54, 0xe7, 0x95, 0xf5, 0xa0, 0x94, 0xde, 0x64, 0x1f, 0xf1, + ], + iv: &[ + 0x09, 0xd0, 0x56, 0x67, 0x22, 0xa3, 0xed, 0xb1, 0xc7, 0x76, 0x6a, 0xcb, 0xe0, + 0x64, 0x2b, 0xe3, + ], + cipher: &[ + 0x09, 0xd0, 0x56, 0x67, 0x22, 0xa3, 0xed, 0xb1, 0xc7, 0x76, 0x6a, 0xcb, 0xe0, + 0x64, 0x2b, 0xe3, 0x80, 0x2d, 0x49, 0x2c, 0x4b, 0xa6, 0x86, 0x9e, 0xfe, 0x50, + 0xd1, 0x9e, 0x02, 0xf8, 0xb4, 0x8d, 0x56, 0xce, 0xae, 0x16, 0x6b, 0xff, 0x38, + 0x0c, 0xe4, 0xfc, 0xc9, 0xf7, 0x1b, 0x72, 0x2a, 0x74, 0x74, 0x9a, 0xba, 0x11, + 0x4e, 0x79, 0x38, 0x8a, 0x5d, 0xc8, 0x88, 0x1a, 0x2d, 0xff, 0x8d, 0x34, + ], + }, + Test { + secret: &[ + 0x4a, 0x0c, 0x3f, 0xfd, 0x5f, 0x05, 0x68, 0xec, 0xfc, 0xf9, 0xb0, 0x43, 0xa1, + 0xa0, 0x6d, 0xb9, 0x5f, 0x84, 0x4f, 0x60, 0x95, 0x92, 0x06, 0xd5, 0x29, 0x54, + 0x4b, 0xe0, 0x9b, 0x17, 0xd9, 0x99, + ], + msg: &[ + 0xe2, 0x25, 0xb6, 0xae, 0x73, 0xa9, 0x3f, 0x65, 0x6a, 0x2b, 0xf9, 0x4d, + ], + iv: &[ + 0xb7, 0x03, 0x79, 0x1b, 0x30, 0x0c, 0x56, 0x87, 0x26, 0xfb, 0x8f, 0x09, 0x3f, + 0xdc, 0xd3, 0x38, + ], + cipher: &[ + 0xb7, 0x03, 0x79, 0x1b, 0x30, 0x0c, 0x56, 0x87, 0x26, 0xfb, 0x8f, 0x09, 0x3f, + 0xdc, 0xd3, 0x38, 0xe3, 0xdc, 0x66, 0x0f, 0xf9, 0xdf, 0xaf, 0x40, 0x76, 0xe3, + 0xff, 0x19, 0x46, 0x85, 0x99, 0x78, 0x83, 0x0d, 0xfc, 0xdd, 0x00, 0xce, 0x73, + 0x21, 0x69, 0x8b, 0xab, 0x27, 0x49, 0x81, 0x30, 0xd5, 0xf6, 0x3a, 0x34, 0x56, + 0x30, 0xeb, 0xaf, 0x25, 0x58, 0x74, 0x55, 0x02, 0xf3, 0xe0, 0x67, 0xce, + ], + }, + Test { + secret: &[ + 0x5f, 0xcc, 0x73, 0x3e, 0xf0, 0x55, 0x04, 0x6e, 0x9d, 0xb3, 0x55, 0xab, 0xef, + 0x2d, 0x40, 0x1c, 0x7d, 0x3f, 0x14, 0x42, 0x5e, 0x6f, 0x34, 0xa6, 0xb3, 0xeb, + 0x7a, 0xa8, 0x81, 0x1a, 0x85, 0x8f, + ], + msg: &[ + 0xd4, 0x92, 0xf5, 0xff, 0x46, 0x00, 0x6e, 0x38, 0x87, 0xe3, 0x12, 0x09, 0x6e, + ], + iv: &[ + 0xba, 0x40, 0xd8, 0x92, 0x60, 0x01, 0x83, 0x29, 0x92, 0x14, 0xbd, 0x06, 0xe3, + 0x80, 0xd2, 0x10, + ], + cipher: &[ + 0xba, 0x40, 0xd8, 0x92, 0x60, 0x01, 0x83, 0x29, 0x92, 0x14, 0xbd, 0x06, 0xe3, + 0x80, 0xd2, 0x10, 0xeb, 0x50, 0x57, 0xf9, 0xf2, 0x60, 0x04, 0x2a, 0xae, 0xdf, + 0xcf, 0x55, 0x33, 0x94, 0x72, 0xb7, 0x16, 0x3e, 0xb3, 0xda, 0xca, 0xcd, 0x81, + 0x51, 0xbe, 0xc1, 0xe1, 0xa1, 0xb7, 0xc4, 0x11, 0x59, 0x0e, 0xe5, 0xc9, 0x09, + 0x0e, 0x7b, 0xfe, 0x99, 0xdd, 0xd0, 0x67, 0x86, 0x26, 0x26, 0x60, 0x40, + ], + }, + Test { + secret: &[ + 0xf8, 0x8f, 0x59, 0x4e, 0x08, 0x54, 0x35, 0x55, 0x86, 0xdc, 0xed, 0xff, 0x69, + 0x00, 0x56, 0x07, 0xce, 0xa4, 0x92, 0x0e, 0x8c, 0x89, 0x28, 0x50, 0x91, 0x57, + 0x88, 0xc9, 0xee, 0x0d, 0xff, 0xcb, + ], + msg: &[ + 0x02, 0xbc, 0x77, 0x75, 0x25, 0x06, 0x48, 0x8c, 0x81, 0x09, 0xc5, 0x61, 0x7b, + 0xe2, + ], + iv: &[ + 0x36, 0x40, 0x2e, 0x22, 0xaa, 0x73, 0xbe, 0xa7, 0x4c, 0xd8, 0x50, 0xce, 0xf5, + 0xc0, 0x73, 0x93, + ], + cipher: &[ + 0x36, 0x40, 0x2e, 0x22, 0xaa, 0x73, 0xbe, 0xa7, 0x4c, 0xd8, 0x50, 0xce, 0xf5, + 0xc0, 0x73, 0x93, 0xa7, 0x95, 0xb1, 0x2d, 0x45, 0x4c, 0x36, 0x83, 0x20, 0x50, + 0x84, 0x18, 0x39, 0x45, 0xfa, 0xbb, 0xd0, 0x2f, 0xa0, 0x20, 0x48, 0x30, 0x75, + 0xfa, 0x08, 0xcb, 0xa8, 0x2f, 0x36, 0xd1, 0x31, 0x84, 0x85, 0x13, 0x1a, 0x85, + 0x0d, 0x04, 0xc2, 0x7b, 0xea, 0x04, 0x8c, 0x25, 0x86, 0x3a, 0xfc, 0x1c, + ], + }, + Test { + secret: &[ + 0xe4, 0x5a, 0xef, 0x9a, 0xc4, 0xf7, 0x4e, 0x9c, 0x79, 0x4e, 0x46, 0x8b, 0xb9, + 0x42, 0xb3, 0x1a, 0x48, 0x12, 0x1b, 0x00, 0x14, 0xbc, 0x1b, 0xbc, 0x47, 0xe7, + 0x23, 0x95, 0x7f, 0x42, 0xb0, 0x3c, + ], + msg: &[ + 0x6c, 0x49, 0x30, 0xc1, 0x9c, 0x2d, 0xf9, 0xe3, 0xc2, 0x11, 0x62, 0x3d, 0x65, + 0x57, 0x6c, + ], + iv: &[ + 0x59, 0x76, 0x0e, 0x36, 0x3a, 0xae, 0x67, 0x28, 0xe4, 0x82, 0xdb, 0x91, 0xa5, + 0x9c, 0xaf, 0xf9, + ], + cipher: &[ + 0x59, 0x76, 0x0e, 0x36, 0x3a, 0xae, 0x67, 0x28, 0xe4, 0x82, 0xdb, 0x91, 0xa5, + 0x9c, 0xaf, 0xf9, 0x84, 0xc3, 0xc5, 0xf0, 0x09, 0x45, 0x4d, 0xd1, 0x51, 0x22, + 0x80, 0x02, 0x2f, 0x65, 0xac, 0x61, 0x2a, 0xc7, 0x76, 0xfd, 0xfa, 0x81, 0x59, + 0x6c, 0xa0, 0x82, 0xc0, 0xe7, 0x1b, 0xc5, 0x86, 0xd9, 0xd8, 0x12, 0x96, 0x1d, + 0xd1, 0x10, 0x98, 0xbf, 0x91, 0x0a, 0x6a, 0x65, 0x20, 0x29, 0x7f, 0xb9, + ], + }, + Test { + secret: &[ + 0xa5, 0x45, 0xe4, 0x6d, 0x82, 0x10, 0xac, 0x08, 0xab, 0x3f, 0x6e, 0x3c, 0xc9, + 0x03, 0x9c, 0x10, 0xcf, 0xed, 0x3a, 0xae, 0xc6, 0x28, 0xf6, 0xd9, 0xa3, 0x2d, + 0x4f, 0x8b, 0x2e, 0x38, 0x64, 0x13, + ], + msg: &[ + 0x79, 0xa3, 0x8b, 0xe7, 0x5e, 0x93, 0xc0, 0x82, 0x29, 0x7b, 0x1d, 0x63, 0x2f, + 0x48, 0xb1, 0x21, + ], + iv: &[ + 0x4a, 0x58, 0x07, 0x36, 0xc0, 0xa6, 0x01, 0x7e, 0x59, 0x72, 0xf7, 0x82, 0x76, + 0x1c, 0x60, 0x80, + ], + cipher: &[ + 0x4a, 0x58, 0x07, 0x36, 0xc0, 0xa6, 0x01, 0x7e, 0x59, 0x72, 0xf7, 0x82, 0x76, + 0x1c, 0x60, 0x80, 0x5f, 0x3f, 0xf5, 0xc8, 0x46, 0x8c, 0x35, 0xf4, 0x4b, 0x88, + 0x8b, 0xdd, 0x61, 0x51, 0x86, 0x56, 0xc4, 0xa2, 0x80, 0x82, 0x66, 0x7e, 0x25, + 0xbc, 0xf6, 0x3e, 0x8b, 0xde, 0xfb, 0x41, 0x4e, 0x7c, 0x42, 0x95, 0x2c, 0xa3, + 0x31, 0x14, 0x12, 0x0c, 0xb1, 0xdf, 0x16, 0xbb, 0x74, 0x66, 0xde, 0x4c, 0xf8, + 0x17, 0x3b, 0x3f, 0xc3, 0xf5, 0xf7, 0xbe, 0x4a, 0x85, 0x00, 0x1f, 0xe5, 0xdd, + 0x7a, 0xc1, + ], + }, + Test { + secret: &[ + 0x08, 0x8e, 0x64, 0x7d, 0x81, 0x09, 0x0a, 0x8b, 0x71, 0xc8, 0x35, 0x47, 0xae, + 0xeb, 0x81, 0xe2, 0xc7, 0xf7, 0x46, 0x87, 0x67, 0x14, 0x10, 0xf4, 0x05, 0xa5, + 0xc8, 0x84, 0x37, 0xee, 0x31, 0x19, + ], + msg: &[ + 0x7f, 0x8c, 0x92, 0x10, 0xa7, 0x16, 0xe5, 0xf1, 0x8b, 0x45, 0x6b, 0x30, 0xe6, + 0xb1, 0xf6, 0xcc, 0xe0, + ], + iv: &[ + 0x48, 0xb5, 0x3b, 0x63, 0x8b, 0x4f, 0x8e, 0x11, 0x52, 0x39, 0x4b, 0x8c, 0x48, + 0xc0, 0x09, 0x1d, + ], + cipher: &[ + 0x48, 0xb5, 0x3b, 0x63, 0x8b, 0x4f, 0x8e, 0x11, 0x52, 0x39, 0x4b, 0x8c, 0x48, + 0xc0, 0x09, 0x1d, 0x85, 0xbc, 0x06, 0xdb, 0xcf, 0xd2, 0x50, 0x50, 0xc4, 0xbf, + 0x31, 0x72, 0xc9, 0x55, 0x33, 0xfb, 0x34, 0xa3, 0xeb, 0x46, 0x98, 0xd6, 0xe8, + 0x1d, 0x32, 0xd9, 0xe6, 0x17, 0x96, 0x48, 0x6a, 0x21, 0xa1, 0x30, 0xe0, 0x87, + 0x1d, 0x05, 0x22, 0xc0, 0xd8, 0x7a, 0x7e, 0x71, 0xeb, 0x7e, 0x2a, 0x5c, 0xb2, + 0xe7, 0xc8, 0x09, 0x82, 0xb5, 0x6b, 0xb5, 0xb6, 0x86, 0xf7, 0xc6, 0x10, 0x99, + 0x57, 0xeb, + ], + }, + Test { + secret: &[ + 0xb2, 0x7b, 0x51, 0x29, 0x11, 0xe5, 0xaf, 0x73, 0x56, 0x33, 0x97, 0x50, 0xc2, + 0x70, 0xde, 0xb9, 0xfd, 0x6f, 0x3c, 0xfb, 0xa4, 0x92, 0x97, 0x8e, 0xf0, 0xc3, + 0xb4, 0xbb, 0xb0, 0x5c, 0xbf, 0x48, + ], + msg: &[ + 0xc5, 0x66, 0x3f, 0x2b, 0xd6, 0xb9, 0x71, 0x6f, 0xbd, 0x19, 0x90, 0x3e, 0x2a, + 0x8f, 0xea, 0xb5, 0x94, 0x85, + ], + iv: &[ + 0x61, 0x33, 0x3a, 0x68, 0xf2, 0x44, 0xcd, 0x19, 0x6d, 0x64, 0xd5, 0x5b, 0xf7, + 0xb3, 0x02, 0x3f, + ], + cipher: &[ + 0x61, 0x33, 0x3a, 0x68, 0xf2, 0x44, 0xcd, 0x19, 0x6d, 0x64, 0xd5, 0x5b, 0xf7, + 0xb3, 0x02, 0x3f, 0xbb, 0xb6, 0x4b, 0x31, 0x15, 0xe7, 0x69, 0xdf, 0x07, 0x55, + 0xb2, 0x88, 0x9f, 0x39, 0xad, 0x3b, 0x64, 0x0d, 0xb7, 0xc6, 0x12, 0x16, 0x36, + 0x5c, 0x00, 0xcb, 0x61, 0x26, 0x1d, 0x30, 0xbd, 0x38, 0x1e, 0xb2, 0xec, 0x41, + 0x6f, 0xcb, 0x6a, 0x0c, 0x9a, 0x2b, 0x5f, 0xb2, 0xec, 0xf3, 0x0f, 0x33, 0x06, + 0x3a, 0xad, 0x06, 0x1f, 0xfc, 0x34, 0xe5, 0x75, 0x53, 0x4d, 0x49, 0x0b, 0xff, + 0x10, 0xcb, + ], + }, + Test { + secret: &[ + 0xf8, 0x9e, 0xeb, 0x75, 0x1b, 0xbb, 0x54, 0xd7, 0x57, 0xe6, 0x44, 0xe5, 0xe4, + 0x70, 0x8a, 0x64, 0xf5, 0xbc, 0xbd, 0xd0, 0x73, 0x7b, 0xf0, 0x34, 0x7b, 0x2f, + 0x3b, 0x2d, 0xf3, 0x85, 0xe0, 0x07, + ], + msg: &[ + 0x2f, 0xe9, 0x5e, 0x0f, 0xa4, 0xbb, 0x36, 0x66, 0x4e, 0xbb, 0x0e, 0xef, 0x94, + 0xb3, 0x73, 0x98, 0xfe, 0xfa, 0x7f, + ], + iv: &[ + 0x6a, 0xd2, 0xe2, 0x3e, 0x85, 0xd1, 0x2c, 0x59, 0x82, 0x79, 0xdf, 0xfe, 0x70, + 0x1c, 0x98, 0xf7, + ], + cipher: &[ + 0x6a, 0xd2, 0xe2, 0x3e, 0x85, 0xd1, 0x2c, 0x59, 0x82, 0x79, 0xdf, 0xfe, 0x70, + 0x1c, 0x98, 0xf7, 0xa2, 0x27, 0xb9, 0x6e, 0xc8, 0xd1, 0x13, 0xee, 0x6b, 0x07, + 0x9f, 0x39, 0x68, 0xa6, 0x0b, 0xe5, 0xff, 0x62, 0x84, 0xf1, 0xf9, 0x6d, 0xf9, + 0x7f, 0x3d, 0x32, 0x3a, 0xf6, 0xf7, 0x56, 0x3f, 0xfa, 0x1b, 0x7b, 0xf5, 0x0b, + 0xab, 0x82, 0x5f, 0x3d, 0xf2, 0x4a, 0x13, 0x16, 0x2d, 0x8b, 0xc2, 0xf2, 0xe9, + 0x5f, 0xfa, 0xa9, 0x0c, 0x1f, 0xbc, 0x42, 0x7b, 0x4c, 0x16, 0xa6, 0xd3, 0x49, + 0x23, 0xe1, + ], + }, + Test { + secret: &[ + 0x1c, 0xb8, 0xb2, 0xd4, 0xa5, 0xfb, 0x02, 0xa1, 0xe2, 0x08, 0xe3, 0xed, 0xa1, + 0x22, 0x51, 0x47, 0x61, 0xe7, 0x7a, 0xa8, 0x86, 0x9b, 0x8a, 0x66, 0xc6, 0x65, + 0x57, 0x16, 0x31, 0x31, 0xe3, 0xda, + ], + msg: &[ + 0xc8, 0x70, 0x1c, 0xb1, 0xef, 0xeb, 0x0f, 0x65, 0x40, 0xd1, 0xa3, 0x30, 0x8d, + 0xbc, 0xd8, 0xa2, 0xc2, 0x96, 0x30, 0x5e, + ], + iv: &[ + 0x50, 0x46, 0x3c, 0x09, 0x26, 0x5e, 0x44, 0x15, 0xfc, 0xef, 0xf4, 0x74, 0x28, + 0x17, 0x04, 0x1e, + ], + cipher: &[ + 0x50, 0x46, 0x3c, 0x09, 0x26, 0x5e, 0x44, 0x15, 0xfc, 0xef, 0xf4, 0x74, 0x28, + 0x17, 0x04, 0x1e, 0xcb, 0x07, 0x07, 0x96, 0x86, 0x50, 0xc0, 0xc5, 0xbe, 0x91, + 0x12, 0xdc, 0xd3, 0x2c, 0x75, 0xb2, 0xb4, 0xb1, 0x0c, 0x9f, 0x09, 0x04, 0x83, + 0x6b, 0x7b, 0x7e, 0x2f, 0xb2, 0x38, 0x4f, 0x21, 0x77, 0xcf, 0xec, 0x3b, 0xb4, + 0x01, 0x0f, 0x95, 0x2f, 0xbf, 0x38, 0x90, 0xa5, 0xb2, 0xd8, 0x6a, 0x9f, 0xd2, + 0xc5, 0x50, 0xad, 0x6e, 0xeb, 0x3a, 0xbb, 0xab, 0x76, 0x23, 0x02, 0x43, 0x8e, + 0xd0, 0x43, + ], + }, + Test { + secret: &[ + 0x05, 0x9a, 0x22, 0x82, 0x44, 0xc6, 0x4e, 0x43, 0x44, 0x56, 0x09, 0xd9, 0x76, + 0xaa, 0x3a, 0x56, 0x09, 0xa4, 0x79, 0x02, 0xc2, 0x9b, 0x33, 0x67, 0x84, 0x6e, + 0xff, 0x7d, 0x4c, 0xd4, 0xa9, 0xdd, + ], + msg: &[ + 0xa4, 0x63, 0x2c, 0xad, 0x46, 0x96, 0x9b, 0xde, 0x53, 0x79, 0xa8, 0x8b, 0x56, + 0x04, 0x7e, 0xaf, 0x5c, 0x7d, 0xd0, 0x34, 0xb8, + ], + iv: &[ + 0x04, 0x75, 0xf2, 0x28, 0xe0, 0x76, 0xf0, 0xdb, 0x56, 0xbf, 0x2a, 0x5a, 0xfe, + 0x20, 0xd3, 0x43, + ], + cipher: &[ + 0x04, 0x75, 0xf2, 0x28, 0xe0, 0x76, 0xf0, 0xdb, 0x56, 0xbf, 0x2a, 0x5a, 0xfe, + 0x20, 0xd3, 0x43, 0xd5, 0x23, 0xc1, 0x1a, 0x44, 0x89, 0x50, 0xb7, 0x6b, 0xe6, + 0x86, 0xca, 0x37, 0x4b, 0x2a, 0x6e, 0xa5, 0x88, 0x21, 0xc8, 0xbe, 0x07, 0x7e, + 0xc3, 0x85, 0xb9, 0xa6, 0x15, 0xca, 0xfd, 0x8d, 0xe5, 0x1c, 0x18, 0x54, 0xbf, + 0xb3, 0x87, 0xd8, 0x0b, 0x6a, 0xb0, 0x69, 0xa6, 0xca, 0x28, 0x99, 0x41, 0x1e, + 0xc9, 0x7c, 0xfd, 0x33, 0x46, 0x8f, 0x71, 0xfe, 0x04, 0xe9, 0x59, 0xe6, 0xd0, + 0xde, 0x53, + ], + }, + Test { + secret: &[ + 0x57, 0x14, 0x3f, 0x8b, 0xdc, 0x06, 0x12, 0x8d, 0x2f, 0xde, 0xf6, 0xf7, 0x1f, + 0x98, 0x6d, 0x56, 0x13, 0xbc, 0x1b, 0x89, 0xd9, 0xf6, 0x0c, 0x3c, 0xa7, 0xa0, + 0x96, 0xd3, 0xd8, 0x0f, 0x9b, 0xd2, + ], + msg: &[ + 0xb9, 0x75, 0x8c, 0x80, 0xfc, 0x6d, 0xcb, 0x15, 0x7d, 0x0b, 0xeb, 0xf8, 0xa7, + 0x17, 0x7f, 0x99, 0x4f, 0x64, 0xc8, 0xb9, 0x7b, 0xec, + ], + iv: &[ + 0x00, 0x03, 0x70, 0x2d, 0x97, 0x33, 0x36, 0x0d, 0x4d, 0xfe, 0x9c, 0x38, 0x01, + 0xd2, 0x5d, 0xa5, + ], + cipher: &[ + 0x00, 0x03, 0x70, 0x2d, 0x97, 0x33, 0x36, 0x0d, 0x4d, 0xfe, 0x9c, 0x38, 0x01, + 0xd2, 0x5d, 0xa5, 0xbb, 0x5c, 0xa2, 0x9a, 0x4b, 0x96, 0x8c, 0x38, 0x8f, 0x6e, + 0xfa, 0x63, 0xe8, 0x9f, 0x62, 0xec, 0xd7, 0xfc, 0x2b, 0x8a, 0x14, 0xc5, 0xc0, + 0x99, 0x92, 0x6b, 0x86, 0x05, 0x72, 0x9f, 0xe9, 0x78, 0xd4, 0xb5, 0xae, 0x3d, + 0xf7, 0x31, 0xa3, 0x33, 0xa0, 0x98, 0x33, 0x6d, 0x8a, 0x65, 0x5c, 0xcf, 0x3f, + 0x0b, 0x4f, 0xe0, 0x5d, 0x71, 0xa4, 0x27, 0xf2, 0x72, 0x0e, 0x37, 0xa0, 0xed, + 0x63, 0x11, + ], + }, + Test { + secret: &[ + 0xbc, 0xf6, 0x2b, 0x16, 0x2d, 0x88, 0xbb, 0x7f, 0x76, 0x84, 0x87, 0xd0, 0x0b, + 0x2c, 0x0b, 0x10, 0xf9, 0x3e, 0x2e, 0x35, 0x95, 0x0d, 0x87, 0x40, 0x22, 0x3b, + 0x05, 0x60, 0x16, 0xf1, 0xf1, 0x82, + ], + msg: &[ + 0x75, 0x10, 0x8d, 0xa4, 0xda, 0x99, 0x68, 0xd4, 0xa5, 0x04, 0x5e, 0x84, 0x13, + 0x76, 0x9c, 0xfe, 0x44, 0x51, 0x82, 0x6b, 0x85, 0xe0, 0x2a, + ], + iv: &[ + 0x69, 0xd4, 0x77, 0x02, 0x98, 0x06, 0xeb, 0xd1, 0x09, 0x07, 0xec, 0x7a, 0x00, + 0x89, 0x8f, 0x06, + ], + cipher: &[ + 0x69, 0xd4, 0x77, 0x02, 0x98, 0x06, 0xeb, 0xd1, 0x09, 0x07, 0xec, 0x7a, 0x00, + 0x89, 0x8f, 0x06, 0x3e, 0xd0, 0xa7, 0xaf, 0x88, 0x2a, 0xc1, 0x6c, 0x14, 0xea, + 0x11, 0x6d, 0xd4, 0xb6, 0xc7, 0xe2, 0xbf, 0x05, 0x7a, 0xe4, 0x9d, 0xff, 0x9d, + 0x2e, 0x9d, 0x13, 0x3c, 0x33, 0xa0, 0x61, 0x4f, 0x13, 0x96, 0x66, 0x9c, 0x64, + 0xab, 0x8f, 0xc0, 0x2d, 0x10, 0x49, 0xeb, 0x7a, 0x6a, 0x51, 0x01, 0x1e, 0x94, + 0x69, 0x72, 0x93, 0xab, 0xb7, 0xa0, 0xcc, 0xb6, 0xac, 0xe4, 0x0e, 0xf9, 0xe9, + 0xe4, 0x9d, + ], + }, + Test { + secret: &[ + 0x8c, 0x0d, 0x8f, 0x3b, 0xb6, 0x33, 0x3b, 0x59, 0x41, 0x95, 0x89, 0xc3, 0x6a, + 0xd9, 0x85, 0x23, 0x67, 0xca, 0x14, 0x87, 0x44, 0x6b, 0x6d, 0xe6, 0x7d, 0x37, + 0xf6, 0x98, 0x43, 0x5a, 0xca, 0xf0, + ], + msg: &[ + 0x16, 0x5c, 0x5c, 0xaa, 0x09, 0x1f, 0xcd, 0xfc, 0x78, 0x47, 0x06, 0xdb, 0x6d, + 0x63, 0x4e, 0x80, 0x75, 0x8c, 0x6b, 0x32, 0x9c, 0xb6, 0xac, 0x66, + ], + iv: &[ + 0xf4, 0x7a, 0xfc, 0x94, 0x12, 0xcc, 0xf7, 0xc0, 0xb0, 0xb3, 0x27, 0xdd, 0x23, + 0x19, 0x70, 0xbc, + ], + cipher: &[ + 0xf4, 0x7a, 0xfc, 0x94, 0x12, 0xcc, 0xf7, 0xc0, 0xb0, 0xb3, 0x27, 0xdd, 0x23, + 0x19, 0x70, 0xbc, 0x12, 0x2d, 0x30, 0xc2, 0xa9, 0x5c, 0x62, 0x87, 0xd6, 0x91, + 0xda, 0x44, 0xee, 0x0b, 0x69, 0x0e, 0xff, 0x47, 0x24, 0xff, 0x0d, 0x85, 0xc2, + 0x56, 0xd9, 0x1f, 0x04, 0x99, 0xac, 0xa8, 0xd7, 0x03, 0xd0, 0xb2, 0x53, 0xda, + 0xb8, 0x05, 0x5e, 0x7b, 0xe8, 0x3a, 0x97, 0x47, 0xb3, 0xa8, 0xf6, 0x8d, 0xf0, + 0xea, 0xfa, 0xdd, 0xe4, 0x90, 0xa6, 0x70, 0x05, 0x49, 0x98, 0x83, 0x80, 0x92, + 0x81, 0xbd, + ], + }, + Test { + secret: &[ + 0x5f, 0xc6, 0xcc, 0xa4, 0x83, 0xc0, 0xca, 0x5c, 0x52, 0x47, 0x75, 0xac, 0x1d, + 0x30, 0x46, 0x6e, 0x41, 0xf3, 0xfb, 0x5b, 0x24, 0xcf, 0x91, 0x1b, 0xfe, 0xf1, + 0x15, 0xdd, 0x1f, 0x94, 0x2f, 0xaa, + ], + msg: &[ + 0x91, 0x71, 0x83, 0x3e, 0x46, 0xbd, 0xde, 0x26, 0x12, 0xc1, 0xcd, 0xf3, 0x76, + 0x23, 0x43, 0x51, 0x9e, 0x19, 0xfc, 0xd9, 0x85, 0x5a, 0x8a, 0x68, 0x34, + ], + iv: &[ + 0xaf, 0xa9, 0x2d, 0x28, 0xf0, 0x50, 0x9a, 0x31, 0x0f, 0x15, 0x29, 0x61, 0x60, + 0xd7, 0xaa, 0xb3, + ], + cipher: &[ + 0xaf, 0xa9, 0x2d, 0x28, 0xf0, 0x50, 0x9a, 0x31, 0x0f, 0x15, 0x29, 0x61, 0x60, + 0xd7, 0xaa, 0xb3, 0x9e, 0x84, 0x63, 0xeb, 0x43, 0x72, 0xe2, 0x55, 0x74, 0x21, + 0xca, 0x6c, 0x88, 0x9c, 0x93, 0xde, 0xdf, 0xb3, 0xac, 0x0d, 0xb4, 0xfa, 0xe2, + 0x12, 0x77, 0x36, 0x21, 0x08, 0x0f, 0x36, 0xc1, 0xf2, 0x4c, 0xce, 0xe1, 0x96, + 0x5e, 0x60, 0xb3, 0x6f, 0xd3, 0x4f, 0xe8, 0x09, 0x43, 0x3a, 0xe0, 0x79, 0x2e, + 0x37, 0xc1, 0x9c, 0xc4, 0xed, 0xd4, 0x7d, 0x3c, 0xaf, 0x05, 0xfb, 0xed, 0xd3, + 0x7f, 0xb0, + ], + }, + Test { + secret: &[ + 0x3a, 0x56, 0x48, 0x65, 0xe6, 0xf8, 0x96, 0x84, 0x2f, 0x81, 0xef, 0x8c, 0x56, + 0xc7, 0x16, 0x0c, 0xd5, 0x3d, 0xf2, 0x4b, 0x77, 0x4d, 0x50, 0xac, 0xe8, 0xc0, + 0xb6, 0xa1, 0x59, 0xfc, 0x07, 0x2d, + ], + msg: &[ + 0xb3, 0x31, 0x4d, 0xdc, 0x6e, 0xe2, 0x2f, 0xee, 0xa3, 0x6f, 0xd9, 0x70, 0x41, + 0xb6, 0x03, 0x25, 0x5d, 0x2f, 0xb7, 0x07, 0x2c, 0xbf, 0x01, 0x7c, 0xc1, 0xd5, + ], + iv: &[ + 0x0d, 0xa8, 0xac, 0xb1, 0x74, 0xd7, 0xa7, 0x00, 0xf2, 0x48, 0x76, 0xc3, 0x92, + 0xef, 0x97, 0x86, + ], + cipher: &[ + 0x0d, 0xa8, 0xac, 0xb1, 0x74, 0xd7, 0xa7, 0x00, 0xf2, 0x48, 0x76, 0xc3, 0x92, + 0xef, 0x97, 0x86, 0xd9, 0x95, 0x9a, 0xff, 0xcb, 0xb9, 0x1e, 0x6a, 0x8b, 0xdb, + 0xab, 0xe0, 0xcd, 0x86, 0x67, 0xc6, 0x78, 0x3f, 0xb3, 0x82, 0x3f, 0xab, 0xa8, + 0x66, 0xda, 0x9b, 0xaf, 0x5e, 0xd5, 0x79, 0x63, 0x9f, 0x5e, 0x82, 0xa5, 0x0f, + 0x14, 0x7f, 0x91, 0x43, 0x65, 0x53, 0x39, 0x81, 0x55, 0x1c, 0x41, 0xdf, 0x01, + 0xe6, 0x67, 0x16, 0x21, 0x38, 0x03, 0x3e, 0xfb, 0xd0, 0x49, 0xb8, 0x3a, 0xfb, + 0x10, 0x1c, + ], + }, + Test { + secret: &[ + 0x27, 0xda, 0xda, 0x04, 0x27, 0xcf, 0xb2, 0x7d, 0xf8, 0x8c, 0x8a, 0xd4, 0xdb, + 0xbf, 0xa2, 0xd8, 0x11, 0x6a, 0xc1, 0xe0, 0x4b, 0x1c, 0x12, 0x58, 0xca, 0x03, + 0x5f, 0x5f, 0x36, 0xf5, 0xde, 0x89, + ], + msg: &[ + 0xf7, 0xdb, 0xd9, 0x48, 0xb6, 0x2e, 0xf5, 0x9d, 0x40, 0xf6, 0x42, 0xb3, 0x2a, + 0x94, 0xe6, 0x9e, 0xfc, 0xd3, 0x81, 0xdc, 0xf8, 0x85, 0xad, 0x90, 0xfd, 0x1d, + 0xbd, + ], + iv: &[ + 0x79, 0xb5, 0x79, 0x8d, 0xd6, 0xf0, 0x00, 0x2a, 0x3c, 0x8e, 0x97, 0xd1, 0x70, + 0xa0, 0x4b, 0xf5, + ], + cipher: &[ + 0x79, 0xb5, 0x79, 0x8d, 0xd6, 0xf0, 0x00, 0x2a, 0x3c, 0x8e, 0x97, 0xd1, 0x70, + 0xa0, 0x4b, 0xf5, 0x5c, 0xa4, 0xcb, 0x49, 0xf8, 0x51, 0x3a, 0xe2, 0x32, 0x23, + 0x3a, 0x29, 0x12, 0x75, 0x07, 0x3f, 0xf3, 0x3d, 0x9d, 0xe9, 0x02, 0xbb, 0xe4, + 0x9d, 0x77, 0x15, 0x7e, 0x01, 0x81, 0xd7, 0x64, 0x58, 0x7a, 0x53, 0xfd, 0xa7, + 0x33, 0x65, 0x78, 0x17, 0x67, 0x57, 0xc9, 0x3e, 0x13, 0x81, 0x54, 0x3a, 0x58, + 0x42, 0x8b, 0x4c, 0x03, 0x32, 0xf7, 0x4f, 0x2d, 0x77, 0x3b, 0x26, 0x38, 0x59, + 0xaa, 0x2b, + ], + }, + Test { + secret: &[ + 0x7b, 0x03, 0x48, 0xe2, 0xb0, 0xe7, 0x5a, 0x36, 0xcd, 0x1b, 0x9a, 0xd3, 0xea, + 0xdc, 0x77, 0xab, 0x2a, 0x30, 0xff, 0x40, 0x36, 0x32, 0x05, 0xd7, 0xd4, 0x0f, + 0x3d, 0xb6, 0x66, 0xab, 0xeb, 0x72, + ], + msg: &[ + 0x42, 0xd7, 0xff, 0x72, 0x7c, 0xa8, 0xf8, 0xbe, 0x09, 0x48, 0x2f, 0x39, 0x02, + 0x40, 0xa3, 0x0a, 0x35, 0x21, 0xd4, 0x57, 0xa7, 0x10, 0x3e, 0x0d, 0xfb, 0xd0, + 0x94, 0xdc, + ], + iv: &[ + 0x44, 0x58, 0x8b, 0x40, 0x56, 0x50, 0x17, 0x4b, 0x6b, 0x7e, 0x9b, 0x9b, 0x40, + 0xd3, 0xfc, 0x9f, + ], + cipher: &[ + 0x44, 0x58, 0x8b, 0x40, 0x56, 0x50, 0x17, 0x4b, 0x6b, 0x7e, 0x9b, 0x9b, 0x40, + 0xd3, 0xfc, 0x9f, 0x71, 0x54, 0x0c, 0xbf, 0x24, 0x6c, 0x29, 0x6e, 0x41, 0x8c, + 0xf9, 0x51, 0x94, 0x21, 0x6b, 0x92, 0xb2, 0x66, 0x8b, 0x75, 0x09, 0x6f, 0xa2, + 0x38, 0x64, 0xc5, 0x95, 0xb1, 0x45, 0x9e, 0xb1, 0x10, 0x7f, 0x24, 0xfb, 0xb5, + 0xa0, 0x55, 0xed, 0x9e, 0x24, 0x71, 0x72, 0xd5, 0xac, 0xc3, 0x91, 0xee, 0x87, + 0xd9, 0x8d, 0x50, 0xd7, 0x56, 0xa4, 0x0c, 0x9f, 0x5c, 0xcd, 0x04, 0xdb, 0xaf, + 0x3e, 0xa7, + ], + }, + Test { + secret: &[ + 0x84, 0xa6, 0xd3, 0x3b, 0xd9, 0xa0, 0xf3, 0xc8, 0x1d, 0xd6, 0xfa, 0x15, 0x09, + 0xd5, 0x28, 0xcc, 0x53, 0x9a, 0xd7, 0xfa, 0xd9, 0xdf, 0x25, 0x3f, 0xdd, 0x58, + 0x4b, 0x4a, 0xd0, 0xb4, 0xa6, 0xa9, + ], + msg: &[ + 0x35, 0x43, 0x41, 0xf5, 0x78, 0x59, 0x1d, 0x14, 0xba, 0x9f, 0xd3, 0x79, 0x23, + 0x1d, 0x4d, 0xfe, 0xcb, 0x9b, 0xb9, 0x5a, 0x5e, 0xf2, 0xcb, 0x18, 0x86, 0x9e, + 0x25, 0x76, 0x30, + ], + iv: &[ + 0x6a, 0xa3, 0x24, 0xbc, 0xe5, 0xd1, 0xa4, 0x11, 0xae, 0x28, 0x61, 0xf5, 0x75, + 0xb7, 0xbb, 0x45, + ], + cipher: &[ + 0x6a, 0xa3, 0x24, 0xbc, 0xe5, 0xd1, 0xa4, 0x11, 0xae, 0x28, 0x61, 0xf5, 0x75, + 0xb7, 0xbb, 0x45, 0x61, 0x0f, 0x8f, 0x21, 0x38, 0x86, 0x3f, 0x27, 0x20, 0x3f, + 0xad, 0xf4, 0x5e, 0x48, 0xa4, 0x84, 0x3d, 0xfb, 0x52, 0x9b, 0x2b, 0x01, 0xee, + 0xa7, 0x5c, 0x6e, 0xe2, 0x31, 0x85, 0x5f, 0xc6, 0xc8, 0xda, 0x5f, 0xc5, 0xbb, + 0xc0, 0x5b, 0x17, 0x48, 0xec, 0x60, 0x0d, 0x46, 0x32, 0x58, 0x9a, 0x18, 0xc6, + 0xc2, 0xb4, 0xec, 0x4a, 0xb8, 0x9b, 0x7c, 0xc8, 0x44, 0x1d, 0x1f, 0x0d, 0x18, + 0xcc, 0xe4, + ], + }, + Test { + secret: &[ + 0xbc, 0x52, 0x19, 0x6b, 0x65, 0xde, 0x63, 0xfd, 0xb8, 0x05, 0xc5, 0x7d, 0x37, + 0xda, 0x44, 0xfd, 0x81, 0x70, 0x8b, 0xbd, 0x60, 0xaa, 0x30, 0x9c, 0x8b, 0x48, + 0x3e, 0x29, 0xaf, 0xac, 0x34, 0x35, + ], + msg: &[ + 0xb0, 0xfd, 0x94, 0x89, 0x98, 0x24, 0x9c, 0xd6, 0x6a, 0x13, 0xa7, 0xf2, 0xb3, + 0xc4, 0x5d, 0xe3, 0x84, 0x71, 0x7a, 0xec, 0xc8, 0x6b, 0x4c, 0xfd, 0x0d, 0x49, + 0x97, 0xd0, 0x0a, 0xa5, + ], + iv: &[ + 0x78, 0x74, 0x70, 0xb3, 0xd9, 0x6d, 0x43, 0x18, 0x35, 0x42, 0xd3, 0x8e, 0x99, + 0x67, 0xba, 0x5a, + ], + cipher: &[ + 0x78, 0x74, 0x70, 0xb3, 0xd9, 0x6d, 0x43, 0x18, 0x35, 0x42, 0xd3, 0x8e, 0x99, + 0x67, 0xba, 0x5a, 0x47, 0x5e, 0x58, 0x0d, 0xce, 0xd7, 0xf3, 0xb5, 0x4b, 0xa4, + 0xce, 0xdc, 0x43, 0xaa, 0xdf, 0x11, 0xdb, 0x0b, 0x48, 0xd8, 0x7c, 0x25, 0x28, + 0xdf, 0xc6, 0xfd, 0xc0, 0x87, 0x88, 0xbc, 0xf3, 0x2e, 0x9e, 0x19, 0x6e, 0x90, + 0x8b, 0x60, 0x9b, 0xb2, 0x42, 0x17, 0xc6, 0xe5, 0x24, 0x99, 0x6b, 0x07, 0xae, + 0x2f, 0xdf, 0x66, 0x5c, 0x4d, 0x3d, 0x0d, 0x48, 0x51, 0x66, 0x81, 0x3c, 0x85, + 0xec, 0xab, + ], + }, + Test { + secret: &[ + 0x7d, 0x0c, 0x82, 0x5c, 0x95, 0xed, 0x58, 0xbf, 0xda, 0xf7, 0xaa, 0x8f, 0x86, + 0x00, 0xde, 0x81, 0x36, 0x51, 0x2a, 0x1d, 0xe3, 0x2c, 0xa4, 0x75, 0xb6, 0x99, + 0x41, 0xfa, 0xd9, 0xed, 0xbc, 0xd9, + ], + msg: &[ + 0xe4, 0xb1, 0x32, 0x9c, 0xb3, 0xba, 0xe2, 0x2e, 0xc3, 0xa7, 0x8a, 0x35, 0x02, + 0xf7, 0xd3, 0x4b, 0x52, 0x6d, 0x0d, 0xcb, 0xd5, 0x80, 0xcd, 0xca, 0x11, 0x1a, + 0x00, 0x8b, 0xcb, 0x0f, 0x4c, + ], + iv: &[ + 0x73, 0x62, 0xa5, 0xd6, 0xed, 0x7a, 0x6b, 0x72, 0x07, 0x53, 0x37, 0xef, 0x3b, + 0x97, 0x2c, 0x9e, + ], + cipher: &[ + 0x73, 0x62, 0xa5, 0xd6, 0xed, 0x7a, 0x6b, 0x72, 0x07, 0x53, 0x37, 0xef, 0x3b, + 0x97, 0x2c, 0x9e, 0x19, 0x4c, 0x4f, 0x5b, 0x56, 0x2f, 0x32, 0x16, 0xe4, 0x82, + 0xf9, 0xa6, 0xa3, 0x46, 0xaa, 0x41, 0x21, 0xdd, 0x96, 0xb1, 0xa1, 0x04, 0xfa, + 0xa2, 0x20, 0x59, 0xed, 0xa7, 0x60, 0x17, 0x2d, 0xee, 0x57, 0xc2, 0x1a, 0xe2, + 0x6f, 0x8a, 0x7c, 0x4a, 0xff, 0x5e, 0xf8, 0x71, 0x29, 0x2f, 0x61, 0xa5, 0xe9, + 0x2c, 0x97, 0x49, 0x54, 0x7b, 0xa5, 0x24, 0x4c, 0x13, 0xea, 0x75, 0x89, 0x09, + 0xe8, 0x97, + ], + }, + Test { + secret: &[ + 0x5f, 0x36, 0xea, 0x71, 0xe6, 0x2b, 0x33, 0x38, 0x50, 0xdb, 0xdb, 0xf3, 0xa4, + 0x5e, 0xcc, 0x29, 0x01, 0xa3, 0xac, 0x38, 0xa1, 0x24, 0x8c, 0xcf, 0x73, 0x52, + 0x6b, 0xc6, 0xdd, 0xfa, 0xa2, 0x4d, + ], + msg: &[ + 0xd1, 0x54, 0x2f, 0x61, 0x14, 0x44, 0x08, 0xd3, 0x9e, 0x75, 0x58, 0xfb, 0xc3, + 0xa6, 0x7e, 0x2d, 0x27, 0x63, 0x4e, 0x94, 0x5f, 0xf1, 0x60, 0xf5, 0xae, 0x69, + 0x64, 0x22, 0x83, 0x96, 0x90, 0xe3, + ], + iv: &[ + 0x3b, 0xec, 0x73, 0xb3, 0x14, 0xe3, 0xbc, 0xe3, 0xbd, 0x84, 0xdc, 0x19, 0x9b, + 0xc8, 0x25, 0x86, + ], + cipher: &[ + 0x3b, 0xec, 0x73, 0xb3, 0x14, 0xe3, 0xbc, 0xe3, 0xbd, 0x84, 0xdc, 0x19, 0x9b, + 0xc8, 0x25, 0x86, 0x4c, 0xac, 0xb8, 0x09, 0x8b, 0x52, 0x1d, 0x9a, 0x39, 0x26, + 0x65, 0xcd, 0x2b, 0x79, 0xad, 0xca, 0x76, 0xbb, 0x9d, 0x3b, 0x26, 0x6f, 0x63, + 0xb3, 0xcd, 0x95, 0x27, 0xdd, 0x68, 0x2f, 0xa4, 0x70, 0x4b, 0xd2, 0x5f, 0xc2, + 0x9f, 0xd0, 0x49, 0xc6, 0xfd, 0x7a, 0xa3, 0xc4, 0x97, 0x03, 0x75, 0x52, 0x42, + 0x31, 0x7f, 0xaa, 0x69, 0x46, 0x07, 0x89, 0x77, 0xb7, 0x7e, 0x89, 0x94, 0x59, + 0x2b, 0x80, 0xc1, 0x87, 0x26, 0xae, 0x63, 0xf6, 0xcd, 0x9b, 0xd4, 0x8b, 0x12, + 0xe8, 0x4f, 0x89, 0x80, 0x84, + ], + }, + Test { + secret: &[ + 0x22, 0xe4, 0xc6, 0x54, 0x6a, 0x62, 0xb0, 0xbb, 0x51, 0xd9, 0x5d, 0x45, 0x50, + 0xf5, 0x9a, 0x54, 0xcd, 0x97, 0xe0, 0xbe, 0x28, 0xa1, 0xfb, 0xc7, 0x1a, 0xd8, + 0x8d, 0x4c, 0x92, 0xcf, 0xdc, 0xba, + ], + msg: &[ + 0x8f, 0x69, 0x64, 0xc3, 0xca, 0x31, 0x8e, 0xd4, 0x0d, 0x2d, 0xae, 0x34, 0x8b, + 0x81, 0x1f, 0xef, 0x87, 0xaa, 0x79, 0x42, 0x75, 0x90, 0xe8, 0x6b, 0xe3, 0xbe, + 0x94, 0xff, 0x1f, 0xf8, 0x6c, 0xb7, 0x6e, + ], + iv: &[ + 0x25, 0x16, 0x81, 0x49, 0x18, 0xf4, 0xac, 0x10, 0xc8, 0xfa, 0xc5, 0x55, 0x44, + 0x48, 0x5f, 0x3b, + ], + cipher: &[ + 0x25, 0x16, 0x81, 0x49, 0x18, 0xf4, 0xac, 0x10, 0xc8, 0xfa, 0xc5, 0x55, 0x44, + 0x48, 0x5f, 0x3b, 0x6e, 0x80, 0x58, 0x25, 0xd3, 0xcc, 0xe0, 0xa2, 0xb8, 0x3a, + 0xfa, 0x4b, 0x5e, 0x3d, 0x97, 0x56, 0x0f, 0x30, 0x27, 0x90, 0xc2, 0x7b, 0xc7, + 0xcb, 0x2f, 0x86, 0xaf, 0x14, 0x3d, 0x34, 0xc5, 0xac, 0x3b, 0xd8, 0xe6, 0x75, + 0x52, 0x0f, 0x36, 0x79, 0xc9, 0xe3, 0xe3, 0x63, 0xe2, 0x75, 0xa5, 0x63, 0x78, + 0xf0, 0xee, 0x6b, 0x4d, 0x3c, 0x6d, 0x80, 0xde, 0x60, 0x3c, 0x98, 0x1e, 0xc8, + 0x55, 0x35, 0x17, 0x26, 0xd1, 0x77, 0x43, 0x8b, 0x67, 0x35, 0xff, 0x76, 0x1f, + 0x99, 0xa1, 0x10, 0x26, 0x8e, + ], + }, + Test { + secret: &[ + 0x20, 0x92, 0xe3, 0x8f, 0x52, 0xb8, 0x0a, 0x29, 0xad, 0x0e, 0x9d, 0x62, 0x07, + 0x23, 0x29, 0x36, 0x34, 0x12, 0x0a, 0xfa, 0x78, 0xd4, 0xd8, 0x6c, 0x9c, 0xb9, + 0x26, 0x9e, 0x07, 0x1f, 0xee, 0x04, + ], + msg: &[ + 0x1a, 0x30, 0x3e, 0xc9, 0x75, 0x0e, 0x85, 0x4b, 0x7b, 0x2a, 0xd8, 0x63, 0x05, + 0xdf, 0x8b, 0xb2, 0x38, 0xd1, 0x19, 0x4c, 0x8a, 0xc3, 0x03, 0x69, 0x9d, 0x2d, + 0x1a, 0xb4, 0xe9, 0xd4, 0x2f, 0x6d, 0xfd, 0x87, + ], + iv: &[ + 0x0a, 0xd0, 0xfc, 0xa4, 0xb9, 0xdf, 0x3e, 0xc4, 0x7d, 0x46, 0xdc, 0x69, 0xcf, + 0x9f, 0x4d, 0x9d, + ], + cipher: &[ + 0x0a, 0xd0, 0xfc, 0xa4, 0xb9, 0xdf, 0x3e, 0xc4, 0x7d, 0x46, 0xdc, 0x69, 0xcf, + 0x9f, 0x4d, 0x9d, 0x0d, 0x18, 0x2e, 0x01, 0x38, 0x6e, 0x37, 0x3d, 0x34, 0x2b, + 0x16, 0x27, 0x3c, 0x60, 0xc0, 0x0b, 0xe9, 0xc0, 0x9f, 0xca, 0x70, 0xaf, 0x37, + 0x45, 0x2d, 0xe6, 0x8e, 0xa5, 0x7f, 0x26, 0x78, 0x37, 0x71, 0xd8, 0xb0, 0xae, + 0xb5, 0xcb, 0xf7, 0x2d, 0x70, 0x78, 0x52, 0xad, 0x63, 0x75, 0xde, 0xc4, 0x10, + 0x1b, 0x7f, 0x69, 0xd6, 0x35, 0x22, 0xb8, 0x81, 0x3b, 0x40, 0x8d, 0x83, 0xb5, + 0x44, 0x9f, 0x3d, 0x8d, 0x3e, 0xd6, 0x2f, 0x16, 0x1e, 0x4e, 0x43, 0xf4, 0x00, + 0x9e, 0xe3, 0xc4, 0x9c, 0x0f, + ], + }, + Test { + secret: &[ + 0x3b, 0x3c, 0xe9, 0x28, 0x6e, 0xe9, 0x79, 0x70, 0x7c, 0xdf, 0x93, 0x7d, 0x1a, + 0x12, 0x9e, 0x6d, 0x1d, 0x5f, 0x56, 0x3e, 0x0a, 0xb8, 0x70, 0x18, 0x8c, 0x02, + 0x59, 0x70, 0x99, 0xd2, 0x2a, 0x2c, + ], + msg: &[ + 0xf8, 0x94, 0xf9, 0x0e, 0x7b, 0x7f, 0x60, 0x7c, 0xdc, 0x1a, 0x2f, 0xf1, 0x5d, + 0x88, 0x40, 0x67, 0xaa, 0x07, 0x49, 0x57, 0xb4, 0x10, 0xa9, 0x94, 0xf0, 0x86, + 0x6d, 0x05, 0xc2, 0x80, 0x8e, 0x30, 0xfa, 0x20, 0xdc, + ], + iv: &[ + 0x68, 0xaf, 0xa2, 0xc6, 0x48, 0xde, 0xd9, 0x76, 0x84, 0x23, 0xee, 0x5e, 0xc9, + 0x6f, 0xd8, 0x8c, + ], + cipher: &[ + 0x68, 0xaf, 0xa2, 0xc6, 0x48, 0xde, 0xd9, 0x76, 0x84, 0x23, 0xee, 0x5e, 0xc9, + 0x6f, 0xd8, 0x8c, 0x8c, 0x12, 0x6d, 0x6f, 0xa5, 0xec, 0xbb, 0x94, 0xee, 0xde, + 0xe7, 0xb8, 0x43, 0xa2, 0x84, 0xda, 0xc9, 0x22, 0xca, 0xbd, 0x51, 0x93, 0xda, + 0x77, 0xed, 0x83, 0x23, 0xf3, 0x5e, 0xeb, 0x5e, 0xce, 0xb1, 0x18, 0xc4, 0xb5, + 0x0e, 0xbc, 0x70, 0x60, 0xc1, 0xeb, 0xaa, 0x2e, 0xa8, 0x0e, 0x6e, 0x6c, 0x61, + 0x9e, 0xb0, 0x9e, 0x35, 0x7a, 0x3e, 0xc7, 0xfa, 0x34, 0xfb, 0x90, 0xf0, 0xd4, + 0x6d, 0xff, 0xd7, 0x9e, 0xe6, 0x44, 0x97, 0xcb, 0x42, 0xd3, 0x4a, 0xc1, 0x38, + 0xb9, 0xd7, 0x0b, 0x00, 0x7b, + ], + }, + Test { + secret: &[ + 0x4a, 0x99, 0xc0, 0x1d, 0x58, 0x6c, 0x57, 0x58, 0x46, 0xf9, 0xfc, 0xd2, 0x2d, + 0x3f, 0xf0, 0xd2, 0x9c, 0xa9, 0x6a, 0xff, 0x92, 0xe7, 0x27, 0x23, 0xbc, 0x93, + 0xdb, 0xa0, 0x73, 0xb0, 0xf3, 0xdc, + ], + msg: &[ + 0xe7, 0x01, 0xa7, 0x8c, 0xda, 0x3c, 0x70, 0x0a, 0x0f, 0x22, 0xc5, 0x1e, 0x4b, + 0x9c, 0xb8, 0x1e, 0x17, 0x1f, 0x6e, 0x90, 0x67, 0xbb, 0x21, 0x13, 0x6c, 0xa3, + 0xbb, 0xe9, 0xbd, 0xe4, 0x3c, 0x9e, 0xbd, 0x99, 0x54, 0x82, + ], + iv: &[ + 0x8b, 0x1f, 0xa9, 0x13, 0x48, 0x8e, 0x35, 0xea, 0xae, 0xdc, 0x2c, 0xfe, 0x4e, + 0xb5, 0x1a, 0x70, + ], + cipher: &[ + 0x8b, 0x1f, 0xa9, 0x13, 0x48, 0x8e, 0x35, 0xea, 0xae, 0xdc, 0x2c, 0xfe, 0x4e, + 0xb5, 0x1a, 0x70, 0x63, 0x47, 0xc4, 0x50, 0x87, 0xf5, 0x3c, 0xfe, 0xc0, 0x3d, + 0x37, 0x2d, 0x22, 0x33, 0x25, 0x7d, 0x8c, 0xfb, 0x07, 0xf1, 0xd1, 0x15, 0x16, + 0x74, 0xe6, 0xb4, 0x43, 0x20, 0x97, 0xd1, 0x44, 0xa2, 0x17, 0x09, 0x4f, 0xba, + 0x28, 0xd4, 0xfa, 0xa7, 0x72, 0x62, 0x91, 0x9a, 0x40, 0x97, 0x19, 0x53, 0xe7, + 0x99, 0xa9, 0x4b, 0xba, 0xad, 0x56, 0x3c, 0xc7, 0x78, 0x02, 0x7a, 0x48, 0xee, + 0xfc, 0xc4, 0x09, 0xf5, 0x3b, 0x8e, 0xa7, 0x29, 0xbb, 0xde, 0xe6, 0xf1, 0x65, + 0x14, 0x84, 0x61, 0x44, 0xc4, + ], + }, + Test { + secret: &[ + 0x44, 0xf9, 0x6e, 0xec, 0x2f, 0x91, 0x57, 0x59, 0x47, 0x46, 0xfa, 0x86, 0x1f, + 0xf3, 0x76, 0x44, 0xdc, 0x1f, 0xad, 0x61, 0xe9, 0x3a, 0x51, 0x27, 0x01, 0xe2, + 0xa1, 0xa9, 0xaf, 0xf2, 0x6d, 0x1c, + ], + msg: &[ + 0xdf, 0x85, 0x24, 0x95, 0x37, 0x19, 0xdf, 0xde, 0xa7, 0x2a, 0x71, 0xcd, 0xe1, + 0x66, 0x09, 0x28, 0xb4, 0x73, 0xfe, 0x5c, 0x7d, 0x11, 0xac, 0x1b, 0x89, 0xbf, + 0xf4, 0x5b, 0xcc, 0x23, 0x2e, 0xd1, 0x3f, 0x1e, 0xce, 0x81, 0xe0, + ], + iv: &[ + 0x60, 0xc7, 0x79, 0x0c, 0x1c, 0x5a, 0x0f, 0x00, 0xfe, 0x34, 0xd6, 0x1c, 0x19, + 0xf9, 0x96, 0xf0, + ], + cipher: &[ + 0x60, 0xc7, 0x79, 0x0c, 0x1c, 0x5a, 0x0f, 0x00, 0xfe, 0x34, 0xd6, 0x1c, 0x19, + 0xf9, 0x96, 0xf0, 0x4b, 0xf2, 0x6c, 0x05, 0xbd, 0x87, 0x24, 0x32, 0x9d, 0x64, + 0x70, 0xf7, 0x71, 0x93, 0x31, 0x4a, 0x02, 0x25, 0xf1, 0xf4, 0xef, 0x0f, 0xc1, + 0x45, 0xe1, 0xea, 0xf8, 0x47, 0x49, 0x14, 0xa2, 0x29, 0x75, 0x60, 0x80, 0x81, + 0xea, 0x5d, 0x81, 0x95, 0x2b, 0x92, 0x8a, 0x7b, 0xb2, 0x8c, 0x7e, 0x43, 0xec, + 0x0b, 0x93, 0x13, 0x2d, 0xa1, 0x58, 0xf4, 0xac, 0x54, 0x53, 0x22, 0xe1, 0x13, + 0xdd, 0x74, 0xf9, 0x3d, 0x55, 0xa6, 0x85, 0x99, 0xed, 0x5c, 0xe9, 0x7a, 0x73, + 0xbe, 0x3f, 0xb4, 0x25, 0x5b, + ], + }, + Test { + secret: &[ + 0x7b, 0xdd, 0x0e, 0x57, 0xdb, 0x5d, 0xda, 0x38, 0xd5, 0x42, 0xd2, 0x7d, 0xab, + 0x3a, 0x98, 0x96, 0x78, 0x67, 0xfd, 0x0c, 0xf7, 0xb9, 0x8b, 0x73, 0x66, 0xcb, + 0x0a, 0x1d, 0x5c, 0xfa, 0x61, 0xd2, + ], + msg: &[ + 0xc5, 0x91, 0xde, 0x0c, 0x3b, 0xc8, 0xf8, 0xa4, 0xa4, 0xa3, 0x46, 0xb1, 0xcf, + 0x71, 0x30, 0x9b, 0x4a, 0x86, 0xa9, 0xe7, 0xaf, 0x15, 0x85, 0xa4, 0xea, 0x6c, + 0x19, 0x21, 0x8f, 0x37, 0xea, 0xec, 0x76, 0x78, 0xbb, 0x17, 0xa8, 0xce, + ], + iv: &[ + 0x83, 0xb9, 0x5d, 0x05, 0x3e, 0xa3, 0xed, 0x14, 0x1b, 0x8b, 0x8b, 0x17, 0x05, + 0xd6, 0x90, 0xf8, + ], + cipher: &[ + 0x83, 0xb9, 0x5d, 0x05, 0x3e, 0xa3, 0xed, 0x14, 0x1b, 0x8b, 0x8b, 0x17, 0x05, + 0xd6, 0x90, 0xf8, 0x4f, 0xb6, 0x64, 0xfb, 0xea, 0xd3, 0x91, 0x12, 0x00, 0xe8, + 0xac, 0x41, 0xc0, 0x6e, 0xcd, 0x98, 0xa1, 0x19, 0x4e, 0x92, 0x1b, 0x33, 0x12, + 0x7a, 0x82, 0x48, 0x3a, 0xe6, 0x2f, 0x2e, 0x51, 0x26, 0xe9, 0x66, 0xc1, 0x28, + 0xef, 0xa1, 0x06, 0x1e, 0xdd, 0xd4, 0xf2, 0x5c, 0x60, 0xe3, 0x4a, 0x0e, 0x30, + 0xec, 0xaf, 0x32, 0xee, 0xd0, 0x9d, 0xcf, 0x17, 0x2b, 0xf3, 0xe2, 0x7d, 0x2b, + 0x1c, 0x0b, 0x54, 0x75, 0x4a, 0x8c, 0xfa, 0x1d, 0xd2, 0x2b, 0xee, 0xac, 0x72, + 0x42, 0x5b, 0x39, 0xde, 0x80, + ], + }, + Test { + secret: &[ + 0x0e, 0xb9, 0x12, 0xd0, 0xfd, 0xab, 0xa0, 0x95, 0x80, 0x7c, 0x98, 0x47, 0x11, + 0x81, 0xdf, 0x65, 0xd5, 0xcd, 0xdb, 0x8f, 0xa2, 0xff, 0x89, 0xe4, 0x82, 0x48, + 0xd4, 0xff, 0x65, 0x68, 0x16, 0x40, + ], + msg: &[ + 0x55, 0xaf, 0xba, 0x09, 0x2e, 0xca, 0xff, 0x44, 0x66, 0xe7, 0x9e, 0xa2, 0x3c, + 0xdc, 0xf9, 0x56, 0xf6, 0xcc, 0xb7, 0x9a, 0x00, 0xbf, 0xb8, 0x37, 0x31, 0x76, + 0x8b, 0xcd, 0x42, 0x0c, 0x0c, 0x46, 0x1c, 0xe7, 0x56, 0x6c, 0x93, 0x64, 0xda, + ], + iv: &[ + 0xd4, 0x56, 0xfa, 0xc8, 0x9b, 0x89, 0x25, 0x5d, 0x1e, 0x67, 0x2b, 0xd5, 0x2b, + 0x6e, 0x7c, 0x65, + ], + cipher: &[ + 0xd4, 0x56, 0xfa, 0xc8, 0x9b, 0x89, 0x25, 0x5d, 0x1e, 0x67, 0x2b, 0xd5, 0x2b, + 0x6e, 0x7c, 0x65, 0x7b, 0x3e, 0xf0, 0x32, 0xef, 0x26, 0xbb, 0xb6, 0xa8, 0xb9, + 0x80, 0x9d, 0x7c, 0x26, 0x11, 0x02, 0xeb, 0x29, 0x30, 0x80, 0x34, 0x80, 0xd2, + 0x69, 0x2b, 0xa0, 0xed, 0xa3, 0x95, 0x08, 0x3e, 0x3a, 0x47, 0x81, 0xd9, 0xa1, + 0x7a, 0x26, 0x55, 0x83, 0xe3, 0x2d, 0xd3, 0xf9, 0x25, 0x27, 0x84, 0xe3, 0x41, + 0x70, 0x27, 0xfe, 0x42, 0xd7, 0x85, 0xf1, 0xe7, 0x20, 0xbe, 0x10, 0x56, 0x72, + 0xf1, 0xb1, 0xaf, 0x30, 0x7a, 0x05, 0xdd, 0x46, 0x33, 0xc8, 0xc5, 0x61, 0x87, + 0x70, 0xeb, 0xb6, 0x36, 0x3c, + ], + }, + Test { + secret: &[ + 0x5f, 0x2b, 0x4d, 0xfc, 0x0f, 0xe7, 0x42, 0x16, 0x33, 0x74, 0x42, 0x72, 0x49, + 0x93, 0x1e, 0x1c, 0xa7, 0xc7, 0xdd, 0x20, 0xf1, 0x7c, 0x28, 0xe7, 0x91, 0x2b, + 0x1f, 0xa9, 0x04, 0x2e, 0xdb, 0xd7, + ], + msg: &[ + 0x2c, 0x59, 0x50, 0x06, 0xcc, 0xfe, 0x6a, 0xbd, 0x61, 0x7d, 0x1f, 0x9c, 0x90, + 0xfe, 0xc6, 0xff, 0x09, 0xe8, 0xe5, 0x20, 0xb7, 0x2a, 0x93, 0xf7, 0x33, 0xe9, + 0xef, 0x79, 0xc5, 0x06, 0x3f, 0x38, 0xf3, 0xb3, 0x63, 0xd3, 0xe9, 0x47, 0x50, + 0x9d, + ], + iv: &[ + 0x32, 0xac, 0x72, 0xa6, 0x09, 0x9a, 0xcb, 0x69, 0xea, 0x46, 0xcd, 0xfc, 0x95, + 0x4c, 0x6b, 0x12, + ], + cipher: &[ + 0x32, 0xac, 0x72, 0xa6, 0x09, 0x9a, 0xcb, 0x69, 0xea, 0x46, 0xcd, 0xfc, 0x95, + 0x4c, 0x6b, 0x12, 0xfe, 0x36, 0xe9, 0x3b, 0x8c, 0x9c, 0x7d, 0x85, 0xf6, 0x96, + 0x05, 0xe0, 0x23, 0x0d, 0xf6, 0x2b, 0xe9, 0xc6, 0x4b, 0x64, 0xd3, 0xf1, 0x95, + 0xff, 0x89, 0xdb, 0x84, 0x32, 0x93, 0x56, 0x3c, 0xfc, 0x4e, 0x29, 0xbb, 0x3d, + 0x78, 0x40, 0xa8, 0x04, 0x34, 0xe7, 0x23, 0x45, 0x16, 0x75, 0x87, 0x71, 0xad, + 0xe8, 0xd8, 0x0d, 0x8d, 0xca, 0x7c, 0x67, 0x26, 0x93, 0xf6, 0x44, 0x0e, 0x49, + 0x07, 0x0b, 0x1c, 0xb9, 0x98, 0x1c, 0x9f, 0x03, 0x24, 0x4d, 0x45, 0xf4, 0x08, + 0xef, 0x00, 0x4a, 0x8a, 0xfd, + ], + }, + Test { + secret: &[ + 0xe6, 0x82, 0x8a, 0xff, 0xaa, 0x0f, 0x3f, 0x80, 0xd6, 0x74, 0xd9, 0xce, 0x03, + 0x4f, 0xf3, 0x98, 0xec, 0x38, 0xb6, 0x60, 0x0e, 0xb0, 0x9e, 0xa3, 0xa8, 0xed, + 0x83, 0x31, 0x20, 0x71, 0x39, 0x56, + ], + msg: &[ + 0x75, 0xa9, 0xe0, 0xa6, 0xf2, 0x85, 0x63, 0xa6, 0x6e, 0x2e, 0xde, 0x28, 0x15, + 0xd5, 0x83, 0xc2, 0x10, 0x34, 0x27, 0x13, 0xe5, 0x6b, 0xcf, 0xd7, 0x41, 0x6e, + 0xc1, 0x7c, 0x5f, 0xe7, 0x33, 0xcf, 0x7d, 0xfe, 0x8e, 0xa2, 0xbd, 0x51, 0xba, + 0xcd, 0x16, + ], + iv: &[ + 0xc0, 0x81, 0xc3, 0x6d, 0xc7, 0x58, 0x00, 0xb0, 0x57, 0x11, 0xf6, 0x71, 0x39, + 0x36, 0xcf, 0xf2, + ], + cipher: &[ + 0xc0, 0x81, 0xc3, 0x6d, 0xc7, 0x58, 0x00, 0xb0, 0x57, 0x11, 0xf6, 0x71, 0x39, + 0x36, 0xcf, 0xf2, 0xbc, 0x8d, 0xc1, 0x62, 0xc7, 0x67, 0x1f, 0xb3, 0x53, 0x05, + 0xe3, 0x7e, 0x61, 0x00, 0x20, 0x96, 0xdd, 0x45, 0x3b, 0xb4, 0x75, 0xfc, 0xee, + 0x9c, 0xbe, 0xf2, 0x3d, 0xae, 0x13, 0xcc, 0x59, 0xc6, 0xe7, 0xf5, 0x2c, 0xb6, + 0x83, 0x91, 0xed, 0x8a, 0xe0, 0x4a, 0x3b, 0x43, 0x3e, 0x01, 0xdd, 0x32, 0x8a, + 0x79, 0x50, 0xae, 0xad, 0x0a, 0x74, 0xd8, 0x86, 0xd4, 0x1c, 0x88, 0xb1, 0x5e, + 0x4b, 0xdf, 0x2d, 0xee, 0xfb, 0xaa, 0xfe, 0xbe, 0x6f, 0xf9, 0x8f, 0x7f, 0x01, + 0x48, 0x52, 0x59, 0x00, 0xf0, + ], + }, + Test { + secret: &[ + 0xa4, 0x4f, 0x8e, 0x69, 0x6f, 0x51, 0xb1, 0xc6, 0xd9, 0x7d, 0xc1, 0x0c, 0xc9, + 0xfa, 0x1c, 0x98, 0x44, 0x4b, 0x3e, 0xcd, 0x3a, 0x19, 0xc4, 0x93, 0x01, 0x25, + 0xc3, 0x16, 0x22, 0x63, 0x2e, 0x45, + ], + msg: &[ + 0xd7, 0xbe, 0xb4, 0x28, 0xeb, 0x4c, 0xe6, 0xea, 0xad, 0x39, 0x1d, 0x08, 0x4f, + 0x9f, 0x6f, 0x5e, 0x60, 0x24, 0xa5, 0x2a, 0x5e, 0xdc, 0xd2, 0x94, 0xd4, 0x5c, + 0x36, 0x4d, 0x85, 0xd1, 0xa0, 0xc1, 0x0d, 0x05, 0x09, 0x51, 0x0d, 0xaa, 0xb4, + 0xbf, 0xf2, 0x8d, + ], + iv: &[ + 0x1d, 0x63, 0x2c, 0xa0, 0x8b, 0x12, 0xda, 0x2d, 0x99, 0x89, 0xfd, 0xc7, 0xee, + 0xca, 0xb6, 0x98, + ], + cipher: &[ + 0x1d, 0x63, 0x2c, 0xa0, 0x8b, 0x12, 0xda, 0x2d, 0x99, 0x89, 0xfd, 0xc7, 0xee, + 0xca, 0xb6, 0x98, 0xb4, 0xfa, 0x6c, 0xb8, 0x2a, 0x5b, 0xad, 0x15, 0x7d, 0x3d, + 0x3f, 0x20, 0xa0, 0x3b, 0xb5, 0xb4, 0xdc, 0x13, 0xac, 0x57, 0xd0, 0x9b, 0x1e, + 0xc1, 0xd0, 0x88, 0x75, 0x6d, 0xe3, 0x5d, 0x6e, 0xcf, 0xd8, 0x55, 0x47, 0xb5, + 0x2c, 0xa9, 0x8b, 0xf2, 0xa3, 0xc4, 0xa7, 0x9b, 0x78, 0xe0, 0x90, 0x55, 0xe7, + 0x84, 0xdd, 0x21, 0xdf, 0xbc, 0xe9, 0x88, 0xfc, 0xeb, 0x60, 0xf4, 0x62, 0x32, + 0xba, 0x8e, 0x33, 0x79, 0x36, 0xb0, 0x33, 0x8f, 0xa6, 0xfc, 0x8c, 0x81, 0xda, + 0x90, 0x9b, 0x27, 0x4d, 0xc9, + ], + }, + Test { + secret: &[ + 0xe0, 0x81, 0x61, 0x85, 0xf3, 0x39, 0x7b, 0xa0, 0xdf, 0x58, 0x62, 0x6f, 0xef, + 0xe0, 0xa0, 0xba, 0xb9, 0x52, 0x91, 0x50, 0xd0, 0xdd, 0xff, 0x5f, 0x52, 0xee, + 0xa1, 0x51, 0x6c, 0x6d, 0x27, 0x7a, + ], + msg: &[ + 0x62, 0x74, 0xb4, 0x89, 0xb4, 0xff, 0xd2, 0x31, 0xe6, 0x07, 0x32, 0xdc, 0xa6, + 0x53, 0x0e, 0x24, 0xc3, 0xc2, 0x11, 0x86, 0x70, 0x10, 0xd5, 0x15, 0x3c, 0x9b, + 0x7f, 0xcd, 0xc3, 0x6b, 0x28, 0x47, 0x35, 0x42, 0x60, 0xc4, 0x51, 0xbc, 0xad, + 0x04, 0xc4, 0xef, 0x1e, + ], + iv: &[ + 0x78, 0xf3, 0x9d, 0xeb, 0xef, 0xb5, 0xb2, 0xb3, 0xff, 0x12, 0x46, 0xc2, 0x86, + 0xd1, 0xed, 0xc4, + ], + cipher: &[ + 0x78, 0xf3, 0x9d, 0xeb, 0xef, 0xb5, 0xb2, 0xb3, 0xff, 0x12, 0x46, 0xc2, 0x86, + 0xd1, 0xed, 0xc4, 0x1c, 0x77, 0x76, 0xca, 0x56, 0xde, 0x13, 0xf0, 0x18, 0x8a, + 0x7e, 0xfe, 0xa9, 0x9f, 0x5e, 0x69, 0x7a, 0xa4, 0xbf, 0x7b, 0x16, 0x02, 0x36, + 0xc7, 0x3c, 0x15, 0x2d, 0xf4, 0xdd, 0xb1, 0x82, 0xc8, 0xb7, 0xc8, 0xb3, 0x66, + 0x58, 0x2b, 0xb2, 0x62, 0xa6, 0xa0, 0x58, 0x79, 0x12, 0xda, 0x26, 0xec, 0x3e, + 0x5b, 0xf6, 0x33, 0x93, 0xba, 0x7c, 0xe4, 0x19, 0x43, 0x49, 0xc7, 0xd5, 0x17, + 0x3b, 0x6d, 0xa4, 0x87, 0x2a, 0x1a, 0xd8, 0x0f, 0xda, 0x7e, 0x07, 0x6c, 0x4b, + 0xd4, 0x06, 0xfd, 0x66, 0xba, + ], + }, + Test { + secret: &[ + 0xe5, 0x13, 0x21, 0xa6, 0x1c, 0x97, 0xcd, 0xfe, 0x4f, 0xd5, 0x83, 0x60, 0xec, + 0x18, 0x21, 0x7d, 0x7c, 0x93, 0xae, 0x68, 0xdb, 0xf2, 0x2b, 0x76, 0xcd, 0x3d, + 0xa3, 0x08, 0x4f, 0x68, 0xa4, 0xca, + ], + msg: &[ + 0xf7, 0x95, 0xec, 0x03, 0xc8, 0x37, 0x0c, 0x7b, 0x17, 0x2f, 0xa1, 0xbe, 0x17, + 0xb8, 0x00, 0x6c, 0x53, 0x8e, 0x38, 0x92, 0xcd, 0x79, 0xdd, 0xcb, 0xe5, 0x90, + 0x1c, 0xdf, 0x67, 0x11, 0xfd, 0x36, 0xb9, 0xf6, 0x3a, 0x60, 0x78, 0x91, 0x79, + 0x18, 0x2d, 0xa2, 0x3d, 0x74, + ], + iv: &[ + 0x99, 0x3b, 0x0c, 0x06, 0x77, 0x6c, 0x81, 0x45, 0x8b, 0x60, 0x16, 0xeb, 0xdc, + 0x88, 0x9e, 0xb1, + ], + cipher: &[ + 0x99, 0x3b, 0x0c, 0x06, 0x77, 0x6c, 0x81, 0x45, 0x8b, 0x60, 0x16, 0xeb, 0xdc, + 0x88, 0x9e, 0xb1, 0xe7, 0x64, 0xcc, 0x7b, 0x5a, 0x98, 0x98, 0x4a, 0x2d, 0x63, + 0x4a, 0x04, 0x4e, 0x7b, 0x8d, 0x29, 0x7b, 0x78, 0xc6, 0x42, 0xa8, 0x35, 0x51, + 0x22, 0x99, 0x68, 0xb4, 0xec, 0x2c, 0x39, 0xd0, 0x2e, 0xee, 0x15, 0x02, 0x6d, + 0xf7, 0xfc, 0xd7, 0xa0, 0x01, 0x01, 0xd2, 0x4d, 0x7f, 0xc1, 0x6a, 0x00, 0x54, + 0xd3, 0x91, 0x62, 0x85, 0x29, 0x8e, 0x8f, 0xc6, 0xa9, 0x3e, 0x2f, 0xaf, 0x78, + 0x60, 0x43, 0x83, 0x37, 0x8a, 0x88, 0x6f, 0x2e, 0x3c, 0xd3, 0x4e, 0xb4, 0x0c, + 0xc0, 0x25, 0x93, 0xe5, 0x60, + ], + }, + Test { + secret: &[ + 0xd4, 0xb4, 0x94, 0xc1, 0x67, 0x2b, 0x19, 0x74, 0xef, 0xee, 0x02, 0xbd, 0x05, + 0x4b, 0xbb, 0x25, 0x7e, 0x80, 0x00, 0x8a, 0xe6, 0x40, 0x9c, 0x29, 0x94, 0xdf, + 0x88, 0xab, 0xf1, 0x57, 0x98, 0xb1, + ], + msg: &[ + 0xd3, 0x88, 0x4f, 0xc5, 0x0a, 0x84, 0x31, 0xc4, 0x9a, 0x07, 0x61, 0x63, 0x2e, + 0x79, 0x52, 0xed, 0xdf, 0xbe, 0xcb, 0xa2, 0x3a, 0x10, 0xc0, 0x73, 0xef, 0x2d, + 0xd7, 0x46, 0xd9, 0x76, 0xcd, 0x40, 0x5a, 0x68, 0xd5, 0x98, 0x7d, 0x25, 0x0a, + 0x84, 0xd2, 0xd8, 0x3d, 0x2f, 0x7a, + ], + iv: &[ + 0xde, 0x3c, 0xa5, 0xa8, 0x2c, 0x00, 0x46, 0xa2, 0xa6, 0xa5, 0x85, 0xc3, 0x07, + 0x85, 0x4d, 0xb1, + ], + cipher: &[ + 0xde, 0x3c, 0xa5, 0xa8, 0x2c, 0x00, 0x46, 0xa2, 0xa6, 0xa5, 0x85, 0xc3, 0x07, + 0x85, 0x4d, 0xb1, 0x7e, 0x3f, 0xd9, 0x63, 0x93, 0xeb, 0xfe, 0x9b, 0xce, 0xed, + 0x4f, 0x01, 0xa1, 0xcd, 0x9b, 0x65, 0x44, 0xac, 0x76, 0x2a, 0x32, 0x00, 0x1e, + 0x8d, 0xe5, 0x99, 0x2a, 0x44, 0x58, 0xee, 0x3a, 0xc3, 0x56, 0x72, 0xaf, 0xba, + 0x26, 0xdc, 0x60, 0xdb, 0x79, 0x92, 0x38, 0x49, 0x5a, 0x36, 0x4e, 0xac, 0x1f, + 0xf2, 0x19, 0xc5, 0xd9, 0x30, 0x6b, 0x9b, 0xf0, 0xd5, 0xb7, 0xb3, 0xc9, 0x90, + 0x57, 0x51, 0xa0, 0x52, 0xf4, 0xaa, 0xae, 0x06, 0xe5, 0xbd, 0x5a, 0x65, 0x96, + 0x5e, 0xf7, 0xfa, 0xb5, 0x5e, + ], + }, + Test { + secret: &[ + 0x62, 0xf1, 0xe5, 0x3c, 0xbd, 0xb8, 0x30, 0x0a, 0xef, 0xe2, 0x7a, 0xac, 0xd0, + 0x04, 0x6b, 0x6e, 0xac, 0x32, 0xcb, 0x94, 0xab, 0xd4, 0xe6, 0xff, 0x4a, 0xda, + 0xdf, 0x3e, 0x54, 0x21, 0x81, 0x82, + ], + msg: &[ + 0x8b, 0x46, 0x6e, 0x7c, 0x49, 0xa2, 0x9c, 0xcf, 0x05, 0x7f, 0x72, 0xb6, 0xd1, + 0x60, 0xed, 0xd6, 0x18, 0x57, 0x80, 0xa1, 0x3a, 0x21, 0x7f, 0x01, 0x48, 0x97, + 0xec, 0x31, 0x05, 0xac, 0x8b, 0x47, 0x5b, 0xc2, 0x6b, 0x06, 0x08, 0x08, 0x04, + 0x45, 0x4a, 0x9d, 0xd2, 0x28, 0x03, 0x43, + ], + iv: &[ + 0x41, 0xea, 0xf5, 0x31, 0x57, 0x4b, 0x97, 0xe4, 0xef, 0x6d, 0x81, 0xd3, 0x54, + 0xe8, 0x77, 0x31, + ], + cipher: &[ + 0x41, 0xea, 0xf5, 0x31, 0x57, 0x4b, 0x97, 0xe4, 0xef, 0x6d, 0x81, 0xd3, 0x54, + 0xe8, 0x77, 0x31, 0xe7, 0x8a, 0x8b, 0xe1, 0xdf, 0x2d, 0xa5, 0xf7, 0x75, 0xa1, + 0x4c, 0x3e, 0xcc, 0x40, 0xae, 0x50, 0x2f, 0x6e, 0x05, 0x65, 0xf9, 0x82, 0x7b, + 0x90, 0xde, 0x58, 0xd2, 0xc3, 0x45, 0x00, 0x98, 0xaf, 0x21, 0xda, 0xbe, 0xf3, + 0xd3, 0xdb, 0x14, 0xb5, 0xc4, 0x2c, 0x86, 0x17, 0xd5, 0x1f, 0x90, 0x19, 0x74, + 0x67, 0xfa, 0x5c, 0x5e, 0x37, 0x1c, 0xcd, 0x0d, 0xb3, 0x5d, 0x60, 0xb0, 0x19, + 0x5e, 0x40, 0xdd, 0x64, 0xf8, 0xf5, 0x6f, 0x6e, 0xe2, 0x7d, 0x81, 0x24, 0x6d, + 0xa3, 0x4a, 0xbd, 0x29, 0xa8, + ], + }, + Test { + secret: &[ + 0x67, 0x5f, 0x4b, 0x9e, 0x7c, 0x5d, 0xe0, 0x7c, 0xd4, 0x14, 0x8b, 0x8a, 0xaf, + 0x6e, 0x72, 0xae, 0x86, 0x5a, 0x0d, 0x71, 0x78, 0xbf, 0x32, 0x39, 0x75, 0x84, + 0xd9, 0xfc, 0x41, 0xe3, 0x62, 0x77, + ], + msg: &[ + 0x4e, 0xa7, 0xc7, 0xdd, 0x83, 0x6c, 0xd3, 0x9f, 0xea, 0x52, 0x6c, 0xe5, 0x73, + 0xca, 0xb9, 0x09, 0xfa, 0x71, 0x8a, 0x77, 0x44, 0x35, 0x02, 0x13, 0x02, 0x66, + 0x4c, 0x81, 0x5a, 0x42, 0x89, 0xf4, 0xc4, 0x62, 0x0b, 0x8f, 0x11, 0x5b, 0xd4, + 0x09, 0x21, 0x58, 0x04, 0xd3, 0x02, 0x8a, 0xe8, + ], + iv: &[ + 0xfe, 0x10, 0x71, 0x50, 0x4e, 0xd0, 0xa3, 0xbf, 0x7e, 0x9a, 0x66, 0x9d, 0x50, + 0xae, 0x96, 0x3e, + ], + cipher: &[ + 0xfe, 0x10, 0x71, 0x50, 0x4e, 0xd0, 0xa3, 0xbf, 0x7e, 0x9a, 0x66, 0x9d, 0x50, + 0xae, 0x96, 0x3e, 0x60, 0x3d, 0x87, 0xf2, 0xaf, 0x4f, 0xfb, 0xf8, 0xc0, 0xdb, + 0xe9, 0x89, 0xe3, 0xee, 0xa7, 0x0d, 0x97, 0x1b, 0xa1, 0xe2, 0x67, 0x18, 0x7b, + 0xcc, 0x50, 0x28, 0x52, 0xb8, 0x3e, 0x07, 0xf6, 0xcb, 0xa2, 0x16, 0xdd, 0xd2, + 0x90, 0x72, 0xd4, 0xa6, 0xdb, 0xdf, 0x96, 0x06, 0xe3, 0xc0, 0x58, 0x67, 0x8a, + 0x5f, 0xb7, 0x32, 0x33, 0x60, 0x16, 0x54, 0x98, 0x92, 0xbc, 0x42, 0x9c, 0x2d, + 0x63, 0x7b, 0xfb, 0xd6, 0xa6, 0xc9, 0x0d, 0x4c, 0x5f, 0xd7, 0x42, 0xd1, 0xac, + 0x7f, 0x8b, 0xa2, 0x13, 0x91, + ], + }, + Test { + secret: &[ + 0x48, 0x28, 0x8a, 0xc0, 0x9e, 0x4c, 0xef, 0x26, 0x4d, 0x8e, 0xf9, 0xae, 0x70, + 0x62, 0x5d, 0xb8, 0x74, 0xdd, 0xac, 0x92, 0x89, 0x36, 0x15, 0x9d, 0x98, 0x10, + 0x4c, 0xed, 0xd6, 0x9f, 0xed, 0xb3, + ], + msg: &[ + 0x9f, 0x54, 0x70, 0xc3, 0x1c, 0xdd, 0x8d, 0x94, 0xf4, 0x03, 0xe8, 0x5f, 0x45, + 0x51, 0x17, 0x54, 0x77, 0x1c, 0x9c, 0xb5, 0x0a, 0xa8, 0xf5, 0x76, 0x47, 0xa6, + 0x50, 0x25, 0x57, 0x57, 0x51, 0x27, 0x90, 0x6f, 0xdd, 0x7b, 0xbe, 0x9e, 0x4a, + 0x21, 0xfc, 0xec, 0x86, 0xbf, 0x91, 0xa1, 0x5b, 0x5f, + ], + iv: &[ + 0x62, 0x2c, 0x9c, 0xa8, 0x46, 0xd5, 0xd3, 0x9d, 0xa4, 0x1e, 0x70, 0x03, 0x67, + 0x74, 0x2d, 0x36, + ], + cipher: &[ + 0x62, 0x2c, 0x9c, 0xa8, 0x46, 0xd5, 0xd3, 0x9d, 0xa4, 0x1e, 0x70, 0x03, 0x67, + 0x74, 0x2d, 0x36, 0xc3, 0x70, 0xd2, 0xf0, 0x36, 0x92, 0x9b, 0x80, 0x4b, 0xf3, + 0xea, 0x20, 0x93, 0xa9, 0xf8, 0xd0, 0xa9, 0x67, 0xf6, 0xcb, 0x7b, 0xaa, 0xb6, + 0x8a, 0xf3, 0x2d, 0x31, 0xb6, 0x14, 0xc8, 0x61, 0x28, 0xdd, 0xc2, 0x1d, 0x00, + 0xe6, 0xa7, 0x2e, 0x03, 0x55, 0x6e, 0x46, 0x6f, 0x55, 0x3c, 0x2b, 0x27, 0x4b, + 0x4f, 0x54, 0x88, 0x1a, 0xea, 0x92, 0xc9, 0x5c, 0xf6, 0x1d, 0x32, 0xfa, 0xe7, + 0x44, 0x80, 0xb7, 0x18, 0xe3, 0x32, 0x5c, 0x9a, 0xac, 0x01, 0x37, 0x7c, 0xef, + 0x82, 0xf5, 0x76, 0xe8, 0xa4, 0x8d, 0x5c, 0xa3, 0xca, 0xf4, 0xe9, 0x1b, 0xd5, + 0xf5, 0x74, 0x75, 0xac, 0xd7, 0x19, 0x17, 0xe2, + ], + }, + Test { + secret: &[ + 0x24, 0xce, 0xec, 0x95, 0x4f, 0xb2, 0xf2, 0x8f, 0xf5, 0x42, 0x88, 0x34, 0xc2, + 0x03, 0xac, 0x49, 0x9d, 0x2b, 0x45, 0x63, 0x7c, 0xb1, 0x85, 0x54, 0x76, 0xc6, + 0xf8, 0x4f, 0x3e, 0x24, 0xab, 0x9d, + ], + msg: &[ + 0x37, 0xd7, 0x01, 0xd0, 0xf9, 0x64, 0x97, 0x27, 0x77, 0xcf, 0xa6, 0xa5, 0x2c, + 0x26, 0xbd, 0x64, 0xd0, 0x44, 0x33, 0x69, 0xe2, 0xea, 0xf3, 0x7e, 0x6d, 0x57, + 0xd4, 0x1b, 0x9d, 0x46, 0x5b, 0xe5, 0xf8, 0x1a, 0xe9, 0x36, 0x65, 0x99, 0x30, + 0xbb, 0xc0, 0x05, 0xa7, 0xae, 0x84, 0x67, 0x78, 0x04, 0x1a, + ], + iv: &[ + 0xbe, 0xa1, 0xa6, 0xf7, 0x4b, 0x50, 0xdc, 0xc2, 0xe7, 0xaf, 0xdc, 0x6d, 0x59, + 0x4e, 0xc4, 0x08, + ], + cipher: &[ + 0xbe, 0xa1, 0xa6, 0xf7, 0x4b, 0x50, 0xdc, 0xc2, 0xe7, 0xaf, 0xdc, 0x6d, 0x59, + 0x4e, 0xc4, 0x08, 0x93, 0xd5, 0x4d, 0xec, 0xd9, 0x9a, 0x5a, 0x33, 0xe9, 0x33, + 0xaf, 0xff, 0x85, 0x02, 0xab, 0xef, 0x41, 0xe5, 0x25, 0x61, 0xd7, 0x77, 0x76, + 0xba, 0x4a, 0xf7, 0x8b, 0x71, 0x7f, 0x4e, 0x0e, 0x0c, 0x76, 0xf0, 0xdc, 0x67, + 0x95, 0x71, 0x76, 0x65, 0xb0, 0x0e, 0xe3, 0x97, 0x48, 0xe3, 0x8e, 0xd2, 0xea, + 0x0a, 0x3e, 0x64, 0x83, 0x1c, 0x0e, 0x20, 0xe1, 0x48, 0x6c, 0x5e, 0x80, 0x4e, + 0x6b, 0xe6, 0x4e, 0x6b, 0xbe, 0x23, 0xda, 0x2d, 0x3a, 0x46, 0xa3, 0x3c, 0x5a, + 0xcb, 0xd1, 0x69, 0xe0, 0xd6, 0xa5, 0x26, 0xb8, 0xca, 0xe8, 0xf9, 0xbe, 0x44, + 0xdd, 0xd0, 0x53, 0x8c, 0x0e, 0x04, 0xbf, 0x83, + ], + }, + Test { + secret: &[ + 0x56, 0xda, 0xa8, 0x9d, 0x13, 0xc5, 0x1b, 0x67, 0x75, 0x17, 0xd3, 0xa2, 0xea, + 0x78, 0x87, 0x66, 0xd7, 0x9e, 0x6f, 0xf3, 0x6b, 0xf6, 0xfc, 0x3b, 0xff, 0x67, + 0xfa, 0xa4, 0x32, 0x19, 0x3a, 0x2c, + ], + msg: &[ + 0xc6, 0xfa, 0xec, 0xc9, 0x66, 0xc4, 0x0b, 0xd4, 0x8d, 0x61, 0xb2, 0x3e, 0x4e, + 0x63, 0x42, 0x07, 0x51, 0x5e, 0xdd, 0xd8, 0xbd, 0x9e, 0xda, 0xbb, 0xc5, 0x7e, + 0xc6, 0xa4, 0x0a, 0xd9, 0x2d, 0x26, 0x6f, 0x89, 0xdb, 0xd2, 0xa3, 0x92, 0x57, + 0x7f, 0xd5, 0x0f, 0x5f, 0xaa, 0x67, 0x07, 0x0c, 0x0b, 0x8a, 0x8d, + ], + iv: &[ + 0x4f, 0x1c, 0xec, 0x36, 0xd8, 0xb8, 0x44, 0x66, 0xfb, 0x3f, 0x15, 0x70, 0x7b, + 0xc6, 0xcf, 0xc9, + ], + cipher: &[ + 0x4f, 0x1c, 0xec, 0x36, 0xd8, 0xb8, 0x44, 0x66, 0xfb, 0x3f, 0x15, 0x70, 0x7b, + 0xc6, 0xcf, 0xc9, 0x7d, 0xd8, 0x52, 0xe2, 0xaa, 0x2e, 0xe2, 0x44, 0xf8, 0x6a, + 0xee, 0xed, 0x38, 0x9d, 0xa8, 0x49, 0x71, 0x45, 0xe4, 0xf5, 0x33, 0xea, 0x6a, + 0xfe, 0xd4, 0x5d, 0x1a, 0x92, 0xcc, 0xb2, 0xc5, 0x6f, 0xa3, 0x04, 0xfa, 0x80, + 0x39, 0x47, 0x8e, 0x93, 0x49, 0x79, 0xd6, 0x8d, 0x2b, 0x99, 0x4e, 0xd3, 0x3f, + 0x0a, 0x84, 0x88, 0x7c, 0x98, 0xfb, 0x86, 0xfd, 0xf7, 0xab, 0xd4, 0x9a, 0x93, + 0x43, 0x4d, 0x5f, 0x28, 0x8f, 0x79, 0x27, 0x67, 0xd0, 0x85, 0xc0, 0xd7, 0x30, + 0xb1, 0xb5, 0x25, 0xfb, 0x22, 0xe6, 0x1e, 0x7c, 0xde, 0xe8, 0x45, 0x12, 0xdd, + 0xe0, 0xfe, 0x6b, 0x85, 0x02, 0xb7, 0x37, 0x99, + ], + }, + Test { + secret: &[ + 0x1a, 0x24, 0x7f, 0x9a, 0x08, 0x19, 0x9e, 0x76, 0x4f, 0x4f, 0x82, 0x2d, 0x33, + 0x8f, 0xb0, 0x6f, 0xfa, 0x48, 0xf0, 0x7a, 0x19, 0x49, 0x70, 0xf4, 0x27, 0x4a, + 0x69, 0x0c, 0xb7, 0xec, 0x2e, 0xab, + ], + msg: &[ + 0xc8, 0x4f, 0xe4, 0xfd, 0x5b, 0x03, 0xaa, 0x94, 0x97, 0xb6, 0x87, 0x63, 0x47, + 0x18, 0x9c, 0x1c, 0xb0, 0xc2, 0xda, 0xad, 0xcf, 0x2b, 0x50, 0x33, 0xf5, 0xb2, + 0xf0, 0xfa, 0x82, 0xef, 0xfe, 0xd0, 0x15, 0xec, 0x05, 0x2f, 0xff, 0xdf, 0x1d, + 0x52, 0x4a, 0x9d, 0x7b, 0xab, 0x2b, 0x82, 0x24, 0x0a, 0xb1, 0x5f, 0x80, + ], + iv: &[ + 0x6e, 0x66, 0x6b, 0x15, 0x96, 0x60, 0xdf, 0xdb, 0xa1, 0xe0, 0x54, 0x44, 0x85, + 0xde, 0xec, 0xed, + ], + cipher: &[ + 0x6e, 0x66, 0x6b, 0x15, 0x96, 0x60, 0xdf, 0xdb, 0xa1, 0xe0, 0x54, 0x44, 0x85, + 0xde, 0xec, 0xed, 0xd0, 0xb0, 0x34, 0x96, 0xd0, 0x8b, 0xfc, 0xa2, 0x9f, 0x26, + 0x44, 0x9e, 0x86, 0xd4, 0xda, 0xc7, 0x12, 0x2f, 0x42, 0xff, 0x4c, 0x9e, 0xce, + 0x5f, 0xe5, 0xcb, 0x73, 0x0f, 0x56, 0xc4, 0x56, 0x18, 0xdb, 0xa6, 0xe5, 0x39, + 0x83, 0xee, 0xce, 0xc8, 0xa4, 0x18, 0xbc, 0x01, 0x09, 0x8c, 0xb9, 0x00, 0x84, + 0xfb, 0xbc, 0xb6, 0xbe, 0xe2, 0x41, 0xda, 0x61, 0xfa, 0x71, 0x6c, 0xe3, 0x27, + 0x57, 0x72, 0xbc, 0xda, 0x08, 0xf2, 0xee, 0x1c, 0x83, 0xdd, 0x69, 0x1d, 0x26, + 0x83, 0x46, 0xdc, 0x58, 0x82, 0x2e, 0x17, 0xb4, 0xe9, 0x47, 0x03, 0x86, 0xf8, + 0xeb, 0x4c, 0x4e, 0x76, 0xbe, 0xa7, 0x3f, 0x89, + ], + }, + Test { + secret: &[ + 0x0a, 0xf2, 0xe3, 0x8b, 0x80, 0xb7, 0x06, 0x01, 0x14, 0xc2, 0xa3, 0xc9, 0x92, + 0x16, 0x26, 0xa5, 0x2f, 0xf2, 0x7b, 0x46, 0x10, 0xdd, 0x61, 0x62, 0xfe, 0xd2, + 0x18, 0x27, 0xfc, 0x23, 0xb3, 0x0f, + ], + msg: &[ + 0x37, 0x1d, 0x7a, 0x09, 0xa6, 0xfb, 0x09, 0x12, 0x9a, 0x82, 0x61, 0x34, 0xa2, + 0x37, 0xd9, 0x05, 0xe8, 0x01, 0x4c, 0x3f, 0xf1, 0xad, 0xd4, 0x61, 0x4b, 0x2e, + 0x6b, 0x12, 0x98, 0x69, 0x61, 0x68, 0x4f, 0x06, 0x82, 0xc7, 0xed, 0x96, 0x63, + 0x3b, 0x18, 0x09, 0xa8, 0xff, 0xcf, 0xc8, 0xab, 0xd4, 0x4a, 0xff, 0x1c, 0x9e, + ], + iv: &[ + 0x1c, 0xdb, 0x4f, 0x46, 0x14, 0x0a, 0x07, 0xba, 0x8b, 0xc9, 0x10, 0xec, 0x8c, + 0x66, 0xd6, 0x06, + ], + cipher: &[ + 0x1c, 0xdb, 0x4f, 0x46, 0x14, 0x0a, 0x07, 0xba, 0x8b, 0xc9, 0x10, 0xec, 0x8c, + 0x66, 0xd6, 0x06, 0x79, 0x3a, 0x6f, 0x37, 0x25, 0x2e, 0x17, 0xd9, 0xe8, 0x54, + 0x1e, 0x3f, 0x87, 0xc6, 0x87, 0x45, 0x71, 0xa7, 0x9f, 0x71, 0x04, 0xfc, 0x5c, + 0xe3, 0x86, 0xfc, 0xd1, 0x39, 0x89, 0x94, 0x85, 0x14, 0x9c, 0xf1, 0x4a, 0x6a, + 0x19, 0x75, 0xc3, 0xcd, 0xc1, 0xf2, 0x6b, 0xcc, 0xab, 0x67, 0x94, 0x8b, 0x20, + 0x30, 0xe1, 0x3f, 0x26, 0x0f, 0x8e, 0xaa, 0xdf, 0x4c, 0x34, 0xd8, 0x99, 0xfb, + 0x71, 0xba, 0x52, 0xb8, 0x67, 0x7e, 0xc3, 0xd5, 0x6c, 0x7f, 0x5f, 0x84, 0x92, + 0x78, 0xd1, 0xa2, 0x7c, 0x14, 0xc3, 0x95, 0x53, 0x8d, 0xc2, 0x3d, 0xf1, 0xf2, + 0x44, 0x5f, 0x9f, 0x06, 0x43, 0x17, 0xee, 0x6a, + ], + }, + Test { + secret: &[ + 0x31, 0x10, 0x18, 0x58, 0x82, 0x42, 0x3a, 0x8c, 0x27, 0x41, 0xed, 0xf4, 0x68, + 0x4d, 0x28, 0x5a, 0xda, 0xb4, 0x50, 0x7a, 0x1b, 0xc8, 0x7c, 0xcd, 0x8d, 0x68, + 0x06, 0x43, 0xa0, 0xfa, 0xa7, 0xbf, + ], + msg: &[ + 0x46, 0x63, 0xf5, 0xe0, 0x51, 0x23, 0x96, 0x45, 0xa5, 0x09, 0xcc, 0xb1, 0x18, + 0x68, 0x30, 0xc9, 0xc6, 0xd8, 0xf0, 0x5a, 0xe4, 0x71, 0xd5, 0xd8, 0xb4, 0x14, + 0xf0, 0x70, 0x8b, 0x6c, 0xdc, 0x42, 0xbf, 0xbe, 0x0c, 0xeb, 0x4a, 0x49, 0x02, + 0xb8, 0xa3, 0x67, 0xb8, 0x4a, 0xc5, 0x2b, 0x2d, 0x3c, 0x00, 0x01, 0x45, 0xe2, + 0x99, + ], + iv: &[ + 0x51, 0x40, 0x12, 0x2f, 0x62, 0x4b, 0xcf, 0x32, 0x38, 0x43, 0x81, 0x1b, 0x8b, + 0xb0, 0x6f, 0x7d, + ], + cipher: &[ + 0x51, 0x40, 0x12, 0x2f, 0x62, 0x4b, 0xcf, 0x32, 0x38, 0x43, 0x81, 0x1b, 0x8b, + 0xb0, 0x6f, 0x7d, 0xcc, 0x7d, 0xd9, 0x20, 0x5f, 0x80, 0x08, 0xd2, 0x15, 0xa4, + 0xee, 0xdf, 0x7d, 0xbf, 0x9a, 0xd4, 0xf8, 0x08, 0x2e, 0x5d, 0xcf, 0xb9, 0x5d, + 0x64, 0x5d, 0xae, 0x06, 0xbc, 0x38, 0xca, 0x84, 0x7a, 0x24, 0x2e, 0x5a, 0x38, + 0xeb, 0xbc, 0xbc, 0xc9, 0xa3, 0x28, 0x40, 0xca, 0x6d, 0x9a, 0x4e, 0x7d, 0x58, + 0x89, 0x0d, 0x03, 0xc4, 0xd8, 0x1f, 0x7b, 0x4c, 0x66, 0x49, 0x26, 0x75, 0x11, + 0x0c, 0xe8, 0xdc, 0xf0, 0x0a, 0x8b, 0x34, 0xcd, 0x11, 0xa7, 0xa6, 0xcf, 0x65, + 0xed, 0xaf, 0xff, 0xa6, 0x0c, 0xa4, 0x50, 0x01, 0xae, 0xe3, 0x06, 0xf6, 0x05, + 0x4a, 0xba, 0x3a, 0x5a, 0x80, 0x18, 0xea, 0x98, + ], + }, + Test { + secret: &[ + 0xb5, 0xa1, 0xce, 0x87, 0x95, 0xc6, 0xc0, 0x36, 0x87, 0x99, 0x28, 0xb6, 0xc6, + 0x49, 0x59, 0xd1, 0x24, 0x1d, 0x6e, 0x9c, 0x87, 0x42, 0x98, 0x10, 0x35, 0x84, + 0x2e, 0x66, 0x0c, 0x58, 0x05, 0x61, + ], + msg: &[ + 0xc8, 0xa7, 0x9b, 0x00, 0x25, 0xa6, 0x38, 0x4b, 0xb3, 0xe4, 0x6d, 0x97, 0x5c, + 0x53, 0x99, 0xd2, 0x20, 0x50, 0x9a, 0x1b, 0xa4, 0x8b, 0xb9, 0x88, 0x69, 0x61, + 0xc1, 0xd6, 0x6b, 0xa9, 0x81, 0x69, 0x8c, 0x34, 0x50, 0x0b, 0xb3, 0x2a, 0xba, + 0xd3, 0xd8, 0x00, 0xf0, 0xb1, 0x25, 0x10, 0xda, 0x3c, 0x61, 0x5a, 0xbc, 0xe0, + 0x4e, 0x42, + ], + iv: &[ + 0x75, 0xaf, 0x51, 0x14, 0x8a, 0x66, 0x61, 0x1a, 0x3e, 0x6c, 0xb2, 0xf2, 0x48, + 0x5e, 0xa3, 0x01, + ], + cipher: &[ + 0x75, 0xaf, 0x51, 0x14, 0x8a, 0x66, 0x61, 0x1a, 0x3e, 0x6c, 0xb2, 0xf2, 0x48, + 0x5e, 0xa3, 0x01, 0x7e, 0xc9, 0xd5, 0x2a, 0x6c, 0xf1, 0x82, 0xd2, 0xd1, 0x07, + 0x65, 0x3b, 0x0e, 0xa2, 0x11, 0x01, 0x42, 0xe8, 0xfd, 0xbf, 0x2d, 0x91, 0x7d, + 0xbc, 0xdc, 0xaf, 0x72, 0x5a, 0x2c, 0xe5, 0x34, 0x56, 0xff, 0xfd, 0xdf, 0x92, + 0x69, 0x43, 0x99, 0xbc, 0xbb, 0x9e, 0xb4, 0x82, 0xc7, 0x71, 0x0f, 0x7b, 0xaa, + 0xe6, 0xb8, 0x45, 0xfc, 0x43, 0x0d, 0xf0, 0x07, 0x1c, 0x34, 0xa9, 0x53, 0x56, + 0xaa, 0xef, 0xef, 0xa4, 0x00, 0x8d, 0x10, 0x20, 0xd2, 0x5c, 0xc5, 0x36, 0xe4, + 0x14, 0xaa, 0xc7, 0x8d, 0xd0, 0x71, 0x15, 0x8c, 0x5b, 0x3f, 0x9e, 0xaa, 0xbd, + 0xee, 0x9b, 0x17, 0xf8, 0xa9, 0xd5, 0x95, 0x0f, + ], + }, + Test { + secret: &[ + 0x7a, 0x24, 0x88, 0x49, 0x00, 0x19, 0x0d, 0x98, 0xb3, 0x7b, 0x26, 0x91, 0xd0, + 0x10, 0x9e, 0x4b, 0xd3, 0x50, 0x58, 0x0b, 0x53, 0x35, 0x88, 0x8b, 0x4e, 0x30, + 0x61, 0xe8, 0x99, 0xe6, 0x12, 0x91, + ], + msg: &[ + 0x2f, 0x1b, 0xd7, 0xe2, 0xa1, 0xb5, 0x9c, 0x19, 0xf7, 0x6d, 0x0d, 0xcb, 0x02, + 0x8e, 0x23, 0xef, 0xaa, 0xd6, 0x1a, 0xaa, 0xb8, 0xcc, 0xd1, 0xb0, 0xec, 0xe2, + 0x97, 0x60, 0xc3, 0x28, 0x4e, 0x1a, 0x59, 0x24, 0x5c, 0x60, 0x9f, 0x96, 0x52, + 0x29, 0xe7, 0x6f, 0x37, 0xc7, 0x2a, 0x1b, 0x15, 0x56, 0xd0, 0xad, 0x15, 0x1a, + 0x9b, 0x0c, 0xff, + ], + iv: &[ + 0xc3, 0xdc, 0x77, 0x8c, 0xa5, 0x33, 0x19, 0x29, 0x66, 0xc4, 0x1e, 0x95, 0x6c, + 0x17, 0x1c, 0x99, + ], + cipher: &[ + 0xc3, 0xdc, 0x77, 0x8c, 0xa5, 0x33, 0x19, 0x29, 0x66, 0xc4, 0x1e, 0x95, 0x6c, + 0x17, 0x1c, 0x99, 0xf7, 0x72, 0xc7, 0xa9, 0x6b, 0xe2, 0xf1, 0xd5, 0x13, 0xe7, + 0x76, 0x5e, 0x64, 0xbe, 0x20, 0x6e, 0x5f, 0xf7, 0x00, 0xe2, 0xef, 0x0a, 0xaf, + 0x85, 0x8d, 0xab, 0x7f, 0xc6, 0x3a, 0x61, 0xf6, 0x07, 0x62, 0x38, 0xc2, 0x32, + 0x8b, 0xdd, 0x39, 0xa3, 0x43, 0xbb, 0xe1, 0x7d, 0x8d, 0xbb, 0x26, 0xd7, 0xa1, + 0x2e, 0x71, 0x3d, 0x3f, 0x70, 0x60, 0x32, 0xc2, 0xcc, 0x5b, 0xd4, 0xaa, 0x7f, + 0x48, 0x81, 0x3a, 0x88, 0x52, 0x9f, 0xfe, 0x04, 0x96, 0x5f, 0x7b, 0x83, 0x50, + 0x5e, 0x91, 0xc6, 0xc2, 0x64, 0x3e, 0x19, 0x34, 0x2b, 0x90, 0x13, 0x03, 0x4a, + 0xa2, 0xe8, 0xf1, 0xb1, 0xc5, 0xd7, 0xd5, 0x0d, + ], + }, + Test { + secret: &[ + 0x65, 0x3d, 0xa9, 0xf2, 0xb2, 0x18, 0x57, 0x38, 0xa1, 0xe3, 0xeb, 0x00, 0xd9, + 0x2c, 0x0d, 0xab, 0x1d, 0x0c, 0x15, 0x09, 0x5d, 0xfc, 0x68, 0xf8, 0xfe, 0x64, + 0x4d, 0xaa, 0x59, 0x22, 0xe1, 0xb5, + ], + msg: &[ + 0xe1, 0x9a, 0x18, 0x52, 0xdb, 0xee, 0xfe, 0xac, 0xb5, 0x77, 0x0d, 0xab, 0x94, + 0x6c, 0x99, 0x1d, 0x93, 0xfb, 0x1b, 0x60, 0x58, 0x93, 0x72, 0x04, 0xe5, 0xad, + 0x7b, 0x58, 0x14, 0x69, 0x2e, 0x52, 0x42, 0x36, 0x22, 0xd4, 0xea, 0x99, 0x70, + 0x99, 0x68, 0x7c, 0x39, 0xd0, 0xdc, 0x0a, 0x15, 0x02, 0x30, 0x62, 0x45, 0x4f, + 0xc7, 0x8a, 0xcd, 0x31, + ], + iv: &[ + 0x8d, 0xf3, 0xb5, 0x4f, 0x05, 0x00, 0x46, 0x8a, 0xc3, 0x62, 0x38, 0x44, 0x6b, + 0x9c, 0x94, 0x4d, + ], + cipher: &[ + 0x8d, 0xf3, 0xb5, 0x4f, 0x05, 0x00, 0x46, 0x8a, 0xc3, 0x62, 0x38, 0x44, 0x6b, + 0x9c, 0x94, 0x4d, 0xc9, 0x1a, 0x7f, 0x41, 0xc0, 0xbb, 0x6f, 0x6b, 0x08, 0x5e, + 0xb3, 0x19, 0x12, 0x63, 0x4a, 0x87, 0x56, 0x52, 0x3b, 0xa8, 0x69, 0x6d, 0x53, + 0x54, 0x6e, 0xdd, 0x63, 0xf6, 0x42, 0xab, 0x22, 0x31, 0xc9, 0xaa, 0xac, 0x29, + 0xec, 0xd3, 0xd1, 0xe5, 0x43, 0xd2, 0xbd, 0xb5, 0xcf, 0x54, 0xbd, 0x6a, 0xfe, + 0x8b, 0xf2, 0xd4, 0x32, 0xd6, 0x36, 0x0d, 0x0d, 0x51, 0xbb, 0xd3, 0xbd, 0xfe, + 0xe9, 0x10, 0xd8, 0xbf, 0x48, 0x8b, 0x77, 0xb0, 0x45, 0x4e, 0xe6, 0xf1, 0x72, + 0x69, 0x90, 0xf4, 0xef, 0x9c, 0x8e, 0xc7, 0xd7, 0xf2, 0x30, 0xb1, 0x48, 0xb8, + 0x42, 0x72, 0xc9, 0x59, 0x6d, 0xda, 0x16, 0x57, + ], + }, + Test { + secret: &[ + 0x87, 0xae, 0xcd, 0x3f, 0x04, 0x56, 0xd7, 0x3b, 0x6f, 0xa3, 0x1e, 0xb7, 0xae, + 0x54, 0x04, 0xd3, 0xff, 0xf5, 0xbe, 0xbf, 0xcc, 0x96, 0x43, 0x77, 0xdb, 0x2a, + 0x33, 0x4e, 0x67, 0x9d, 0xb8, 0x17, + ], + msg: &[ + 0x77, 0x86, 0xd2, 0x5b, 0x21, 0x12, 0x42, 0x72, 0x18, 0x79, 0x31, 0x20, 0xab, + 0xb3, 0x65, 0x6c, 0x48, 0xf2, 0x49, 0xf4, 0x3b, 0x25, 0x44, 0xb8, 0x02, 0xf0, + 0xd9, 0x28, 0x8b, 0x7f, 0x76, 0xf0, 0x06, 0x02, 0x56, 0x52, 0x1f, 0x7b, 0x7e, + 0x06, 0x8d, 0xf6, 0x78, 0x1e, 0xd1, 0x3d, 0x1d, 0xd9, 0x74, 0x66, 0x17, 0x52, + 0xba, 0x20, 0x75, 0x4e, 0x8b, + ], + iv: &[ + 0x23, 0xcc, 0x0f, 0x28, 0x8f, 0x52, 0x01, 0xd9, 0xb5, 0xf5, 0x5b, 0x84, 0xfb, + 0xf7, 0x18, 0x3c, + ], + cipher: &[ + 0x23, 0xcc, 0x0f, 0x28, 0x8f, 0x52, 0x01, 0xd9, 0xb5, 0xf5, 0x5b, 0x84, 0xfb, + 0xf7, 0x18, 0x3c, 0x13, 0xb2, 0x73, 0xd4, 0x7b, 0x7c, 0xad, 0x94, 0x14, 0x44, + 0x5f, 0xbd, 0xb6, 0xe8, 0x2f, 0x94, 0x62, 0xb0, 0xd5, 0x31, 0x83, 0xce, 0x80, + 0x67, 0x34, 0x61, 0x94, 0x47, 0xe7, 0x67, 0x29, 0x47, 0x95, 0x97, 0x8e, 0x8a, + 0xaa, 0xa7, 0xe3, 0x78, 0xa8, 0x9b, 0x41, 0x3f, 0xd8, 0xc7, 0xa2, 0x6d, 0xd0, + 0x65, 0x70, 0x80, 0xb5, 0x69, 0x82, 0x3d, 0xd0, 0xb2, 0x90, 0x27, 0x6c, 0x97, + 0xf5, 0x7d, 0x3a, 0x9a, 0x7f, 0x53, 0xdb, 0x2e, 0x14, 0xa2, 0x7f, 0x9a, 0xab, + 0x6b, 0x3b, 0x6b, 0x14, 0xe1, 0xc2, 0xeb, 0xe8, 0x1e, 0x96, 0x05, 0x69, 0xbf, + 0xd8, 0xc4, 0x1c, 0xcb, 0x60, 0xac, 0x81, 0xa8, + ], + }, + Test { + secret: &[ + 0xa5, 0x84, 0xab, 0x59, 0x49, 0xd1, 0xc4, 0x9e, 0x66, 0xdf, 0x7e, 0xe0, 0x8b, + 0x63, 0x27, 0x10, 0xd8, 0x14, 0x88, 0xde, 0x16, 0x03, 0x91, 0x8c, 0x7a, 0xfa, + 0x40, 0xb7, 0x9f, 0x60, 0xa4, 0xc4, + ], + msg: &[ + 0x93, 0xe0, 0xe0, 0xa2, 0x46, 0xc1, 0x29, 0x8d, 0xaf, 0x52, 0x09, 0x66, 0x0a, + 0x69, 0xdc, 0x8c, 0x2e, 0x71, 0x54, 0x35, 0x26, 0x59, 0xb3, 0x40, 0x32, 0x9a, + 0xfc, 0xbc, 0x12, 0x32, 0x2a, 0x24, 0x9d, 0xc4, 0x26, 0x77, 0xa9, 0x20, 0x6c, + 0xba, 0x3b, 0x94, 0xb0, 0x72, 0xe2, 0xee, 0x41, 0x16, 0x89, 0x7e, 0xf7, 0x82, + 0xfc, 0x1e, 0x83, 0x6b, 0x8b, 0x7d, + ], + iv: &[ + 0x91, 0xcf, 0xa8, 0x5f, 0x8d, 0xc9, 0x04, 0xd8, 0x8e, 0x9d, 0x95, 0x3a, 0x88, + 0x9f, 0xbb, 0xaf, + ], + cipher: &[ + 0x91, 0xcf, 0xa8, 0x5f, 0x8d, 0xc9, 0x04, 0xd8, 0x8e, 0x9d, 0x95, 0x3a, 0x88, + 0x9f, 0xbb, 0xaf, 0x2a, 0x5b, 0x49, 0xb2, 0xfd, 0x86, 0xbd, 0x1e, 0xb7, 0xb7, + 0x85, 0xe9, 0xfd, 0xa6, 0xf2, 0xb0, 0xe0, 0xf2, 0xae, 0x95, 0x5b, 0x13, 0x78, + 0xb7, 0x70, 0x1a, 0xd9, 0xf7, 0xfa, 0xa0, 0x74, 0x22, 0x6b, 0xaa, 0xe8, 0xf3, + 0x3b, 0xf1, 0x99, 0x9b, 0x02, 0x49, 0xd1, 0x19, 0x4f, 0x30, 0x33, 0x4d, 0x06, + 0xe4, 0xd3, 0xe7, 0x83, 0xed, 0x5e, 0x42, 0xa4, 0x11, 0xe6, 0x5e, 0x41, 0xf2, + 0x4f, 0xd9, 0x32, 0x7e, 0x7e, 0x46, 0x13, 0xf7, 0xef, 0x4a, 0x58, 0x5b, 0x57, + 0xc4, 0x24, 0x0b, 0x43, 0x06, 0x48, 0x8f, 0x3b, 0xaa, 0xf4, 0xd4, 0x95, 0x56, + 0x9f, 0x27, 0xaf, 0xf0, 0x85, 0x5a, 0x82, 0x0d, + ], + }, + Test { + secret: &[ + 0x63, 0xb1, 0x39, 0xfc, 0xce, 0xff, 0xfd, 0xca, 0xbe, 0xe3, 0x2f, 0x65, 0x8f, + 0x7c, 0x3d, 0x72, 0x41, 0xca, 0xc8, 0xbd, 0x29, 0x91, 0x08, 0x3f, 0x2d, 0xf4, + 0xb0, 0x99, 0x3b, 0x84, 0x41, 0xc1, + ], + msg: &[ + 0xd4, 0x79, 0x84, 0x54, 0x86, 0x3b, 0x0d, 0x8b, 0x47, 0xb7, 0x48, 0x97, 0x99, + 0xbe, 0x33, 0x33, 0x96, 0x22, 0xa4, 0x90, 0x1a, 0x22, 0x18, 0xc2, 0xcc, 0x00, + 0x7a, 0xdd, 0xfa, 0x4a, 0x6b, 0xe8, 0x3a, 0x2f, 0xa9, 0x8f, 0x47, 0x07, 0xb2, + 0x39, 0x69, 0x98, 0xa5, 0xbf, 0x2d, 0xc7, 0xf9, 0x53, 0x3d, 0x58, 0x9b, 0xe1, + 0x2b, 0x3a, 0xb7, 0x91, 0xc2, 0xb9, 0x3e, + ], + iv: &[ + 0x39, 0xcc, 0xac, 0x28, 0x00, 0x1f, 0x9e, 0xec, 0xd7, 0xc0, 0x67, 0x7b, 0xca, + 0xf5, 0xf4, 0x35, + ], + cipher: &[ + 0x39, 0xcc, 0xac, 0x28, 0x00, 0x1f, 0x9e, 0xec, 0xd7, 0xc0, 0x67, 0x7b, 0xca, + 0xf5, 0xf4, 0x35, 0x48, 0x6f, 0x77, 0x41, 0x25, 0xb3, 0x55, 0x65, 0x56, 0x11, + 0xf8, 0x78, 0xc1, 0xeb, 0xdd, 0x4d, 0x4d, 0xa6, 0x10, 0x67, 0x38, 0x30, 0x9b, + 0xbf, 0xb7, 0xf9, 0x88, 0xeb, 0x54, 0x95, 0xa2, 0x4f, 0xa2, 0x32, 0x9d, 0xc7, + 0x48, 0x1b, 0x9d, 0xd9, 0x7f, 0x6c, 0xcc, 0xdf, 0xe8, 0x2c, 0x06, 0xee, 0x05, + 0x8f, 0xd9, 0x45, 0xeb, 0xff, 0x59, 0x4f, 0x1f, 0xa3, 0xc7, 0xea, 0xf9, 0xcc, + 0x50, 0xb7, 0x5d, 0x90, 0x17, 0x64, 0xfd, 0xfc, 0x1b, 0x24, 0x91, 0x58, 0xa1, + 0xa9, 0x47, 0x18, 0xd6, 0x58, 0xd5, 0xe2, 0x09, 0x02, 0x0f, 0x87, 0x2e, 0xb7, + 0xcf, 0x6c, 0x82, 0xc1, 0xec, 0x40, 0x2b, 0x2b, + ], + }, + Test { + secret: &[ + 0x55, 0x2d, 0xf1, 0x8e, 0xb2, 0x20, 0xf3, 0xf8, 0x36, 0xd0, 0x26, 0xc3, 0x50, + 0xd5, 0xe3, 0x5b, 0x8e, 0x2e, 0x76, 0xce, 0x00, 0xcb, 0xa0, 0xa1, 0x30, 0x26, + 0xff, 0x65, 0x56, 0xcf, 0xb6, 0x33, + ], + msg: &[ + 0x6e, 0x9f, 0x05, 0xde, 0x07, 0x1f, 0xe0, 0x56, 0x58, 0x4b, 0x2f, 0x73, 0x17, + 0x4b, 0x81, 0x89, 0xd2, 0xe4, 0x63, 0x49, 0xed, 0x69, 0xcc, 0x0c, 0x48, 0x4c, + 0x7b, 0x98, 0x66, 0x64, 0xe0, 0x11, 0xc9, 0x55, 0xa4, 0x0e, 0x95, 0x51, 0x17, + 0xc7, 0xeb, 0xc7, 0x8d, 0x20, 0xf8, 0xc3, 0xff, 0x09, 0x1c, 0x86, 0xc1, 0x84, + 0x36, 0xe9, 0xb9, 0xe0, 0xaa, 0x3e, 0x25, 0xc1, + ], + iv: &[ + 0x09, 0x6a, 0x1b, 0x67, 0xa6, 0xa4, 0x02, 0x7c, 0xbb, 0xd9, 0x27, 0xb9, 0x1a, + 0xb4, 0x68, 0xe5, + ], + cipher: &[ + 0x09, 0x6a, 0x1b, 0x67, 0xa6, 0xa4, 0x02, 0x7c, 0xbb, 0xd9, 0x27, 0xb9, 0x1a, + 0xb4, 0x68, 0xe5, 0x1c, 0x07, 0xa8, 0x9b, 0x91, 0x7e, 0x6f, 0x70, 0x62, 0x9e, + 0xe3, 0xb5, 0x01, 0xc5, 0x6d, 0x06, 0x82, 0x8f, 0xbb, 0xfe, 0xf8, 0xf5, 0x9d, + 0xb8, 0x70, 0xf7, 0xae, 0xde, 0xb2, 0xcf, 0xcf, 0xfa, 0xe6, 0xce, 0x47, 0xc9, + 0x1b, 0x04, 0x84, 0x9e, 0x09, 0x6c, 0x5a, 0xe2, 0xbb, 0xd4, 0xff, 0xa8, 0x13, + 0x9a, 0xe2, 0xcd, 0xdc, 0xbd, 0x3d, 0x21, 0xe6, 0x78, 0xa1, 0xfe, 0xa9, 0x81, + 0x5b, 0x63, 0x91, 0xb0, 0xfb, 0x57, 0xe5, 0xe4, 0xb1, 0xb2, 0xd1, 0x68, 0x75, + 0x15, 0xd8, 0xae, 0x9e, 0xbf, 0xbb, 0x1b, 0x39, 0xc4, 0x98, 0x30, 0x98, 0x9a, + 0x50, 0xd1, 0xcf, 0x27, 0xce, 0x61, 0x7b, 0xac, + ], + }, + Test { + secret: &[ + 0x80, 0xd4, 0x49, 0x72, 0x8f, 0x4d, 0x10, 0xe0, 0xac, 0x6a, 0x9e, 0xf5, 0xae, + 0xd8, 0x24, 0xc3, 0x40, 0x5e, 0xcb, 0xc6, 0xd6, 0xb6, 0x25, 0xf7, 0xf7, 0x26, + 0x9a, 0x55, 0xf3, 0x54, 0x3d, 0x75, + ], + msg: &[ + 0x0a, 0xf2, 0xa7, 0x9a, 0x4b, 0xef, 0x7b, 0xc6, 0x99, 0x5e, 0x38, 0x03, 0x1d, + 0x4e, 0x73, 0x84, 0x29, 0xdd, 0x11, 0x9f, 0x38, 0x85, 0x8a, 0x29, 0xec, 0x19, + 0x45, 0x80, 0xb6, 0xfc, 0xe3, 0x6a, 0xff, 0xba, 0x33, 0x74, 0x85, 0xd0, 0xdf, + 0xff, 0x43, 0x7a, 0x98, 0xaf, 0x42, 0x2a, 0x5a, 0x31, 0xd4, 0x90, 0xcc, 0x5a, + 0x2b, 0x6a, 0x7f, 0xbb, 0x28, 0x68, 0x3c, 0xef, 0x78, + ], + iv: &[ + 0xc1, 0xdd, 0x05, 0xbe, 0x29, 0xdc, 0x8c, 0xb4, 0x5f, 0x1c, 0x75, 0xd3, 0x00, + 0xad, 0x4b, 0x89, + ], + cipher: &[ + 0xc1, 0xdd, 0x05, 0xbe, 0x29, 0xdc, 0x8c, 0xb4, 0x5f, 0x1c, 0x75, 0xd3, 0x00, + 0xad, 0x4b, 0x89, 0xa6, 0x9d, 0xb1, 0xd8, 0xc1, 0x6e, 0x3b, 0x84, 0x4c, 0xc4, + 0x19, 0xa3, 0x37, 0x96, 0x4f, 0x22, 0x03, 0x5d, 0xa4, 0x88, 0x08, 0xcb, 0x92, + 0x8b, 0x74, 0xd2, 0xad, 0x02, 0x70, 0x2a, 0xa3, 0x60, 0x9d, 0x13, 0xcf, 0xdf, + 0x36, 0x06, 0x42, 0xd0, 0x08, 0x09, 0x38, 0x37, 0xf8, 0x56, 0x17, 0x73, 0x89, + 0x86, 0x64, 0x3d, 0x84, 0xce, 0x92, 0xed, 0xd5, 0xe8, 0xc2, 0xca, 0x49, 0xa1, + 0xee, 0x13, 0x78, 0x09, 0x6c, 0xf7, 0x2b, 0xaa, 0x10, 0x5b, 0x28, 0x36, 0xa5, + 0xd8, 0xe0, 0xcd, 0xf3, 0x07, 0xb8, 0x4a, 0xd9, 0xe6, 0x9e, 0x6a, 0x70, 0xd0, + 0xb8, 0xaf, 0xa5, 0xef, 0xf7, 0xf2, 0x83, 0xaa, + ], + }, + Test { + secret: &[ + 0x5a, 0x82, 0xed, 0x5a, 0xd5, 0x9f, 0x0c, 0x81, 0x21, 0x25, 0x01, 0x5f, 0xe2, + 0x83, 0xe3, 0xd9, 0xfc, 0xff, 0xe6, 0xcf, 0x55, 0x11, 0x33, 0xf0, 0x6b, 0x23, + 0x52, 0x0d, 0x40, 0x1e, 0x51, 0xc6, + ], + msg: &[ + 0x67, 0x0c, 0x92, 0x08, 0xb5, 0x1f, 0x28, 0xe7, 0x59, 0xff, 0xac, 0x30, 0x62, + 0x1d, 0x15, 0xc0, 0xb7, 0x11, 0x9d, 0xe3, 0x71, 0x73, 0x64, 0x6e, 0x6d, 0x7e, + 0x85, 0xd6, 0x3a, 0xaf, 0x57, 0x8c, 0x13, 0xfc, 0xb4, 0xd0, 0x89, 0xe2, 0x07, + 0x1d, 0xc6, 0x84, 0xb5, 0x1b, 0xc2, 0x7f, 0x11, 0xba, 0x48, 0x7c, 0x8b, 0x87, + 0x7c, 0x3d, 0x5d, 0x7b, 0xb9, 0x6d, 0x61, 0x64, 0x73, 0x37, + ], + iv: &[ + 0xed, 0x63, 0xb2, 0xef, 0x05, 0xe8, 0xa9, 0x27, 0xc5, 0x55, 0xad, 0x0a, 0xdc, + 0xd7, 0xa5, 0xb0, + ], + cipher: &[ + 0xed, 0x63, 0xb2, 0xef, 0x05, 0xe8, 0xa9, 0x27, 0xc5, 0x55, 0xad, 0x0a, 0xdc, + 0xd7, 0xa5, 0xb0, 0xae, 0x27, 0xe6, 0x89, 0x67, 0x45, 0xd2, 0x00, 0x1a, 0x63, + 0xa3, 0x97, 0xff, 0xc7, 0xd3, 0xdd, 0x31, 0x2b, 0xf8, 0x2f, 0x04, 0x54, 0x5f, + 0x95, 0xd0, 0xf9, 0x46, 0x8d, 0xbe, 0xfd, 0x1e, 0xf2, 0x4e, 0x76, 0x5d, 0x01, + 0x32, 0x6f, 0x70, 0x3a, 0xeb, 0x00, 0xb4, 0xb7, 0xfa, 0xff, 0xec, 0x7d, 0xa6, + 0xc0, 0xba, 0x12, 0x34, 0x5c, 0x29, 0x34, 0xf5, 0x2d, 0x7e, 0x1a, 0xcc, 0xaf, + 0x7d, 0x72, 0x01, 0x2b, 0x15, 0x35, 0xf7, 0xc7, 0xa1, 0xfd, 0x14, 0x2a, 0x2b, + 0x1a, 0xa1, 0x83, 0x84, 0xba, 0xa6, 0xaa, 0xd4, 0xb1, 0x2b, 0x8a, 0x76, 0xbf, + 0x50, 0xcf, 0x25, 0x83, 0x2d, 0x5f, 0x14, 0xd7, + ], + }, + Test { + secret: &[ + 0x29, 0x4e, 0xf3, 0xf1, 0x29, 0x93, 0x9b, 0x8c, 0xca, 0xc9, 0x31, 0xa1, 0x43, + 0xb0, 0x88, 0x9c, 0xe1, 0xa2, 0xc9, 0xcf, 0x3b, 0xa3, 0xab, 0x65, 0xa6, 0x2c, + 0x65, 0xa4, 0x40, 0x9e, 0x2c, 0xb7, + ], + msg: &[ + 0x2c, 0xf5, 0x5a, 0xa7, 0x47, 0x5e, 0x2e, 0x21, 0x18, 0x45, 0xa1, 0x42, 0x4b, + 0x0d, 0xb2, 0xea, 0xa1, 0x51, 0x43, 0x6a, 0xeb, 0x17, 0x4a, 0xde, 0xfc, 0xfc, + 0xdc, 0xf3, 0x63, 0xaf, 0x4f, 0x93, 0x4e, 0xf1, 0x0e, 0xc2, 0x67, 0x85, 0xd6, + 0x86, 0xe9, 0x28, 0xc8, 0xdb, 0x2d, 0xf7, 0x8d, 0x5d, 0xb1, 0x3e, 0x47, 0xcf, + 0x37, 0x63, 0x19, 0xb6, 0x1c, 0xaf, 0x43, 0x1b, 0x87, 0x58, 0x55, + ], + iv: &[ + 0xd2, 0xae, 0x5b, 0x0b, 0xf0, 0x04, 0x7f, 0x1e, 0x08, 0x22, 0x41, 0xb9, 0x54, + 0x8e, 0x63, 0x7a, + ], + cipher: &[ + 0xd2, 0xae, 0x5b, 0x0b, 0xf0, 0x04, 0x7f, 0x1e, 0x08, 0x22, 0x41, 0xb9, 0x54, + 0x8e, 0x63, 0x7a, 0xda, 0x6e, 0x8d, 0x38, 0x80, 0xc2, 0x74, 0xf8, 0x6c, 0x1b, + 0xfc, 0xbc, 0xf8, 0x73, 0x71, 0x78, 0xb8, 0x15, 0xb1, 0x92, 0xc9, 0x42, 0x56, + 0x88, 0x1f, 0x0b, 0x62, 0x58, 0x2f, 0x5d, 0x2c, 0x5c, 0x98, 0x57, 0x36, 0x3b, + 0xcd, 0x22, 0xa5, 0xd2, 0xc1, 0xd4, 0x12, 0x8f, 0x59, 0x98, 0xc8, 0x12, 0x62, + 0x5b, 0x80, 0xa7, 0x6c, 0x20, 0x11, 0x5c, 0x62, 0xba, 0x05, 0x97, 0x05, 0x4c, + 0xd8, 0xcd, 0xa8, 0x98, 0x53, 0x39, 0x44, 0xd3, 0x41, 0xf3, 0xe5, 0x21, 0xe7, + 0x2c, 0x9e, 0x1b, 0xae, 0xb2, 0xdb, 0x9f, 0x66, 0x65, 0xd6, 0xc3, 0xa0, 0x38, + 0xf7, 0xaf, 0xdf, 0xb7, 0xd9, 0xf8, 0xe1, 0x21, + ], + }, + Test { + secret: &[ + 0x9c, 0x51, 0xce, 0xf8, 0x30, 0xf7, 0x10, 0xf9, 0xc8, 0xe9, 0x91, 0xe3, 0xe8, + 0xc0, 0x2a, 0xdb, 0xf6, 0x05, 0x9c, 0xff, 0xa5, 0x77, 0x82, 0x4e, 0x92, 0x67, + 0xa4, 0xe1, 0x6d, 0x69, 0x99, 0x0a, + ], + msg: &[ + 0x1e, 0x30, 0x06, 0x8e, 0x1e, 0x30, 0x2a, 0xcf, 0x73, 0xd8, 0x9d, 0x83, 0xf0, + 0x9c, 0x8e, 0x8f, 0x6c, 0xc7, 0xc0, 0xcc, 0x37, 0x46, 0x95, 0x21, 0xfd, 0x6e, + 0xc2, 0x46, 0xbf, 0xe8, 0x99, 0x82, 0x0f, 0x2a, 0x0c, 0xb5, 0x5d, 0xd6, 0xc9, + 0x7b, 0x0e, 0x96, 0x8b, 0xe8, 0xe1, 0x7a, 0x38, 0xe7, 0xd6, 0x93, 0xc9, 0xf5, + 0x96, 0x6f, 0x5f, 0x63, 0xe6, 0x6d, 0x18, 0x48, 0x4c, 0x85, 0xa2, 0xe3, + ], + iv: &[ + 0x44, 0x8d, 0x07, 0xce, 0x67, 0x70, 0x81, 0x1b, 0x36, 0x5f, 0xd1, 0x26, 0x4e, + 0x8d, 0x83, 0xca, + ], + cipher: &[ + 0x44, 0x8d, 0x07, 0xce, 0x67, 0x70, 0x81, 0x1b, 0x36, 0x5f, 0xd1, 0x26, 0x4e, + 0x8d, 0x83, 0xca, 0xd8, 0x85, 0x67, 0x9e, 0xa1, 0x34, 0x3a, 0x61, 0xf6, 0xe4, + 0xc2, 0x5a, 0x20, 0xd7, 0x9a, 0x3c, 0x75, 0xb1, 0x6b, 0x8e, 0xcf, 0x0e, 0xa9, + 0x23, 0x72, 0xcc, 0x26, 0xe1, 0xd1, 0x3a, 0xf1, 0x01, 0xec, 0x6a, 0xbd, 0xf0, + 0x05, 0x14, 0x2d, 0x1a, 0x65, 0xe6, 0xc8, 0x2d, 0x29, 0x89, 0x48, 0x89, 0xe9, + 0xe7, 0x2e, 0x73, 0x00, 0x71, 0xc8, 0xa5, 0x43, 0xb5, 0xf3, 0x9f, 0x2c, 0x38, + 0x40, 0x9d, 0x5b, 0xc4, 0x61, 0x4e, 0x2f, 0x67, 0xe9, 0x03, 0x3e, 0x13, 0xbe, + 0xa7, 0x1b, 0x45, 0xeb, 0x32, 0x87, 0x25, 0x01, 0x53, 0x03, 0x84, 0xbe, 0xff, + 0x17, 0x82, 0xaa, 0xb5, 0x69, 0x08, 0xe7, 0x2e, 0xdb, 0x4a, 0x83, 0xc7, 0xab, + 0x52, 0xfe, 0x00, 0xce, 0xe9, 0x35, 0x0a, 0xde, 0x1f, 0x18, 0xed, + ], + }, + Test { + secret: &[ + 0xb3, 0xb1, 0x53, 0xf1, 0xc3, 0x79, 0x4d, 0x6f, 0x9a, 0x5f, 0xbc, 0x92, 0x4e, + 0x00, 0xb1, 0x4d, 0x64, 0x5d, 0x22, 0xd1, 0x61, 0xde, 0x69, 0xeb, 0x83, 0x15, + 0x31, 0x3a, 0x67, 0xa3, 0x93, 0x63, + ], + msg: &[ + 0xbc, 0x81, 0x1b, 0x5d, 0x2e, 0x56, 0xe7, 0xa8, 0x32, 0x49, 0x9c, 0x73, 0x1b, + 0xa7, 0xd1, 0x70, 0x27, 0x97, 0xbd, 0x00, 0x87, 0xce, 0xcd, 0xbf, 0x8a, 0x8f, + 0x12, 0x69, 0x24, 0x01, 0xfa, 0x95, 0xce, 0x94, 0x71, 0x61, 0x33, 0x7a, 0x21, + 0x90, 0x50, 0x1f, 0x23, 0x76, 0x65, 0x68, 0x42, 0x76, 0x5c, 0x6e, 0xde, 0xf1, + 0xc8, 0x32, 0x71, 0x63, 0x19, 0xb1, 0x5a, 0x4b, 0x2d, 0x30, 0x67, 0x71, 0x04, + ], + iv: &[ + 0xfd, 0xf0, 0x61, 0xaa, 0x2e, 0x3a, 0x7b, 0x02, 0x14, 0xb7, 0x9b, 0xba, 0x58, + 0x4e, 0xba, 0x50, + ], + cipher: &[ + 0xfd, 0xf0, 0x61, 0xaa, 0x2e, 0x3a, 0x7b, 0x02, 0x14, 0xb7, 0x9b, 0xba, 0x58, + 0x4e, 0xba, 0x50, 0x2f, 0x0d, 0xeb, 0x86, 0x0b, 0x68, 0x19, 0x16, 0x9c, 0x63, + 0x89, 0xeb, 0x16, 0x8d, 0xdf, 0xbf, 0x09, 0x12, 0x0f, 0xdf, 0xb4, 0xb3, 0x1b, + 0x53, 0xb4, 0xe3, 0xc2, 0xad, 0xa3, 0x7a, 0xc9, 0xdd, 0x13, 0x04, 0x18, 0x4d, + 0xd1, 0x27, 0xba, 0x22, 0x66, 0xe5, 0xb6, 0x1f, 0x2e, 0x4a, 0xb8, 0xbb, 0xcb, + 0xef, 0x06, 0x64, 0x3a, 0x88, 0x74, 0x9c, 0x5a, 0x51, 0x52, 0x27, 0x7c, 0x98, + 0xc9, 0x85, 0x34, 0xad, 0x46, 0xe7, 0x4b, 0x42, 0x88, 0xda, 0x8f, 0x63, 0xc0, + 0x19, 0x67, 0xa4, 0x0c, 0xac, 0x2c, 0x97, 0xf0, 0xa3, 0x59, 0xe8, 0x44, 0xd6, + 0x0d, 0xb1, 0x78, 0x7c, 0xc2, 0x0d, 0x51, 0xc3, 0x52, 0x66, 0xfe, 0x39, 0x39, + 0x6a, 0x14, 0x2d, 0x2a, 0x22, 0x7f, 0x3b, 0xd3, 0x7d, 0xfd, 0xa2, + ], + }, + Test { + secret: &[ + 0xa3, 0x23, 0x83, 0x70, 0xcd, 0x64, 0x10, 0x45, 0x50, 0xd6, 0x89, 0x52, 0x83, + 0x5a, 0xef, 0xf6, 0x8d, 0x0c, 0x01, 0x1d, 0x90, 0x82, 0x75, 0xe8, 0x29, 0xcf, + 0x4f, 0x71, 0x9f, 0x67, 0xe4, 0xb1, + ], + msg: &[ + 0x7a, 0x29, 0x5e, 0xbb, 0x4d, 0xde, 0x6b, 0xf6, 0xf2, 0x2d, 0x7a, 0x59, 0x1c, + 0x6b, 0x4a, 0x7f, 0x61, 0x9a, 0x5f, 0x91, 0x07, 0x32, 0xac, 0xdb, 0x7b, 0x76, + 0xbc, 0x94, 0xde, 0xa3, 0xf8, 0x6c, 0x25, 0x3e, 0xb4, 0x64, 0xdf, 0x34, 0x0e, + 0xb0, 0x74, 0xe3, 0x7b, 0xa2, 0x9d, 0x4e, 0x0b, 0xbb, 0x8c, 0xfd, 0xe6, 0x6a, + 0x62, 0xbf, 0x3f, 0x0f, 0xf4, 0x09, 0x5f, 0xb2, 0xbc, 0x7f, 0xe0, 0x6c, 0xb0, + 0xc2, + ], + iv: &[ + 0x4c, 0xd9, 0x38, 0x79, 0x1f, 0x6e, 0xed, 0x3d, 0xa0, 0xa3, 0x14, 0x8a, 0x95, + 0x89, 0x02, 0xcc, + ], + cipher: &[ + 0x4c, 0xd9, 0x38, 0x79, 0x1f, 0x6e, 0xed, 0x3d, 0xa0, 0xa3, 0x14, 0x8a, 0x95, + 0x89, 0x02, 0xcc, 0x5a, 0x5c, 0x31, 0x56, 0xf5, 0x20, 0x71, 0xaa, 0xc3, 0x8d, + 0x7b, 0xb5, 0xb0, 0xd4, 0x57, 0xd9, 0x54, 0xfe, 0x0c, 0x2e, 0x81, 0xa8, 0xeb, + 0x6b, 0x3f, 0x6a, 0x0b, 0xe7, 0xd5, 0x8d, 0xee, 0x98, 0xfa, 0xdb, 0x95, 0x9f, + 0xd7, 0xcb, 0x7c, 0x88, 0x9d, 0x7e, 0x67, 0x8c, 0x6a, 0xf3, 0xfe, 0x22, 0x2c, + 0x2f, 0x27, 0xe6, 0x65, 0x2c, 0x9f, 0x41, 0xc9, 0xec, 0x1c, 0x01, 0x7d, 0x30, + 0x22, 0x76, 0x31, 0x02, 0xd2, 0xd0, 0x5d, 0xbd, 0x30, 0x59, 0xcb, 0xff, 0x56, + 0x8c, 0xdd, 0x57, 0x58, 0xe4, 0x23, 0x16, 0xa6, 0x50, 0x78, 0xd0, 0x2d, 0xa4, + 0x00, 0x05, 0x3d, 0x27, 0x1c, 0xff, 0x84, 0xb0, 0x46, 0x6f, 0x27, 0xb6, 0x15, + 0x3a, 0x41, 0x8e, 0x4c, 0x98, 0x0e, 0xa2, 0x7d, 0xb8, 0xeb, 0x18, + ], + }, + Test { + secret: &[ + 0xb3, 0x59, 0x08, 0x1f, 0x8f, 0x7a, 0x8f, 0x3b, 0xde, 0x18, 0x80, 0x64, 0xc3, + 0x53, 0x31, 0xa9, 0xfa, 0x35, 0x73, 0x8a, 0x7a, 0x49, 0x86, 0xe4, 0x0c, 0x66, + 0x5f, 0x7a, 0x71, 0x09, 0xc5, 0xf5, + ], + msg: &[ + 0x94, 0x3b, 0x7b, 0x73, 0xdc, 0xe1, 0x80, 0xc2, 0xfe, 0x30, 0xd9, 0xe1, 0xb8, + 0xef, 0x33, 0xe4, 0xa5, 0x33, 0x2a, 0x8d, 0x44, 0x9b, 0x6e, 0x3c, 0x99, 0x48, + 0x85, 0x81, 0x8a, 0x42, 0x6e, 0xb8, 0x94, 0x41, 0x6f, 0x6e, 0x62, 0xae, 0x09, + 0xb8, 0xa2, 0xf9, 0x24, 0x1b, 0x75, 0x16, 0x82, 0x09, 0x1d, 0xd4, 0x12, 0x0a, + 0x24, 0xc6, 0xa7, 0xe6, 0xff, 0x1b, 0x29, 0xf7, 0xb1, 0x91, 0x1f, 0xb7, 0x9f, + 0x14, 0x87, + ], + iv: &[ + 0xb8, 0x94, 0x67, 0x8e, 0xb8, 0x64, 0xac, 0x2e, 0x1c, 0x53, 0x27, 0x57, 0x4a, + 0x6c, 0x24, 0x71, + ], + cipher: &[ + 0xb8, 0x94, 0x67, 0x8e, 0xb8, 0x64, 0xac, 0x2e, 0x1c, 0x53, 0x27, 0x57, 0x4a, + 0x6c, 0x24, 0x71, 0xdd, 0x0d, 0x57, 0x66, 0x80, 0xce, 0x4c, 0xdd, 0x49, 0xbc, + 0xb8, 0x1d, 0x58, 0xa2, 0x6a, 0x93, 0x80, 0x78, 0xcd, 0xda, 0x43, 0xb1, 0x1a, + 0x90, 0x8e, 0x40, 0xa9, 0x27, 0xcf, 0x5d, 0x3e, 0x92, 0xd1, 0x95, 0x14, 0x4f, + 0x83, 0x95, 0xc1, 0x2e, 0x0e, 0x20, 0x55, 0xd7, 0x0c, 0xa5, 0x73, 0xc1, 0x3d, + 0x84, 0x11, 0xa7, 0xb4, 0x25, 0xf0, 0x12, 0x2c, 0xc1, 0xcc, 0x84, 0xc1, 0x6f, + 0x69, 0x4d, 0xb7, 0xeb, 0xf9, 0x9e, 0x58, 0x6c, 0x6c, 0xb4, 0x80, 0x4f, 0x9d, + 0x03, 0x85, 0xfa, 0xd3, 0x51, 0x40, 0x29, 0x44, 0x27, 0xf6, 0xc4, 0x4d, 0x82, + 0x5b, 0x71, 0xb3, 0x03, 0xd4, 0xf4, 0xc3, 0x5f, 0xcc, 0xa9, 0x55, 0xf2, 0x15, + 0x90, 0xb7, 0x49, 0x56, 0x2c, 0xe9, 0xa7, 0x10, 0x60, 0x5b, 0x39, + ], + }, + Test { + secret: &[ + 0x17, 0xa5, 0xcd, 0xb5, 0x35, 0x9e, 0xa6, 0x7b, 0x5e, 0xac, 0xce, 0xe2, 0xd7, + 0x6d, 0x63, 0x7e, 0xb8, 0x1f, 0x8e, 0x9f, 0x23, 0xaf, 0x7b, 0x5f, 0x9c, 0xf7, + 0x2d, 0xcf, 0xb1, 0x05, 0xda, 0xe1, + ], + msg: &[ + 0xaf, 0x54, 0x46, 0x9d, 0xeb, 0xd4, 0xfc, 0xec, 0x81, 0x1e, 0x84, 0x98, 0x53, + 0xef, 0x82, 0x4c, 0x15, 0xe0, 0xbd, 0xe2, 0x60, 0xcc, 0x78, 0x2d, 0x5a, 0x88, + 0xac, 0x16, 0x8a, 0x9d, 0x84, 0x0e, 0xf6, 0x5c, 0x67, 0x29, 0x1a, 0x16, 0x20, + 0x0a, 0x50, 0x52, 0x7e, 0xed, 0xfa, 0xca, 0xb3, 0x26, 0xcd, 0x2a, 0x6e, 0xf4, + 0xfd, 0x2c, 0x7c, 0xdc, 0x0c, 0x4a, 0x2c, 0x33, 0x34, 0x2b, 0x3a, 0x1a, 0x27, + 0x9a, 0x91, 0xa1, + ], + iv: &[ + 0xfd, 0x2d, 0x9f, 0x07, 0x6e, 0x92, 0x39, 0x66, 0x27, 0x30, 0x68, 0x7b, 0x91, + 0x96, 0xed, 0x22, + ], + cipher: &[ + 0xfd, 0x2d, 0x9f, 0x07, 0x6e, 0x92, 0x39, 0x66, 0x27, 0x30, 0x68, 0x7b, 0x91, + 0x96, 0xed, 0x22, 0xa4, 0x93, 0x6a, 0x77, 0x26, 0xed, 0x22, 0xb0, 0x57, 0x46, + 0x34, 0x1d, 0xa4, 0xed, 0xe6, 0xa3, 0x43, 0x81, 0xc9, 0x66, 0x62, 0xdc, 0x80, + 0x72, 0xe4, 0x16, 0x1a, 0x3c, 0x3b, 0x18, 0xe1, 0xf1, 0xa1, 0x6d, 0xd1, 0xd9, + 0x5a, 0x4d, 0x1e, 0xfe, 0xe7, 0x8b, 0xb1, 0x44, 0x16, 0xf2, 0xec, 0xeb, 0x2b, + 0x48, 0x53, 0x4d, 0x3d, 0xfd, 0x1e, 0xf9, 0x36, 0xa2, 0x24, 0xcf, 0x0b, 0xba, + 0x1f, 0xe5, 0x7e, 0xf7, 0xf0, 0xdf, 0xce, 0x64, 0x51, 0x76, 0x3b, 0x97, 0x1e, + 0x11, 0xff, 0x86, 0x92, 0x46, 0x02, 0x38, 0x36, 0xe2, 0x1c, 0x04, 0x44, 0x77, + 0xb2, 0x14, 0xdd, 0xc4, 0xfb, 0x68, 0x97, 0x8e, 0x9d, 0xe9, 0xff, 0x2c, 0x45, + 0xfe, 0xc9, 0x16, 0x84, 0xb3, 0x46, 0xee, 0xd0, 0xd5, 0x07, 0x2d, + ], + }, + Test { + secret: &[ + 0x42, 0x20, 0xd4, 0x14, 0xbe, 0x9d, 0xd7, 0x89, 0xad, 0x96, 0x1d, 0xab, 0x5e, + 0xe1, 0xb7, 0x5c, 0xc9, 0x60, 0x7e, 0x4b, 0x64, 0x0c, 0x5e, 0xe1, 0xdc, 0x45, + 0xbb, 0x9a, 0xe0, 0x13, 0xd7, 0x19, + ], + msg: &[ + 0x33, 0x68, 0x7d, 0x87, 0x37, 0x55, 0x2a, 0xe6, 0x30, 0xf9, 0x80, 0x1d, 0x03, + 0xbe, 0x4d, 0xdd, 0xbd, 0x17, 0x34, 0x93, 0xf8, 0x63, 0x4e, 0x67, 0x9a, 0x46, + 0x54, 0x8d, 0xb3, 0xbd, 0xa5, 0xc4, 0x37, 0xea, 0x6b, 0xc3, 0xc5, 0x56, 0x20, + 0x9e, 0x6f, 0x9e, 0x90, 0x26, 0x11, 0xaa, 0x33, 0xee, 0x9c, 0xa0, 0x73, 0x8b, + 0x69, 0xf6, 0x6f, 0x26, 0x8c, 0x08, 0x14, 0xe4, 0xe8, 0xe4, 0x97, 0x3c, 0x2c, + 0xd5, 0xfb, 0xb3, 0x82, + ], + iv: &[ + 0xf7, 0x24, 0x1c, 0x60, 0x38, 0x1a, 0x0a, 0x2f, 0xf4, 0xd3, 0xfa, 0x6f, 0xf9, + 0x46, 0x3d, 0xf4, + ], + cipher: &[ + 0xf7, 0x24, 0x1c, 0x60, 0x38, 0x1a, 0x0a, 0x2f, 0xf4, 0xd3, 0xfa, 0x6f, 0xf9, + 0x46, 0x3d, 0xf4, 0xe8, 0xfb, 0x76, 0x4b, 0x40, 0x4c, 0x70, 0xde, 0x2e, 0x69, + 0x8e, 0x3f, 0x3d, 0x09, 0x6c, 0xf5, 0x88, 0x58, 0x87, 0x5b, 0x4c, 0xac, 0xc9, + 0x97, 0xa3, 0x7a, 0x42, 0x20, 0xa1, 0xda, 0x8e, 0xfe, 0xb1, 0xbf, 0xdc, 0xec, + 0xfa, 0x47, 0x00, 0x51, 0xe9, 0x7b, 0x44, 0x7e, 0x8d, 0x05, 0x46, 0x7d, 0xc6, + 0x84, 0x0d, 0x3a, 0x27, 0x93, 0x68, 0x88, 0x99, 0x04, 0x1e, 0x60, 0x35, 0xa5, + 0x34, 0x7d, 0xc6, 0xa7, 0x58, 0x07, 0xbf, 0xab, 0x44, 0x00, 0x38, 0xab, 0x26, + 0xcf, 0x80, 0xba, 0xb8, 0x7a, 0x33, 0xcc, 0xd6, 0xc4, 0x49, 0x61, 0x9e, 0xe8, + 0x2e, 0x76, 0x65, 0x52, 0x84, 0x8c, 0x04, 0xf8, 0x3b, 0x66, 0xea, 0x20, 0x10, + 0x44, 0xa6, 0x93, 0x3c, 0x23, 0x44, 0xf8, 0xe1, 0xb4, 0x18, 0xbe, + ], + }, + Test { + secret: &[ + 0x54, 0x3d, 0xb9, 0xe7, 0x56, 0xf9, 0xd4, 0x6d, 0xb3, 0x4b, 0xbd, 0x46, 0x29, + 0x77, 0xcc, 0x3c, 0xb5, 0xd1, 0x65, 0xf6, 0xb0, 0xad, 0x17, 0x9f, 0xcd, 0x43, + 0xea, 0xbc, 0xa6, 0xee, 0x44, 0xe1, + ], + msg: &[ + 0x33, 0xe6, 0x36, 0x6b, 0x46, 0x79, 0x69, 0x70, 0x10, 0x4c, 0x4a, 0x5d, 0x28, + 0xa4, 0x5b, 0x4a, 0xf5, 0xf0, 0x08, 0x51, 0xdb, 0xa3, 0xe4, 0xbf, 0x10, 0xde, + 0xea, 0x7b, 0xce, 0x40, 0x06, 0xe1, 0x9e, 0x95, 0xcb, 0xe2, 0xc2, 0x67, 0x81, + 0x6f, 0x2c, 0x11, 0xae, 0x54, 0xa3, 0x60, 0x8a, 0x53, 0x48, 0x0a, 0x35, 0x7a, + 0x99, 0xe5, 0x2c, 0x4d, 0x1a, 0x4c, 0x51, 0xf0, 0x29, 0x31, 0xcd, 0x78, 0x01, + 0x33, 0xa1, 0x01, 0x8c, 0x9c, + ], + iv: &[ + 0x5a, 0xb4, 0x3e, 0x4f, 0x19, 0x6e, 0xc4, 0x97, 0x6d, 0x67, 0xe6, 0xe8, 0xb3, + 0x6d, 0x05, 0xe1, + ], + cipher: &[ + 0x5a, 0xb4, 0x3e, 0x4f, 0x19, 0x6e, 0xc4, 0x97, 0x6d, 0x67, 0xe6, 0xe8, 0xb3, + 0x6d, 0x05, 0xe1, 0x85, 0x72, 0x8b, 0x3f, 0xcc, 0xdc, 0xe4, 0x4a, 0x4f, 0xea, + 0x82, 0x14, 0xcf, 0x43, 0xde, 0xd7, 0xd9, 0xe7, 0x31, 0x89, 0xb8, 0xda, 0x44, + 0x06, 0x9a, 0xfb, 0xee, 0x94, 0x75, 0x76, 0xe0, 0xba, 0x60, 0xca, 0xce, 0x25, + 0x62, 0xc6, 0x1f, 0xce, 0x29, 0xde, 0xc8, 0xa4, 0x72, 0x95, 0xcb, 0xc3, 0xeb, + 0x15, 0x75, 0xc3, 0xed, 0xde, 0x75, 0xd7, 0xb6, 0xe6, 0x06, 0x3c, 0x9e, 0x3c, + 0x1b, 0xd1, 0xf9, 0x90, 0x4a, 0x43, 0x96, 0x21, 0x9d, 0x54, 0xf6, 0x19, 0x7f, + 0x76, 0xc7, 0x4a, 0xbc, 0xed, 0xb8, 0xfa, 0xd8, 0x57, 0x50, 0x29, 0xff, 0xfb, + 0xdd, 0xae, 0x1d, 0x40, 0x12, 0xfe, 0x3e, 0x61, 0xb8, 0x75, 0x1f, 0x0b, 0xa3, + 0x24, 0xdd, 0x57, 0xe4, 0x73, 0x1a, 0xf1, 0x0f, 0x74, 0x41, 0x7f, + ], + }, + Test { + secret: &[ + 0x48, 0x9d, 0xd9, 0x61, 0x10, 0xcf, 0xc2, 0x46, 0x1f, 0x33, 0xce, 0x4a, 0xdc, + 0x35, 0xa8, 0xaf, 0x07, 0xb5, 0xf4, 0x59, 0x59, 0x93, 0x8d, 0xc1, 0xed, 0x4b, + 0xa1, 0x69, 0xf3, 0x77, 0xe3, 0xc2, + ], + msg: &[ + 0x5a, 0x4e, 0x85, 0x82, 0x4b, 0x78, 0x08, 0xf6, 0x46, 0x7d, 0x1b, 0xc1, 0xa6, + 0xb6, 0x85, 0x2e, 0xf0, 0x79, 0xc9, 0x71, 0xbe, 0x5f, 0xea, 0x82, 0xad, 0xcf, + 0x3a, 0x12, 0x52, 0xa9, 0xb2, 0xfe, 0x8a, 0x28, 0x2a, 0x5a, 0xd6, 0xd0, 0xf2, + 0x5b, 0xf6, 0x22, 0xde, 0xb6, 0x4f, 0x8e, 0xb8, 0x2a, 0xbc, 0x0b, 0x58, 0xd1, + 0x9e, 0x32, 0x23, 0xc0, 0x84, 0x7f, 0x45, 0x6d, 0x1f, 0x07, 0xac, 0xb0, 0xa0, + 0x6c, 0xaa, 0x65, 0xe6, 0x41, 0x17, + ], + iv: &[ + 0x73, 0x04, 0x0b, 0x22, 0x9c, 0x28, 0x21, 0xd8, 0x28, 0xd6, 0x34, 0xd6, 0x2e, + 0x5b, 0xcb, 0xcd, + ], + cipher: &[ + 0x73, 0x04, 0x0b, 0x22, 0x9c, 0x28, 0x21, 0xd8, 0x28, 0xd6, 0x34, 0xd6, 0x2e, + 0x5b, 0xcb, 0xcd, 0x66, 0x95, 0x7b, 0x2b, 0x4f, 0x8f, 0x5d, 0x61, 0x97, 0x7d, + 0xe7, 0xd0, 0x65, 0xa4, 0x7f, 0x5e, 0xfd, 0x15, 0xfb, 0xc7, 0x42, 0x92, 0xa5, + 0x49, 0x15, 0x82, 0x0a, 0x0f, 0x19, 0xaf, 0x4e, 0x38, 0xd3, 0x0a, 0x7d, 0x69, + 0x63, 0x1a, 0xab, 0xc4, 0xd2, 0xb6, 0xca, 0x3d, 0x34, 0x64, 0x04, 0x8c, 0xf0, + 0xdd, 0x8d, 0xa6, 0xde, 0xb7, 0x61, 0xe4, 0x9b, 0xac, 0xe9, 0xba, 0x50, 0x86, + 0x39, 0x0b, 0xf8, 0xbf, 0xcd, 0x1b, 0xae, 0xc9, 0xe6, 0x40, 0xe6, 0xfd, 0xd9, + 0x50, 0xb5, 0x1d, 0x7a, 0x75, 0x74, 0x55, 0x1d, 0x68, 0x5b, 0x64, 0x97, 0x84, + 0x89, 0xa0, 0x83, 0x4c, 0x5b, 0x6f, 0xd1, 0x75, 0x7a, 0xf0, 0x54, 0x99, 0x5c, + 0x09, 0x80, 0xde, 0xa2, 0xa6, 0x0b, 0xec, 0xca, 0x70, 0xee, 0x13, + ], + }, + Test { + secret: &[ + 0x27, 0xfb, 0xe3, 0x52, 0xd0, 0xa7, 0x72, 0x26, 0xab, 0xb4, 0xc2, 0xfa, 0xee, + 0x19, 0xcb, 0x74, 0x12, 0xef, 0xab, 0x44, 0x60, 0xd3, 0xe2, 0xe7, 0xbd, 0xd2, + 0x82, 0x9d, 0x09, 0x24, 0x08, 0x5b, + ], + msg: &[ + 0xc0, 0xb1, 0xe4, 0xcd, 0xff, 0x55, 0xb2, 0x2d, 0x93, 0x6c, 0x92, 0x2f, 0x8b, + 0x5a, 0xbd, 0xbc, 0x43, 0x78, 0x71, 0x1a, 0x1e, 0x55, 0x87, 0xc9, 0xe0, 0x47, + 0x15, 0x0b, 0xc9, 0x91, 0xc9, 0x21, 0xe0, 0x8d, 0x93, 0x20, 0x34, 0x74, 0x30, + 0x9a, 0x1a, 0x1c, 0xa5, 0xe9, 0x98, 0x9d, 0xe1, 0x1e, 0x26, 0x1b, 0x62, 0x48, + 0xa9, 0xc6, 0x40, 0xd5, 0x9c, 0xc1, 0xcb, 0x7a, 0x9d, 0xbd, 0x06, 0xe1, 0xcf, + 0x63, 0x20, 0xa5, 0x3d, 0x0a, 0xa8, 0x29, + ], + iv: &[ + 0x8b, 0xc3, 0xce, 0x0b, 0xc0, 0x4d, 0x55, 0x1c, 0xef, 0xc5, 0x3f, 0x2d, 0xce, + 0xfa, 0x19, 0x60, + ], + cipher: &[ + 0x8b, 0xc3, 0xce, 0x0b, 0xc0, 0x4d, 0x55, 0x1c, 0xef, 0xc5, 0x3f, 0x2d, 0xce, + 0xfa, 0x19, 0x60, 0x52, 0x82, 0xe9, 0xe8, 0x48, 0xd6, 0x7b, 0x3a, 0x60, 0x86, + 0x18, 0xb8, 0x23, 0x56, 0x35, 0x34, 0x05, 0x2f, 0x16, 0xe8, 0x24, 0x27, 0x18, + 0x16, 0x23, 0x08, 0x62, 0x14, 0xf5, 0xd8, 0x1f, 0x3f, 0xb3, 0xdc, 0x01, 0x73, + 0x02, 0x86, 0x26, 0xa2, 0x7c, 0x9a, 0xa2, 0xed, 0xec, 0xea, 0xd8, 0x03, 0xa3, + 0xcf, 0x8f, 0xdd, 0x85, 0x93, 0x5b, 0x6b, 0x4f, 0xb9, 0xa1, 0xf4, 0x3f, 0x35, + 0x86, 0x2f, 0x80, 0x60, 0xb9, 0xaf, 0x18, 0xf4, 0x69, 0x3e, 0x2a, 0x22, 0xad, + 0x3f, 0x67, 0x6d, 0xb6, 0x2d, 0x40, 0xf7, 0xbd, 0x50, 0xcb, 0x8e, 0x58, 0x97, + 0xf6, 0xd9, 0xfb, 0xe5, 0x47, 0x9e, 0x8a, 0x23, 0xbf, 0xc4, 0x52, 0xe4, 0x35, + 0x91, 0xbc, 0x4b, 0xd1, 0xc5, 0x1d, 0x42, 0xe2, 0x71, 0xe0, 0x55, + ], + }, + Test { + secret: &[ + 0x64, 0xc3, 0x85, 0xe1, 0x55, 0xb9, 0xf8, 0x2f, 0xfa, 0xf0, 0x14, 0xba, 0x59, + 0x87, 0x46, 0x37, 0xbb, 0xcc, 0xf8, 0x3f, 0x48, 0x2b, 0x31, 0x15, 0x58, 0x30, + 0x3f, 0x8b, 0x31, 0xc6, 0x98, 0x0b, + ], + msg: &[ + 0x74, 0x9d, 0xd5, 0x91, 0x5e, 0xda, 0x9a, 0x81, 0xd2, 0x04, 0xae, 0xae, 0x9f, + 0x17, 0x45, 0xcd, 0x4d, 0xea, 0x79, 0xe0, 0x34, 0xe4, 0x57, 0x42, 0x1c, 0xe2, + 0xc3, 0xad, 0x28, 0x15, 0xfd, 0x7b, 0xbe, 0x5a, 0xdd, 0xd1, 0x47, 0xa6, 0x50, + 0x84, 0xcb, 0x2d, 0x81, 0x4b, 0x45, 0x97, 0x85, 0x39, 0x55, 0x0d, 0x45, 0xec, + 0xd9, 0xe5, 0xcc, 0x20, 0xd6, 0x66, 0x82, 0x29, 0xa4, 0x10, 0xd3, 0xa8, 0x55, + 0x07, 0x56, 0x52, 0x58, 0x85, 0x97, 0xd8, 0xd8, + ], + iv: &[ + 0x28, 0x23, 0xbf, 0xf8, 0xd6, 0x38, 0x7e, 0xd6, 0xdb, 0x9e, 0xe5, 0x4a, 0xd4, + 0xb4, 0x14, 0x67, + ], + cipher: &[ + 0x28, 0x23, 0xbf, 0xf8, 0xd6, 0x38, 0x7e, 0xd6, 0xdb, 0x9e, 0xe5, 0x4a, 0xd4, + 0xb4, 0x14, 0x67, 0x42, 0xee, 0xe4, 0x4a, 0xd2, 0xe7, 0x6e, 0xf3, 0xcd, 0x82, + 0x53, 0xff, 0xf3, 0xaa, 0xd6, 0x67, 0xfa, 0x8e, 0xda, 0x52, 0xbe, 0x01, 0xcd, + 0xf3, 0x22, 0xbe, 0x4d, 0x91, 0x56, 0x9b, 0x76, 0x0b, 0xda, 0x57, 0x9e, 0x40, + 0xef, 0x0b, 0xbb, 0x80, 0x5b, 0x06, 0x1b, 0x19, 0x4b, 0xdb, 0xce, 0x9c, 0xdc, + 0x54, 0x0c, 0x8d, 0x27, 0x38, 0x20, 0x40, 0x7e, 0xef, 0x6f, 0xd8, 0xc8, 0xb3, + 0xd9, 0xb7, 0x19, 0x91, 0x3c, 0x4d, 0x2a, 0x8f, 0xc0, 0x2b, 0x97, 0xbc, 0xf0, + 0x83, 0x22, 0xe8, 0xeb, 0xeb, 0xbb, 0xcd, 0x0a, 0xb2, 0x29, 0xb3, 0x52, 0x01, + 0x98, 0x6e, 0x1f, 0x2e, 0xb9, 0x29, 0x4a, 0x59, 0x03, 0x47, 0x85, 0x96, 0x5b, + 0x6d, 0xbd, 0x24, 0x1e, 0x35, 0x97, 0x5e, 0xdc, 0x83, 0x04, 0x74, + ], + }, + Test { + secret: &[ + 0x5f, 0x12, 0x19, 0xa9, 0xe8, 0xea, 0xc2, 0x56, 0x7d, 0x2c, 0x6f, 0xef, 0x67, + 0x16, 0x3d, 0xb7, 0xbe, 0x0a, 0xfd, 0xb9, 0x34, 0xb4, 0xf4, 0xdf, 0x32, 0x67, + 0x64, 0xb3, 0x5b, 0xa4, 0xd5, 0x9f, + ], + msg: &[ + 0x7d, 0x64, 0xdd, 0x76, 0x6b, 0xbd, 0xe9, 0xc0, 0x89, 0x99, 0x68, 0x7a, 0xe6, + 0x3c, 0x2b, 0xbc, 0x61, 0xed, 0x2f, 0x3a, 0xe7, 0xef, 0x72, 0xb7, 0xf5, 0x7b, + 0xd6, 0x84, 0x31, 0xcf, 0xde, 0x8c, 0xdf, 0x63, 0xba, 0x45, 0x22, 0xae, 0x30, + 0x30, 0x6f, 0x5d, 0x94, 0xf7, 0x4c, 0xb8, 0xcd, 0x5d, 0xac, 0x2f, 0x3b, 0xe6, + 0x22, 0x27, 0xd7, 0xa7, 0x2b, 0x74, 0x95, 0x21, 0x4d, 0xdb, 0x4c, 0x49, 0xee, + 0xdf, 0xfc, 0x71, 0xf3, 0x9e, 0x4b, 0x5c, 0x44, 0x0b, + ], + iv: &[ + 0x5e, 0x8c, 0xd2, 0x0f, 0x83, 0x5f, 0x64, 0xd5, 0xeb, 0x83, 0x12, 0xa7, 0xa2, + 0xb6, 0x1f, 0x7d, + ], + cipher: &[ + 0x5e, 0x8c, 0xd2, 0x0f, 0x83, 0x5f, 0x64, 0xd5, 0xeb, 0x83, 0x12, 0xa7, 0xa2, + 0xb6, 0x1f, 0x7d, 0x2d, 0x1a, 0xfa, 0xbe, 0xa7, 0x98, 0xd3, 0x4d, 0x87, 0x91, + 0xdd, 0xe8, 0x13, 0xda, 0x2d, 0x4c, 0x2c, 0x9c, 0x3e, 0x98, 0x7f, 0x26, 0xa1, + 0x6d, 0xb0, 0xc8, 0x35, 0x49, 0xb4, 0x7e, 0x97, 0x88, 0xfd, 0x01, 0x40, 0x56, + 0xa1, 0x13, 0x43, 0x21, 0xeb, 0x22, 0x7f, 0x8c, 0xc7, 0x94, 0x8a, 0x7a, 0x1d, + 0xea, 0xdb, 0x73, 0x2c, 0x1d, 0x57, 0xf1, 0x6f, 0xe1, 0x2d, 0x34, 0x9f, 0x6c, + 0x65, 0xf9, 0x4c, 0x2c, 0xcc, 0x47, 0x42, 0x46, 0x8d, 0xeb, 0x99, 0x76, 0x0a, + 0xbc, 0x62, 0x8f, 0xbd, 0xb7, 0xf4, 0xe8, 0x8e, 0x66, 0xd0, 0xd4, 0x56, 0xc4, + 0x43, 0xbf, 0x83, 0xac, 0x4a, 0x6a, 0xb4, 0xca, 0x8b, 0x7d, 0x19, 0xa1, 0x3e, + 0x2c, 0xc7, 0x40, 0x34, 0x86, 0x5a, 0x4d, 0xe3, 0x40, 0xf9, 0xdc, + ], + }, + Test { + secret: &[ + 0x20, 0xa6, 0xab, 0xb0, 0xc6, 0x83, 0xc3, 0x1d, 0x20, 0xb5, 0x7d, 0x03, 0xef, + 0xad, 0x5d, 0xec, 0x16, 0xf8, 0xff, 0xbc, 0x11, 0xaa, 0x9c, 0x94, 0xc2, 0x49, + 0x1c, 0x56, 0xd8, 0xca, 0x4b, 0x90, + ], + msg: &[ + 0xf1, 0x96, 0x63, 0x4c, 0x01, 0xb8, 0xaa, 0x66, 0x3d, 0x73, 0xab, 0x95, 0xfc, + 0x0e, 0x66, 0x2f, 0xa5, 0xc6, 0xc8, 0xdf, 0x84, 0x6a, 0x89, 0xa7, 0xc2, 0x99, + 0x1d, 0x77, 0x9b, 0x39, 0x1c, 0x3b, 0x44, 0x7b, 0x12, 0xa1, 0x76, 0x14, 0x74, + 0xea, 0x8d, 0x35, 0xfb, 0xcf, 0xce, 0x1b, 0xb4, 0x7d, 0xd5, 0x51, 0x53, 0xc4, + 0xd4, 0x44, 0xa0, 0x18, 0xd6, 0xdf, 0x03, 0xed, 0xc2, 0x1e, 0xc0, 0x5e, 0x3b, + 0xd5, 0x13, 0xe2, 0xfd, 0x4e, 0x84, 0x33, 0x10, 0x68, 0x4d, + ], + iv: &[ + 0x87, 0x4b, 0x37, 0x41, 0xd0, 0x42, 0xdd, 0x6c, 0x44, 0x1d, 0xbb, 0xd2, 0xbd, + 0xc4, 0x82, 0xab, + ], + cipher: &[ + 0x87, 0x4b, 0x37, 0x41, 0xd0, 0x42, 0xdd, 0x6c, 0x44, 0x1d, 0xbb, 0xd2, 0xbd, + 0xc4, 0x82, 0xab, 0xd6, 0x1f, 0x9d, 0x99, 0xbe, 0x68, 0x4d, 0xee, 0x32, 0x64, + 0x7d, 0x01, 0x07, 0x53, 0xac, 0x12, 0x7a, 0x74, 0xca, 0x6a, 0xc7, 0x5a, 0x33, + 0x7e, 0x76, 0xb2, 0x18, 0x3e, 0x84, 0x83, 0x4e, 0x23, 0xd8, 0x10, 0x57, 0xae, + 0x02, 0x80, 0x5f, 0x37, 0xe5, 0xd6, 0x9e, 0x9a, 0x77, 0xf8, 0xa1, 0xba, 0xcf, + 0x18, 0x5a, 0xde, 0x2c, 0x70, 0xfd, 0x7e, 0x53, 0x3d, 0x44, 0xaf, 0x0b, 0x96, + 0x84, 0x25, 0xdc, 0x3c, 0x88, 0x73, 0x20, 0xd2, 0xf5, 0x45, 0x49, 0xc3, 0xbb, + 0x92, 0xbb, 0x5f, 0x00, 0x26, 0x86, 0x13, 0xc6, 0x3a, 0x48, 0x98, 0xe2, 0x67, + 0xef, 0x3b, 0x9f, 0xa6, 0xdf, 0xa9, 0x92, 0x5b, 0xf7, 0x07, 0x7f, 0xf0, 0x06, + 0x9a, 0xbf, 0x4b, 0x7f, 0x0b, 0x19, 0x5e, 0x4c, 0xa3, 0xe0, 0x45, + ], + }, + Test { + secret: &[ + 0xfe, 0x5f, 0x8a, 0xd5, 0x61, 0x42, 0x66, 0x50, 0x0f, 0x16, 0x99, 0x4f, 0x5d, + 0x90, 0x7c, 0x71, 0x73, 0x39, 0x46, 0x29, 0xb5, 0x14, 0x51, 0x9a, 0x25, 0x60, + 0xaf, 0xc6, 0xec, 0x9d, 0xb3, 0x9e, + ], + msg: &[ + 0x84, 0xbf, 0x70, 0xb3, 0xba, 0xc4, 0x11, 0xce, 0xb0, 0xd9, 0x3d, 0x44, 0xa3, + 0x6d, 0x31, 0x5e, 0x15, 0xf3, 0xc4, 0x8f, 0x3c, 0x19, 0x48, 0x7e, 0x7d, 0x1b, + 0x83, 0x03, 0x8d, 0xc2, 0xd2, 0x4a, 0xf4, 0x09, 0xe0, 0xdb, 0xf6, 0x25, 0xaf, + 0xc4, 0xf5, 0x9e, 0x66, 0x33, 0x6f, 0x7c, 0xf0, 0x19, 0xc5, 0xe0, 0xd2, 0xee, + 0xde, 0xeb, 0xc1, 0x2f, 0xae, 0x5b, 0xe6, 0x72, 0x1a, 0xbc, 0x0f, 0x33, 0x68, + 0x21, 0x9f, 0xbe, 0x2e, 0x7f, 0xd8, 0xfc, 0xea, 0x2e, 0xaa, 0xcf, + ], + iv: &[ + 0x3b, 0x67, 0x66, 0xc1, 0x3d, 0x58, 0x7c, 0x03, 0x6c, 0x4e, 0xe2, 0x88, 0x43, + 0x4e, 0x56, 0x6e, + ], + cipher: &[ + 0x3b, 0x67, 0x66, 0xc1, 0x3d, 0x58, 0x7c, 0x03, 0x6c, 0x4e, 0xe2, 0x88, 0x43, + 0x4e, 0x56, 0x6e, 0xae, 0xb9, 0x30, 0xba, 0x62, 0xd8, 0x86, 0xed, 0x74, 0xe2, + 0x85, 0x79, 0x73, 0x62, 0x71, 0xaa, 0x64, 0x36, 0x99, 0x81, 0xb1, 0x75, 0xc0, + 0x8d, 0x9d, 0x7d, 0xb4, 0x81, 0x1b, 0x9d, 0x14, 0x28, 0x54, 0x7d, 0x0c, 0x46, + 0x4a, 0x0b, 0x86, 0x17, 0x4c, 0x23, 0xc2, 0xb0, 0xc4, 0x67, 0x6a, 0xd1, 0x98, + 0x89, 0xb9, 0x9a, 0x4f, 0x53, 0xa1, 0x3e, 0xd9, 0x0c, 0x37, 0x7f, 0xab, 0xec, + 0xf6, 0x26, 0x5d, 0xa6, 0xd5, 0x4b, 0x69, 0x79, 0x27, 0x3d, 0x43, 0x4c, 0x05, + 0x8d, 0xc3, 0x08, 0x4e, 0x6b, 0x92, 0x9a, 0x1d, 0xeb, 0x09, 0x4a, 0x87, 0x70, + 0x25, 0xe3, 0xc5, 0xec, 0x92, 0x6d, 0x6d, 0x32, 0x74, 0xd4, 0x83, 0x26, 0x61, + 0x50, 0xd4, 0xe1, 0x97, 0x7e, 0x36, 0x5a, 0x6c, 0x41, 0x23, 0x0a, + ], + }, + Test { + secret: &[ + 0x8c, 0xcd, 0x0a, 0xc5, 0x40, 0xdb, 0x32, 0xbc, 0x27, 0x25, 0x19, 0x29, 0xfa, + 0xa7, 0x2b, 0xb7, 0xad, 0x55, 0x38, 0xa7, 0x30, 0xcf, 0x81, 0x76, 0xe3, 0xa5, + 0xdd, 0x86, 0xa2, 0x6a, 0x2d, 0x9f, + ], + msg: &[ + 0xcf, 0xe5, 0x49, 0x38, 0xd3, 0xb9, 0x54, 0xa5, 0x6d, 0xcf, 0xed, 0xa2, 0x0c, + 0xbe, 0x70, 0x3e, 0x4e, 0x07, 0x1e, 0x7f, 0x4c, 0xcd, 0xd3, 0x20, 0xff, 0xfb, + 0x84, 0xa1, 0xbd, 0x77, 0xa5, 0xa3, 0xf2, 0xab, 0x68, 0x57, 0x6c, 0x24, 0xd2, + 0x8a, 0xda, 0x92, 0x91, 0x09, 0xda, 0x5e, 0xa0, 0x8f, 0x1e, 0x91, 0x46, 0xc6, + 0x80, 0x46, 0x92, 0xa2, 0x06, 0x94, 0x74, 0xa1, 0xd3, 0x41, 0x34, 0x3c, 0x39, + 0x30, 0x33, 0x1d, 0xbf, 0x60, 0x99, 0x91, 0x9e, 0x18, 0xac, 0xf8, 0x59, + ], + iv: &[ + 0xd8, 0xab, 0xbf, 0xdf, 0xdb, 0xc4, 0x51, 0x64, 0xc8, 0x95, 0xd9, 0x8f, 0xd5, + 0xa2, 0x6f, 0x59, + ], + cipher: &[ + 0xd8, 0xab, 0xbf, 0xdf, 0xdb, 0xc4, 0x51, 0x64, 0xc8, 0x95, 0xd9, 0x8f, 0xd5, + 0xa2, 0x6f, 0x59, 0xae, 0x06, 0x75, 0xd0, 0xba, 0xbc, 0xfe, 0x77, 0xa8, 0xab, + 0x42, 0x63, 0x1d, 0xdf, 0x3f, 0x74, 0x51, 0x17, 0x64, 0x32, 0xf1, 0x62, 0xbf, + 0x7d, 0x4d, 0x95, 0x6c, 0x42, 0x9c, 0x4e, 0x1d, 0x79, 0x4f, 0xa2, 0x7e, 0x92, + 0x20, 0x9e, 0x43, 0xb3, 0xd4, 0x5f, 0x67, 0x37, 0x3b, 0xc4, 0x47, 0x17, 0xd8, + 0xa3, 0xf1, 0x66, 0x2e, 0x66, 0x90, 0xf2, 0xe1, 0x00, 0xb0, 0xb8, 0x78, 0x29, + 0xc7, 0x88, 0x2d, 0xa4, 0x83, 0x2f, 0x1f, 0x2c, 0xf2, 0x3d, 0xc6, 0x33, 0x86, + 0x7b, 0x89, 0x3f, 0x6e, 0xe9, 0xc7, 0x7e, 0xc7, 0xa7, 0xf1, 0x81, 0x23, 0x96, + 0xb7, 0xdc, 0x66, 0x14, 0x2b, 0x9b, 0x23, 0xc9, 0xff, 0x5b, 0x54, 0xe8, 0xd5, + 0x86, 0x00, 0x10, 0x2e, 0x9f, 0x78, 0x21, 0x3f, 0xb6, 0x72, 0xfe, + ], + }, + Test { + secret: &[ + 0x86, 0xd2, 0x4f, 0x18, 0xd6, 0x5c, 0xbd, 0x3b, 0x4f, 0x4d, 0xd3, 0x88, 0x78, + 0x65, 0xe3, 0x6f, 0x92, 0x60, 0xe6, 0x46, 0x32, 0x2a, 0xd5, 0xd0, 0xe9, 0x78, + 0x48, 0x5c, 0x25, 0xb5, 0x53, 0x1f, + ], + msg: &[ + 0x35, 0xbd, 0xea, 0x10, 0x29, 0x67, 0xff, 0x37, 0x87, 0x12, 0x26, 0x13, 0x13, + 0x5c, 0x1b, 0x15, 0x5e, 0x35, 0xd1, 0x95, 0x86, 0x6b, 0xd9, 0x2e, 0x01, 0xe4, + 0xd6, 0xd9, 0x1d, 0xad, 0xb4, 0x94, 0xaa, 0xd5, 0x2e, 0x4a, 0x3c, 0xfb, 0x4f, + 0x38, 0xfe, 0x1e, 0x8e, 0x5d, 0x3c, 0x6e, 0x09, 0xaf, 0xa4, 0x0c, 0x64, 0xaf, + 0x11, 0xfb, 0xba, 0xec, 0x10, 0xd9, 0xdd, 0x29, 0x07, 0x2f, 0xf0, 0x41, 0x51, + 0xca, 0x01, 0x50, 0x3f, 0xea, 0x9f, 0xa9, 0x9c, 0xc4, 0x1c, 0x20, 0x9c, 0xc7, + ], + iv: &[ + 0xb7, 0x6c, 0xa3, 0x35, 0x73, 0x3c, 0x90, 0x68, 0x66, 0xe0, 0xda, 0x8b, 0xec, + 0x73, 0x19, 0x9d, + ], + cipher: &[ + 0xb7, 0x6c, 0xa3, 0x35, 0x73, 0x3c, 0x90, 0x68, 0x66, 0xe0, 0xda, 0x8b, 0xec, + 0x73, 0x19, 0x9d, 0xeb, 0x43, 0xa8, 0x32, 0x08, 0x73, 0x8c, 0xd8, 0x48, 0x65, + 0x4e, 0x0c, 0x95, 0xc2, 0xfd, 0xfb, 0x9a, 0xd4, 0xd7, 0x29, 0xed, 0xf4, 0xd1, + 0x20, 0x33, 0xcb, 0x4d, 0xc0, 0x89, 0x6a, 0x03, 0x26, 0x05, 0x4b, 0xb4, 0xf0, + 0x85, 0xda, 0x5e, 0x59, 0xb8, 0xd0, 0x83, 0x13, 0x64, 0xa3, 0x1c, 0x39, 0xb7, + 0xc4, 0x17, 0xd0, 0xc0, 0xec, 0x1e, 0xa7, 0x48, 0x9d, 0x29, 0x1e, 0x92, 0x04, + 0xb4, 0x21, 0x80, 0xe9, 0xce, 0x7a, 0x39, 0xd0, 0xc0, 0x3a, 0x4c, 0x33, 0x95, + 0xce, 0x2e, 0x5b, 0xc1, 0xe0, 0x33, 0x59, 0x96, 0xd8, 0x4d, 0x60, 0x2c, 0x4d, + 0xa3, 0x15, 0xca, 0x9e, 0x41, 0x3b, 0x12, 0x91, 0x4a, 0x7f, 0x5c, 0xe9, 0x43, + 0xea, 0xe8, 0x8b, 0x50, 0x4d, 0x2a, 0x68, 0xde, 0xd9, 0xe4, 0xf1, + ], + }, + Test { + secret: &[ + 0xde, 0x69, 0xae, 0xe4, 0x99, 0x0d, 0xf6, 0x74, 0x05, 0x69, 0x2d, 0x3c, 0xbf, + 0x48, 0xfc, 0x6d, 0xb9, 0x3f, 0xf7, 0xe0, 0x29, 0xc9, 0x47, 0x97, 0xed, 0xf5, + 0x5a, 0x7d, 0x4e, 0xe5, 0x25, 0x41, + ], + msg: &[ + 0x60, 0x60, 0x78, 0x71, 0x38, 0xc9, 0xcb, 0x51, 0x5b, 0x00, 0xbe, 0x18, 0x29, + 0xc1, 0x4b, 0xac, 0x2c, 0x04, 0xf0, 0x73, 0x0e, 0x9c, 0x7e, 0x1c, 0xb7, 0xb3, + 0xb1, 0xfc, 0x83, 0x46, 0x17, 0x61, 0x09, 0x4a, 0x88, 0x57, 0xe4, 0x15, 0xbe, + 0x06, 0xaf, 0x9f, 0xba, 0xb6, 0x1c, 0x7b, 0x77, 0x7a, 0xb3, 0xee, 0x30, 0x40, + 0xf4, 0x1d, 0xd4, 0x97, 0x51, 0x70, 0x43, 0xc7, 0x93, 0x28, 0xdc, 0xf7, 0x1c, + 0xdb, 0xe6, 0xeb, 0xda, 0x30, 0xbf, 0x58, 0x28, 0x5e, 0x20, 0x86, 0x78, 0xa4, + 0xf8, + ], + iv: &[ + 0xb6, 0x33, 0x7e, 0xa7, 0x3d, 0x99, 0x7a, 0xca, 0x45, 0xe2, 0xf5, 0x93, 0xb7, + 0x42, 0x20, 0x1c, + ], + cipher: &[ + 0xb6, 0x33, 0x7e, 0xa7, 0x3d, 0x99, 0x7a, 0xca, 0x45, 0xe2, 0xf5, 0x93, 0xb7, + 0x42, 0x20, 0x1c, 0x4c, 0xa0, 0x05, 0xb6, 0x7e, 0xac, 0xe2, 0x21, 0xff, 0xf4, + 0x16, 0x71, 0xe4, 0x4d, 0xd7, 0xc5, 0x5c, 0x94, 0x99, 0x13, 0x30, 0xa3, 0xa2, + 0x14, 0xff, 0x9b, 0x2d, 0xcc, 0xaa, 0xb1, 0xcc, 0x44, 0xc4, 0xed, 0xb6, 0x0d, + 0x2a, 0xff, 0xfa, 0xbe, 0x5d, 0x7d, 0x5a, 0x69, 0x44, 0xab, 0xaf, 0xbd, 0xfb, + 0x3a, 0x3d, 0x6d, 0xef, 0x15, 0x79, 0x40, 0xe4, 0x1e, 0x39, 0x63, 0x05, 0x4e, + 0x86, 0x14, 0x5b, 0x19, 0x95, 0x75, 0x42, 0x90, 0x2e, 0x7b, 0xbf, 0xbb, 0xbd, + 0xbb, 0x02, 0xd7, 0xb6, 0x80, 0xf2, 0x8e, 0xde, 0xf2, 0xf0, 0x50, 0xbe, 0xcb, + 0x98, 0xba, 0x82, 0x8e, 0x46, 0x0b, 0x90, 0x16, 0xb2, 0x2d, 0x31, 0x1c, 0x76, + 0x77, 0x6e, 0x7c, 0xe0, 0xa0, 0x7c, 0x26, 0x3a, 0xcd, 0x13, 0x36, + ], + }, + Test { + secret: &[ + 0xee, 0x7c, 0xd4, 0xb3, 0x18, 0x9e, 0x88, 0x36, 0x76, 0x02, 0x04, 0x88, 0x32, + 0x49, 0x4c, 0xda, 0x23, 0xdd, 0x0f, 0x2f, 0x1a, 0x3e, 0xa5, 0x74, 0xaf, 0xe6, + 0x18, 0x32, 0xc5, 0x68, 0xc5, 0x34, + ], + msg: &[ + 0xef, 0xd1, 0x20, 0x9a, 0xe0, 0xb8, 0xa8, 0xc5, 0x13, 0x6e, 0x76, 0x5a, 0xcb, + 0x84, 0x1a, 0x55, 0xaa, 0xf9, 0x57, 0xe0, 0xb5, 0x72, 0x3e, 0x45, 0xae, 0xf2, + 0x97, 0x56, 0xd2, 0xe7, 0xc4, 0xec, 0xcd, 0x97, 0xd0, 0x28, 0x45, 0xe5, 0xa9, + 0x29, 0x62, 0x01, 0x27, 0x17, 0x0e, 0x78, 0x9f, 0xe3, 0xc8, 0x28, 0x07, 0xd2, + 0xba, 0x3c, 0x64, 0x64, 0xb1, 0x37, 0x5a, 0x9e, 0xc7, 0xd7, 0x70, 0xe8, 0xe8, + 0x31, 0xfc, 0x19, 0xe1, 0xe8, 0xa0, 0xde, 0x58, 0x90, 0xf7, 0x15, 0x12, 0x9e, + 0x34, 0x1f, + ], + iv: &[ + 0xe2, 0xe5, 0xc6, 0x85, 0xc3, 0x72, 0x20, 0x9f, 0x73, 0x53, 0x08, 0x2d, 0x04, + 0x41, 0x53, 0x3d, + ], + cipher: &[ + 0xe2, 0xe5, 0xc6, 0x85, 0xc3, 0x72, 0x20, 0x9f, 0x73, 0x53, 0x08, 0x2d, 0x04, + 0x41, 0x53, 0x3d, 0x28, 0x8e, 0x12, 0xdf, 0x76, 0x01, 0xc9, 0x44, 0x0b, 0x12, + 0xac, 0x2c, 0x69, 0x10, 0x4c, 0x70, 0x18, 0xdb, 0xe0, 0xe5, 0xd6, 0x94, 0x59, + 0x16, 0xab, 0x09, 0xe3, 0x56, 0xd8, 0x2a, 0x11, 0x56, 0xcf, 0x22, 0x6d, 0xc9, + 0x1d, 0xcd, 0x62, 0x70, 0x83, 0xd3, 0x11, 0xc3, 0x13, 0x7f, 0xfa, 0x5a, 0xa8, + 0x99, 0x42, 0x7e, 0xdc, 0x45, 0xf8, 0x30, 0xd8, 0x18, 0xf3, 0xc3, 0x91, 0x68, + 0xc7, 0xb6, 0x7c, 0x9d, 0x65, 0x65, 0xc3, 0x85, 0x0a, 0xf7, 0xbf, 0xe4, 0xd6, + 0x3b, 0x21, 0x08, 0x29, 0x51, 0x1e, 0xd3, 0x9f, 0x4f, 0x6f, 0x7d, 0x8d, 0x78, + 0x0b, 0x60, 0xd9, 0xc2, 0x01, 0x60, 0xba, 0xb0, 0x3f, 0xf0, 0xaa, 0x14, 0x9c, + 0x31, 0x85, 0x9c, 0xba, 0xeb, 0x34, 0xb9, 0x49, 0xfc, 0x6f, 0xb0, 0xf4, 0x8e, + 0xf3, 0x60, 0xf0, 0xd1, 0xf2, 0x01, 0x91, 0xaa, 0x7d, 0x0d, 0x45, 0xa7, 0x79, + 0xb5, + ], + }, + Test { + secret: &[ + 0x75, 0xe6, 0x95, 0xe0, 0x21, 0x7b, 0x22, 0x56, 0x72, 0x88, 0x81, 0xbf, 0x4d, + 0x9a, 0x54, 0x6b, 0x45, 0x9d, 0x7d, 0xd0, 0x27, 0x99, 0xab, 0xcd, 0x68, 0x0d, + 0x16, 0x13, 0x41, 0x09, 0x1e, 0xe8, + ], + msg: &[ + 0xbf, 0x3b, 0xaf, 0xb8, 0xd7, 0xb4, 0x5d, 0xe1, 0x1c, 0x8e, 0x2a, 0xce, 0x00, + 0x70, 0xfa, 0x98, 0xaf, 0x40, 0x13, 0xc7, 0x38, 0x1e, 0x51, 0x3d, 0x97, 0x9a, + 0xe5, 0xd1, 0xa7, 0x87, 0x29, 0xce, 0xec, 0x82, 0x6a, 0xa8, 0xe7, 0x42, 0x22, + 0x47, 0xae, 0x94, 0x42, 0x53, 0x13, 0xf2, 0x21, 0xef, 0x10, 0x54, 0x5e, 0x22, + 0xec, 0x5f, 0xc4, 0x16, 0x2e, 0x04, 0xdb, 0xd4, 0xfc, 0x10, 0x8d, 0x0a, 0x49, + 0xb2, 0x87, 0xf2, 0x77, 0x7a, 0xc4, 0x1d, 0x2e, 0xe3, 0x9f, 0x56, 0xd1, 0x3d, + 0xd1, 0x29, 0xe3, + ], + iv: &[ + 0x50, 0xe4, 0x9d, 0xbf, 0xeb, 0xeb, 0x47, 0x8b, 0xbe, 0x57, 0xc1, 0x0d, 0x00, + 0xb5, 0xdd, 0xdc, + ], + cipher: &[ + 0x50, 0xe4, 0x9d, 0xbf, 0xeb, 0xeb, 0x47, 0x8b, 0xbe, 0x57, 0xc1, 0x0d, 0x00, + 0xb5, 0xdd, 0xdc, 0x56, 0x84, 0x52, 0x0e, 0x73, 0xb3, 0x57, 0x28, 0xf1, 0x45, + 0x9c, 0x97, 0x33, 0xe4, 0x7f, 0x65, 0x99, 0xbd, 0xef, 0xf5, 0x28, 0xdd, 0x79, + 0x4b, 0xe5, 0x52, 0xb0, 0x8e, 0xfe, 0x15, 0xe5, 0x9e, 0x23, 0x41, 0xec, 0x6e, + 0x81, 0x4c, 0x96, 0x3d, 0x8a, 0xfe, 0xa0, 0x5a, 0x8e, 0xbb, 0x4e, 0x07, 0xe3, + 0x57, 0x86, 0x8c, 0x73, 0x96, 0x62, 0xac, 0x12, 0xe4, 0x70, 0xc8, 0x8e, 0xbc, + 0xe0, 0x2e, 0xf6, 0xfe, 0x4e, 0x29, 0xc1, 0xa1, 0x0a, 0x05, 0x52, 0x2e, 0x9f, + 0x36, 0x6b, 0xe6, 0x5d, 0xb7, 0x4c, 0xcf, 0xd5, 0x5b, 0x8a, 0xae, 0x94, 0x94, + 0xc3, 0x8c, 0x3c, 0x3f, 0xf3, 0xdc, 0x4b, 0x98, 0x39, 0xa9, 0x46, 0x15, 0x06, + 0x57, 0x4a, 0xab, 0x0a, 0x1d, 0x6d, 0x7c, 0x8b, 0x9a, 0xe3, 0xa3, 0x98, 0xfa, + 0x50, 0x6c, 0x85, 0x8c, 0xfd, 0x24, 0xa9, 0x55, 0x1d, 0x74, 0x3f, 0x43, 0x75, + 0x7d, + ], + }, + Test { + secret: &[ + 0xc1, 0x71, 0x57, 0x12, 0x38, 0xa4, 0xb2, 0xef, 0x39, 0x27, 0x73, 0x1d, 0x97, + 0x92, 0x0a, 0xdd, 0xc2, 0x6f, 0x28, 0x0d, 0xf2, 0x91, 0xd9, 0xa1, 0x14, 0x34, + 0xa0, 0x80, 0x3e, 0x1d, 0xd8, 0x75, + ], + msg: &[ + 0x1e, 0x8b, 0x96, 0x0c, 0x2a, 0x2b, 0x3d, 0x47, 0x7d, 0x0e, 0x9f, 0xbd, 0xca, + 0xc0, 0xd9, 0xdb, 0x72, 0x56, 0xc3, 0x9e, 0x34, 0x94, 0x54, 0xe5, 0xc8, 0x07, + 0x4c, 0xac, 0xff, 0x6a, 0x08, 0xf4, 0x3e, 0x54, 0xc7, 0xf6, 0x33, 0xdd, 0x8e, + 0x89, 0x58, 0xce, 0x8a, 0x43, 0x05, 0x04, 0x0c, 0x47, 0xb1, 0x7e, 0xcd, 0xfa, + 0x0b, 0xb7, 0xad, 0x03, 0xb0, 0x2c, 0x64, 0xb1, 0xbb, 0xf5, 0xeb, 0x78, 0x9d, + 0x83, 0x18, 0xad, 0xfe, 0xeb, 0x79, 0xad, 0x03, 0x42, 0x47, 0xb1, 0x57, 0x1b, + 0x72, 0x45, 0x45, 0xad, + ], + iv: &[ + 0xfc, 0x25, 0xd2, 0xa3, 0xcf, 0x3e, 0xac, 0xf5, 0xca, 0x99, 0x87, 0x21, 0xdc, + 0x4a, 0x7c, 0x29, + ], + cipher: &[ + 0xfc, 0x25, 0xd2, 0xa3, 0xcf, 0x3e, 0xac, 0xf5, 0xca, 0x99, 0x87, 0x21, 0xdc, + 0x4a, 0x7c, 0x29, 0xde, 0xc2, 0x5a, 0xd5, 0xb6, 0xb0, 0x9d, 0xb6, 0x3f, 0x87, + 0x1b, 0xa3, 0x1f, 0xde, 0x78, 0x46, 0x4a, 0x4f, 0xf5, 0x39, 0x06, 0x29, 0x42, + 0xaf, 0x03, 0xc9, 0x40, 0xc7, 0x35, 0x44, 0xfe, 0x2f, 0xe8, 0x40, 0xc9, 0x25, + 0x38, 0x3e, 0x80, 0x21, 0x33, 0x94, 0x9c, 0x04, 0x14, 0xf1, 0x98, 0x2c, 0x15, + 0x57, 0xd3, 0x77, 0x16, 0xd7, 0x66, 0x31, 0x2e, 0x98, 0xc4, 0x5c, 0xa3, 0xac, + 0xe7, 0x26, 0x17, 0xa2, 0x25, 0x6f, 0xfc, 0x6a, 0x5f, 0x6d, 0x33, 0x6f, 0x46, + 0x21, 0x4f, 0x8c, 0xfe, 0x54, 0x83, 0x2e, 0x34, 0x22, 0x8f, 0x6c, 0x1e, 0x00, + 0x43, 0x2e, 0x1a, 0x37, 0xe5, 0x65, 0xbb, 0x7a, 0xc9, 0x14, 0x32, 0xba, 0x02, + 0xc0, 0xc7, 0xc2, 0x44, 0x64, 0xbc, 0x0c, 0x13, 0x5b, 0x69, 0x3e, 0x20, 0x6d, + 0x28, 0x82, 0x6c, 0xf0, 0x98, 0x4e, 0x27, 0x88, 0xf9, 0xc5, 0x01, 0x42, 0xc0, + 0x77, + ], + }, + Test { + secret: &[ + 0x01, 0xfb, 0x48, 0xe2, 0x3e, 0x69, 0x62, 0x55, 0xdf, 0xff, 0xf1, 0xfd, 0x25, + 0xc7, 0x70, 0x48, 0x17, 0x63, 0x7e, 0x41, 0x80, 0xed, 0xb2, 0xe8, 0x93, 0xdf, + 0xce, 0xde, 0xb8, 0x76, 0xb7, 0x95, + ], + msg: &[ + 0xb7, 0x0f, 0xe5, 0x7d, 0x8c, 0x78, 0xb4, 0xcc, 0xd2, 0xe5, 0xb0, 0xc0, 0x38, + 0x12, 0x54, 0xca, 0x82, 0x0b, 0xb5, 0x14, 0xef, 0xd6, 0x06, 0xf4, 0xb0, 0x87, + 0x4b, 0xea, 0xec, 0x03, 0xc2, 0xbc, 0x50, 0x42, 0xde, 0xd1, 0xba, 0x54, 0x16, + 0xb9, 0x12, 0x8b, 0xba, 0x55, 0x7c, 0x7b, 0x8a, 0x2b, 0xa0, 0x9b, 0x10, 0xf0, + 0x33, 0x9e, 0x0f, 0x28, 0x7c, 0x01, 0x82, 0x0a, 0xb0, 0x20, 0x28, 0x10, 0x08, + 0x60, 0xe8, 0x48, 0xd2, 0x48, 0xcc, 0x60, 0xf4, 0x65, 0xac, 0x8d, 0x92, 0x7d, + 0x72, 0xd1, 0x5f, 0xd9, 0x81, + ], + iv: &[ + 0xd1, 0x8c, 0xe0, 0x81, 0x21, 0x03, 0x6a, 0xa5, 0x84, 0xbd, 0x9e, 0xf7, 0x57, + 0x2d, 0x72, 0xff, + ], + cipher: &[ + 0xd1, 0x8c, 0xe0, 0x81, 0x21, 0x03, 0x6a, 0xa5, 0x84, 0xbd, 0x9e, 0xf7, 0x57, + 0x2d, 0x72, 0xff, 0xb2, 0xd1, 0x14, 0xc7, 0x15, 0x47, 0xa2, 0x76, 0x72, 0x65, + 0x3f, 0xa6, 0xf8, 0x8b, 0x9b, 0x42, 0xa1, 0x76, 0xaa, 0xc1, 0xa6, 0xc8, 0xbf, + 0x81, 0xed, 0xff, 0x80, 0x40, 0xbc, 0x1c, 0x05, 0x63, 0x39, 0xf1, 0x6e, 0x57, + 0x41, 0x49, 0xc7, 0xd0, 0x40, 0x74, 0x6d, 0x15, 0x5a, 0x4e, 0x7d, 0x14, 0xf7, + 0x34, 0xb3, 0xb6, 0xdc, 0xa3, 0x09, 0x69, 0x65, 0x59, 0x0c, 0x52, 0xfa, 0xd8, + 0x57, 0xc1, 0xa0, 0xdb, 0x29, 0x01, 0xde, 0xc3, 0x6a, 0x91, 0xc0, 0x52, 0x81, + 0xf1, 0xdc, 0xcd, 0x8e, 0x5b, 0x65, 0xd7, 0x19, 0x55, 0x2b, 0xfa, 0x35, 0x71, + 0x36, 0xe0, 0xac, 0x94, 0x97, 0x28, 0xc9, 0x9a, 0xd7, 0x7a, 0x52, 0x58, 0x81, + 0x70, 0x60, 0x81, 0x8b, 0x12, 0x9f, 0x80, 0x71, 0x73, 0xf1, 0x78, 0x1b, 0xb6, + 0x84, 0x12, 0xb4, 0x32, 0x83, 0xb8, 0xad, 0x13, 0x20, 0x76, 0x6f, 0xee, 0x68, + 0x24, + ], + }, + Test { + secret: &[ + 0xc5, 0x0c, 0x84, 0x98, 0x27, 0x23, 0x60, 0x26, 0xe6, 0x10, 0x7c, 0xcd, 0x65, + 0xf1, 0x2f, 0xe8, 0x77, 0x3a, 0xe8, 0xd9, 0x39, 0x51, 0xed, 0xe7, 0xf0, 0x07, + 0x88, 0x3e, 0x3d, 0x45, 0x3e, 0x10, + ], + msg: &[ + 0xaa, 0xf4, 0x27, 0xa7, 0x01, 0x56, 0xdd, 0x2b, 0x5c, 0x86, 0x90, 0x0f, 0x12, + 0x43, 0x87, 0x2e, 0x82, 0xa0, 0x43, 0x10, 0xc7, 0xc8, 0x26, 0x6c, 0x93, 0x91, + 0xb8, 0x54, 0x46, 0x19, 0xa2, 0xa2, 0x75, 0x3c, 0xd7, 0x37, 0xff, 0x0b, 0xdc, + 0x34, 0x77, 0x7e, 0x5d, 0x3b, 0x4f, 0x63, 0x74, 0x6e, 0x64, 0x2d, 0x82, 0x52, + 0x88, 0x69, 0xd3, 0xa3, 0x56, 0x91, 0x96, 0xfb, 0x21, 0xb2, 0xc6, 0xdf, 0x09, + 0x96, 0xce, 0x81, 0xdc, 0xbd, 0x2c, 0x39, 0x0a, 0x18, 0x92, 0x7f, 0x52, 0xf0, + 0xcd, 0x25, 0x97, 0xce, 0xf0, 0x95, + ], + iv: &[ + 0x35, 0xeb, 0x92, 0xed, 0x6c, 0x16, 0x5d, 0xf3, 0xf5, 0x2d, 0xe9, 0x0d, 0x22, + 0x20, 0x82, 0x0a, + ], + cipher: &[ + 0x35, 0xeb, 0x92, 0xed, 0x6c, 0x16, 0x5d, 0xf3, 0xf5, 0x2d, 0xe9, 0x0d, 0x22, + 0x20, 0x82, 0x0a, 0x89, 0xd8, 0x61, 0x79, 0xa2, 0x87, 0x04, 0x37, 0x69, 0x46, + 0x16, 0xad, 0x56, 0x5f, 0xb0, 0xcf, 0x71, 0xcb, 0xef, 0x7f, 0x47, 0xbb, 0x93, + 0xa5, 0x63, 0x75, 0x6c, 0x7c, 0x8b, 0x58, 0x74, 0x69, 0xe1, 0x24, 0xed, 0x27, + 0x71, 0x55, 0x45, 0x55, 0x71, 0x95, 0x4c, 0x08, 0x48, 0x4c, 0xf9, 0x7e, 0x55, + 0x7b, 0x40, 0x5a, 0x43, 0xad, 0xc5, 0x06, 0x95, 0x52, 0xec, 0x0c, 0x10, 0xf4, + 0xe4, 0x67, 0xb3, 0xfc, 0x0e, 0x18, 0xd8, 0xdc, 0xdc, 0xd5, 0xd1, 0x4a, 0xe5, + 0x72, 0x14, 0x32, 0x94, 0x48, 0x29, 0xca, 0x42, 0x32, 0x07, 0x71, 0x5d, 0x3d, + 0x5a, 0xaa, 0xf2, 0xfc, 0x90, 0x0c, 0x8e, 0xba, 0xda, 0xde, 0x51, 0x78, 0x64, + 0xb2, 0x7a, 0xa7, 0x72, 0x85, 0xf3, 0x57, 0x4d, 0x7b, 0x1b, 0x33, 0x53, 0x26, + 0x36, 0x7f, 0x5f, 0xc5, 0x35, 0x7c, 0xd3, 0xd2, 0xf9, 0x51, 0xf3, 0x19, 0xc3, + 0x29, + ], + }, + Test { + secret: &[ + 0xa9, 0x85, 0x4d, 0x34, 0x99, 0xe6, 0xbf, 0x2b, 0xeb, 0x3c, 0x07, 0xfd, 0x2b, + 0x3d, 0xe1, 0x88, 0x2b, 0xed, 0x29, 0xa7, 0xad, 0x81, 0x39, 0x12, 0xac, 0xcb, + 0xb5, 0x64, 0xd2, 0xa8, 0x29, 0x86, + ], + msg: &[ + 0x0a, 0xb1, 0x6d, 0xf9, 0x63, 0xaf, 0xd4, 0x54, 0x92, 0xa7, 0x69, 0x67, 0xfe, + 0xa7, 0x82, 0x5e, 0xcc, 0xa3, 0xeb, 0x1f, 0x42, 0x8c, 0xee, 0xe2, 0x0f, 0xbe, + 0x64, 0x96, 0x81, 0x43, 0x7e, 0x44, 0xa3, 0x6d, 0xc1, 0x5d, 0x65, 0xa7, 0xe7, + 0x80, 0x0b, 0x8d, 0xad, 0x77, 0x43, 0xd7, 0xbd, 0xf9, 0x64, 0x7f, 0x0c, 0x11, + 0x97, 0xb5, 0xc5, 0x2a, 0x88, 0x77, 0x21, 0x0f, 0x0f, 0x46, 0xff, 0x0b, 0xd1, + 0x0e, 0xf1, 0x3e, 0xde, 0x28, 0xed, 0x10, 0x6c, 0x5e, 0x74, 0xb3, 0x60, 0x29, + 0x44, 0xee, 0xe0, 0xc4, 0x94, 0x67, 0x2d, + ], + iv: &[ + 0xb4, 0xed, 0x56, 0xb7, 0x69, 0xf6, 0x32, 0x11, 0xcc, 0x78, 0xbb, 0x0c, 0x34, + 0x66, 0x3e, 0x97, + ], + cipher: &[ + 0xb4, 0xed, 0x56, 0xb7, 0x69, 0xf6, 0x32, 0x11, 0xcc, 0x78, 0xbb, 0x0c, 0x34, + 0x66, 0x3e, 0x97, 0xb2, 0x67, 0x24, 0x54, 0xb0, 0x44, 0xfa, 0x59, 0xbf, 0x62, + 0x2e, 0xa6, 0x9e, 0x33, 0xff, 0xd2, 0x01, 0xc8, 0x6e, 0x4f, 0x55, 0xc6, 0xfb, + 0xdf, 0x3d, 0xd9, 0xbd, 0x1c, 0xf5, 0x94, 0x33, 0x15, 0x83, 0x5f, 0xcc, 0xeb, + 0x33, 0xf1, 0xf7, 0x66, 0xda, 0xec, 0x96, 0xd0, 0xc4, 0xfa, 0xaf, 0xc5, 0x6b, + 0x94, 0x6b, 0x8a, 0x8b, 0xb6, 0x37, 0xdb, 0x74, 0x3b, 0x68, 0x13, 0x29, 0x10, + 0x4b, 0x9d, 0x72, 0x18, 0x93, 0x55, 0x54, 0xc5, 0xdb, 0x04, 0x79, 0x9c, 0x50, + 0xc6, 0x3c, 0x74, 0x96, 0x41, 0x08, 0x4a, 0xdf, 0x36, 0x79, 0x04, 0x6f, 0x4f, + 0x85, 0x53, 0xd3, 0x29, 0xea, 0xa3, 0x52, 0x96, 0x66, 0x4f, 0x82, 0x4a, 0x9c, + 0xa2, 0x51, 0x16, 0xee, 0x85, 0x21, 0x3b, 0xa6, 0xf5, 0xca, 0x2a, 0x58, 0x97, + 0xad, 0xe2, 0xae, 0xcf, 0x2b, 0x40, 0x8b, 0xaf, 0x53, 0x9a, 0x5a, 0x60, 0xe3, + 0x79, + ], + }, + Test { + secret: &[ + 0x49, 0x25, 0xca, 0xd7, 0xa3, 0x14, 0x66, 0xd6, 0x23, 0xac, 0xbd, 0xd9, 0x9b, + 0x44, 0x46, 0x1d, 0xcd, 0x88, 0xf7, 0x25, 0x5a, 0x64, 0x5e, 0x45, 0xbd, 0x68, + 0x45, 0xf3, 0x0c, 0x8d, 0xf4, 0x65, + ], + msg: &[ + 0x8b, 0x45, 0x14, 0xa8, 0x5a, 0x57, 0x4a, 0xeb, 0xb2, 0xe6, 0x3d, 0xf9, 0x9d, + 0x12, 0x17, 0x0e, 0x42, 0x05, 0x88, 0x45, 0xe4, 0x8b, 0x2a, 0xe5, 0x4e, 0x88, + 0x16, 0x9f, 0xb8, 0x3b, 0xef, 0x02, 0x83, 0x60, 0xb2, 0xf2, 0xd8, 0xde, 0x5b, + 0xe8, 0xd8, 0xaa, 0x12, 0xca, 0xfc, 0x57, 0x34, 0xeb, 0x3c, 0xe0, 0xa7, 0x23, + 0x1a, 0x5e, 0x14, 0x53, 0x79, 0x56, 0x30, 0x5e, 0x46, 0x8a, 0x6e, 0xca, 0x62, + 0xe2, 0x21, 0x19, 0xe9, 0xaf, 0x5c, 0x14, 0x8c, 0x3b, 0xa8, 0xb5, 0xf6, 0xe7, + 0xd1, 0x08, 0x1b, 0x20, 0x38, 0xa7, 0x3f, 0x8e, + ], + iv: &[ + 0x95, 0x9b, 0xc7, 0xfb, 0x97, 0x6f, 0xea, 0x19, 0x76, 0xea, 0x04, 0x3d, 0x90, + 0x7d, 0x50, 0x96, + ], + cipher: &[ + 0x95, 0x9b, 0xc7, 0xfb, 0x97, 0x6f, 0xea, 0x19, 0x76, 0xea, 0x04, 0x3d, 0x90, + 0x7d, 0x50, 0x96, 0x87, 0x31, 0xb0, 0x9d, 0xb7, 0x49, 0x9a, 0x35, 0x7d, 0xde, + 0x38, 0xc4, 0x1d, 0x89, 0xe6, 0x58, 0x79, 0x56, 0x42, 0x4b, 0x39, 0x4c, 0x17, + 0x5e, 0x10, 0x55, 0x62, 0x28, 0x22, 0x6d, 0x84, 0x28, 0xdb, 0x82, 0x4b, 0x7d, + 0xc6, 0xee, 0x05, 0x35, 0xe2, 0xe7, 0xab, 0xa4, 0x6c, 0xcb, 0xcd, 0xb4, 0xc9, + 0xeb, 0xa1, 0x10, 0xb1, 0x54, 0x60, 0x8e, 0x28, 0x22, 0x6c, 0xe8, 0x2a, 0x7b, + 0x81, 0x5e, 0x8f, 0x5b, 0x65, 0xf1, 0xe3, 0x2f, 0x3c, 0xae, 0xed, 0x04, 0xe9, + 0x79, 0x49, 0x69, 0xe5, 0x8e, 0xfb, 0x42, 0x56, 0x9b, 0xbd, 0xd9, 0x82, 0x5f, + 0x5b, 0x38, 0xea, 0x6c, 0x90, 0x55, 0x17, 0x10, 0x7b, 0xe9, 0x0d, 0x08, 0x8d, + 0xb6, 0x66, 0x20, 0xf1, 0xe4, 0xb3, 0x09, 0x12, 0xf0, 0x89, 0x65, 0x64, 0xb5, + 0xa0, 0xde, 0x0d, 0xa5, 0x18, 0x97, 0x4c, 0x69, 0x7a, 0x23, 0x04, 0xbb, 0x8d, + 0xe8, + ], + }, + Test { + secret: &[ + 0x25, 0x6e, 0xc3, 0xdb, 0x64, 0x0b, 0xec, 0x12, 0x92, 0xd8, 0xd4, 0x27, 0xc4, + 0x89, 0x9b, 0x10, 0x0a, 0x09, 0x10, 0xfe, 0x79, 0x19, 0x4b, 0x94, 0x0a, 0xe5, + 0x5f, 0x8e, 0xd7, 0x8e, 0x10, 0x32, + ], + msg: &[ + 0x8c, 0xac, 0x20, 0xd4, 0xe6, 0x66, 0x28, 0x27, 0xd6, 0x2d, 0xe6, 0xc5, 0x7d, + 0x90, 0xde, 0xed, 0xa6, 0x5e, 0x9f, 0x85, 0xff, 0xee, 0xcf, 0xa7, 0x38, 0xbc, + 0x03, 0xb9, 0xf1, 0x0a, 0x17, 0xb8, 0xea, 0xfa, 0x94, 0x6b, 0x91, 0x84, 0x36, + 0x46, 0xad, 0x2b, 0x4b, 0x47, 0x3d, 0xd2, 0xdb, 0x36, 0x1a, 0x8a, 0xdb, 0x90, + 0xc5, 0xd2, 0x78, 0x4d, 0x40, 0x31, 0xe2, 0xc9, 0x02, 0xac, 0xdd, 0x63, 0x00, + 0x1b, 0x55, 0x49, 0xe3, 0x62, 0x87, 0xf2, 0x61, 0xdc, 0xf2, 0xc3, 0x2f, 0x2b, + 0xaa, 0x3a, 0x5b, 0x4a, 0xa5, 0xce, 0x72, 0x00, 0x3b, + ], + iv: &[ + 0x74, 0x08, 0x7e, 0x96, 0x8c, 0x28, 0x10, 0xe1, 0xf7, 0x40, 0xb0, 0xbc, 0x6c, + 0x48, 0xfa, 0x16, + ], + cipher: &[ + 0x74, 0x08, 0x7e, 0x96, 0x8c, 0x28, 0x10, 0xe1, 0xf7, 0x40, 0xb0, 0xbc, 0x6c, + 0x48, 0xfa, 0x16, 0x5b, 0xf5, 0x2f, 0xcf, 0x28, 0xce, 0x0a, 0x51, 0xb0, 0x27, + 0x2f, 0xf8, 0x1d, 0x12, 0x01, 0xb4, 0x9b, 0x9f, 0x91, 0xc7, 0x8e, 0x36, 0x25, + 0xe8, 0xb5, 0x40, 0xbe, 0x04, 0xa6, 0x7a, 0x2a, 0xd0, 0x6c, 0x1e, 0xa8, 0x14, + 0x3a, 0xef, 0x57, 0x49, 0xfa, 0x4f, 0x31, 0x97, 0x82, 0xad, 0xcd, 0x31, 0xd0, + 0x5a, 0xdc, 0x06, 0x56, 0xc1, 0xf1, 0xb2, 0x45, 0xbc, 0xf0, 0x1c, 0x7e, 0x00, + 0x2b, 0x53, 0x3b, 0x05, 0x64, 0xab, 0x99, 0xba, 0x86, 0x6c, 0xce, 0x81, 0xd4, + 0x10, 0x40, 0x8d, 0xea, 0x4d, 0xef, 0x07, 0xed, 0x73, 0xa3, 0xb4, 0xe2, 0x3d, + 0x84, 0x6d, 0x07, 0x45, 0xb5, 0x7e, 0x5c, 0xed, 0x21, 0x76, 0x55, 0x4e, 0xd0, + 0x6d, 0x5b, 0x60, 0x12, 0xc8, 0x0d, 0xd6, 0x2f, 0x08, 0x50, 0xdb, 0x92, 0x3e, + 0xf0, 0xdd, 0x76, 0x7d, 0xd8, 0x2e, 0x9d, 0x4a, 0xe5, 0x72, 0xd5, 0xef, 0x23, + 0xe5, + ], + }, + Test { + secret: &[ + 0x0d, 0x9e, 0xa5, 0x87, 0x66, 0x25, 0x18, 0x60, 0xf1, 0x29, 0x64, 0x27, 0xbe, + 0xfc, 0xcd, 0x02, 0x02, 0xe8, 0x70, 0x89, 0x90, 0x6c, 0xfd, 0xd3, 0x02, 0xf8, + 0x86, 0x65, 0x14, 0xd7, 0x01, 0xc3, + ], + msg: &[ + 0x18, 0x2c, 0xdf, 0xd9, 0xf0, 0xa6, 0xc4, 0x89, 0x5a, 0x53, 0x16, 0xb5, 0x3d, + 0x7a, 0x7e, 0x39, 0x3b, 0x77, 0xf2, 0xba, 0x9f, 0x4e, 0xff, 0xcb, 0xd5, 0xc9, + 0xdc, 0x16, 0xae, 0x52, 0x55, 0x01, 0xfc, 0xb6, 0xaa, 0x47, 0x66, 0x74, 0x41, + 0xf4, 0xc2, 0xed, 0xe8, 0x28, 0x2a, 0x11, 0xaf, 0xcb, 0xae, 0x5a, 0xb9, 0xda, + 0x63, 0x3d, 0xd0, 0xcb, 0x23, 0xca, 0x28, 0x29, 0x2e, 0xbd, 0xe4, 0x01, 0x39, + 0xc7, 0x35, 0x77, 0x96, 0xc2, 0x12, 0xec, 0x25, 0x7d, 0x30, 0x9b, 0x9a, 0xc1, + 0xa1, 0xf7, 0xc9, 0x2f, 0x8e, 0xb8, 0xce, 0xbd, 0xc7, 0x40, + ], + iv: &[ + 0xc0, 0x78, 0xd8, 0x93, 0xa7, 0xa6, 0x8f, 0xe5, 0xa8, 0xb4, 0x60, 0x7b, 0x9f, + 0xd2, 0x50, 0x19, + ], + cipher: &[ + 0xc0, 0x78, 0xd8, 0x93, 0xa7, 0xa6, 0x8f, 0xe5, 0xa8, 0xb4, 0x60, 0x7b, 0x9f, + 0xd2, 0x50, 0x19, 0x8a, 0x6a, 0xc1, 0x9e, 0xb4, 0x2b, 0x16, 0xd9, 0x09, 0xec, + 0xb6, 0xe3, 0x39, 0x9e, 0xd1, 0x0f, 0xcf, 0x53, 0xdf, 0x00, 0x04, 0x90, 0xc3, + 0xbf, 0x2f, 0xb4, 0xb7, 0x9a, 0xaa, 0x94, 0xe5, 0xb6, 0xd2, 0xa3, 0x23, 0x83, + 0xf5, 0xe2, 0x7a, 0x5e, 0x19, 0x4c, 0x7b, 0x5e, 0x9b, 0xb9, 0x71, 0x8c, 0x30, + 0x51, 0x2d, 0xf6, 0xc1, 0x43, 0xde, 0xb6, 0xf0, 0xc3, 0xad, 0xb3, 0xac, 0xd9, + 0x9a, 0x58, 0x5c, 0x4e, 0x53, 0xd6, 0x7f, 0x70, 0x74, 0x40, 0x72, 0x5e, 0x89, + 0x2b, 0xa0, 0x97, 0x34, 0xec, 0x68, 0x69, 0x4b, 0x94, 0xa0, 0xf4, 0xb9, 0x85, + 0xd9, 0xfa, 0x8d, 0xda, 0x9c, 0x8d, 0x79, 0x8f, 0x4d, 0xd8, 0xbf, 0xc1, 0x73, + 0xa8, 0xe1, 0xca, 0x9e, 0xe0, 0xb8, 0x11, 0xf5, 0x05, 0x95, 0x38, 0xb6, 0x91, + 0x09, 0xbc, 0x29, 0xc6, 0x8f, 0xd8, 0x0c, 0xe7, 0x99, 0x9c, 0x25, 0xb2, 0xdb, + 0xe6, + ], + }, + Test { + secret: &[ + 0xab, 0xfe, 0x88, 0x5d, 0x51, 0x92, 0x90, 0xb9, 0xa9, 0x82, 0xe7, 0x3c, 0xf6, + 0x08, 0x49, 0x56, 0x5e, 0x27, 0xc6, 0x7d, 0xdb, 0x15, 0xdf, 0x0a, 0x8c, 0xec, + 0x1b, 0x7b, 0xd2, 0xb3, 0xbb, 0xf3, + ], + msg: &[ + 0x03, 0x64, 0x89, 0x1c, 0xe3, 0xe2, 0xc5, 0x80, 0xa4, 0xc3, 0x7b, 0x89, 0x9c, + 0xfa, 0xe1, 0xf8, 0xd2, 0x36, 0xf2, 0x11, 0xd5, 0xd8, 0xc9, 0xa6, 0x04, 0x86, + 0xc6, 0x41, 0x68, 0x15, 0xcb, 0xe9, 0xaf, 0x95, 0x24, 0xc7, 0xfc, 0x5b, 0x4a, + 0xf2, 0x68, 0xa5, 0x6d, 0x26, 0x03, 0x0b, 0xb8, 0x3f, 0x11, 0xf4, 0xe6, 0x22, + 0x7f, 0xd8, 0x9c, 0xe9, 0xda, 0xb7, 0x4e, 0x37, 0x6d, 0x76, 0x34, 0x60, 0x48, + 0xfc, 0xca, 0xd6, 0x51, 0x0f, 0x72, 0xa5, 0x0f, 0x6a, 0x79, 0xed, 0xe9, 0xc6, + 0x6e, 0x7d, 0xa5, 0x0e, 0xe5, 0xde, 0x1a, 0xa3, 0x91, 0x5f, 0x28, + ], + iv: &[ + 0x81, 0x42, 0x58, 0xd7, 0xf1, 0x30, 0xdf, 0xa5, 0x68, 0x63, 0x7b, 0x30, 0x42, + 0xa8, 0x0d, 0x0a, + ], + cipher: &[ + 0x81, 0x42, 0x58, 0xd7, 0xf1, 0x30, 0xdf, 0xa5, 0x68, 0x63, 0x7b, 0x30, 0x42, + 0xa8, 0x0d, 0x0a, 0xe1, 0xa9, 0x3c, 0x78, 0x6c, 0x42, 0xf2, 0xcd, 0xef, 0xd4, + 0x94, 0x45, 0x59, 0x1d, 0xa5, 0x53, 0x87, 0xd5, 0x2c, 0x28, 0xcf, 0xaa, 0x09, + 0x75, 0x51, 0xb4, 0x8f, 0xd3, 0x9c, 0x29, 0xa9, 0xbe, 0xc9, 0xf1, 0x21, 0x2e, + 0xba, 0x69, 0x4a, 0xd8, 0x4d, 0x1c, 0x8c, 0x96, 0x0a, 0xa4, 0x06, 0x8d, 0x5f, + 0xa0, 0xd3, 0x67, 0x28, 0x84, 0xba, 0x9d, 0xc4, 0x3e, 0xc1, 0x2f, 0xb7, 0xdf, + 0xee, 0x6d, 0xab, 0xb7, 0x80, 0xef, 0xb0, 0x07, 0x2a, 0xba, 0x41, 0x79, 0xa2, + 0x60, 0xaa, 0x61, 0x74, 0x21, 0x22, 0xcf, 0xc3, 0xed, 0x1c, 0x87, 0x94, 0x85, + 0x2c, 0x35, 0x84, 0xe9, 0x8c, 0x71, 0xff, 0xcd, 0x99, 0xf2, 0xe6, 0xfc, 0xa6, + 0x5e, 0x32, 0xf6, 0x15, 0x13, 0xec, 0xa5, 0xd2, 0x42, 0x5d, 0xc5, 0x2c, 0xb8, + 0xfa, 0x5d, 0x95, 0x8d, 0x10, 0xc0, 0x60, 0x73, 0xf1, 0x90, 0x60, 0x0d, 0xcd, + 0x2c, + ], + }, + Test { + secret: &[ + 0x67, 0xd8, 0x0c, 0x9d, 0xed, 0x83, 0x43, 0x60, 0xb9, 0xa2, 0xb0, 0xbe, 0xe3, + 0x66, 0xa2, 0x30, 0x39, 0xc6, 0xd8, 0x1a, 0x8d, 0x49, 0x8f, 0x9f, 0xbf, 0x0f, + 0x1d, 0xc4, 0xc8, 0x1b, 0x99, 0xdb, + ], + msg: &[ + 0x9b, 0x90, 0xac, 0x2b, 0x64, 0x24, 0xe4, 0x66, 0x4a, 0x58, 0x79, 0x46, 0xf4, + 0xf6, 0xd8, 0xf1, 0x8f, 0x1a, 0x87, 0xde, 0x72, 0x4c, 0x25, 0x28, 0x47, 0x25, + 0xa6, 0xaa, 0xc6, 0x98, 0xfc, 0x36, 0x4e, 0xfe, 0x84, 0x09, 0xb9, 0x07, 0x22, + 0xa8, 0x32, 0x00, 0xa9, 0xc7, 0x9b, 0x53, 0x3e, 0xfb, 0x96, 0x5b, 0xa5, 0x32, + 0xf8, 0xef, 0x88, 0xbe, 0xb4, 0xec, 0x0f, 0x5a, 0x4c, 0x9e, 0xed, 0x8e, 0xad, + 0xf7, 0xfc, 0xb5, 0xab, 0xb1, 0x80, 0xc0, 0x68, 0x23, 0x1b, 0xc3, 0x9c, 0xdd, + 0x69, 0xa2, 0xec, 0x9f, 0x62, 0xa9, 0x5b, 0xd7, 0xa8, 0x04, 0xc0, 0xce, + ], + iv: &[ + 0x41, 0xb3, 0xfe, 0x8b, 0x08, 0x58, 0x91, 0x7e, 0x76, 0x98, 0xd5, 0xf4, 0x5a, + 0x46, 0x26, 0xe6, + ], + cipher: &[ + 0x41, 0xb3, 0xfe, 0x8b, 0x08, 0x58, 0x91, 0x7e, 0x76, 0x98, 0xd5, 0xf4, 0x5a, + 0x46, 0x26, 0xe6, 0x67, 0x94, 0xe1, 0xd7, 0x03, 0x49, 0xa4, 0x7a, 0x96, 0x5d, + 0x9e, 0x31, 0xa2, 0xec, 0x99, 0x30, 0x66, 0x38, 0x82, 0xe4, 0x20, 0xc7, 0xd3, + 0xa7, 0xec, 0x5f, 0xe4, 0xf0, 0x39, 0xa2, 0x90, 0xec, 0x36, 0x8e, 0x32, 0x3d, + 0x3d, 0x2c, 0xc8, 0xcf, 0x3b, 0xae, 0xfe, 0xbc, 0x9e, 0x9e, 0x79, 0x2c, 0xdf, + 0x1f, 0x62, 0x01, 0x80, 0xed, 0xde, 0x8b, 0xa9, 0x78, 0x23, 0xce, 0x11, 0x06, + 0x84, 0x5b, 0x4a, 0x1d, 0xb4, 0x0d, 0x8e, 0xc4, 0xa2, 0xc9, 0x07, 0x3d, 0xbe, + 0xfd, 0x2c, 0x1e, 0xf7, 0x8f, 0x1d, 0xf6, 0xfb, 0xf9, 0x65, 0xde, 0xbd, 0xfe, + 0xd1, 0xd2, 0x7f, 0x2f, 0xb5, 0x76, 0x21, 0xa5, 0x76, 0x65, 0xf3, 0x6d, 0xce, + 0x97, 0xc5, 0x5b, 0xbb, 0xd8, 0x80, 0x64, 0x8b, 0x61, 0x00, 0xbf, 0x84, 0xbd, + 0x33, 0x19, 0xfb, 0xfc, 0x15, 0x57, 0xd6, 0xb4, 0x0c, 0x34, 0xe9, 0xd9, 0x8d, + 0xe5, + ], + }, + Test { + secret: &[ + 0xf0, 0xbe, 0x26, 0x9f, 0x56, 0x97, 0xb8, 0xe3, 0x90, 0x1b, 0x1d, 0x65, 0xbc, + 0x2b, 0x11, 0x73, 0xd2, 0x31, 0xaf, 0x4c, 0xb6, 0x3b, 0x9f, 0x54, 0x9a, 0xcc, + 0x05, 0x93, 0xaf, 0x9f, 0xcd, 0x76, + ], + msg: &[ + 0xd8, 0x71, 0xa5, 0x27, 0x08, 0xc8, 0x29, 0x01, 0x60, 0xaa, 0x3d, 0xbd, 0x62, + 0xcd, 0x51, 0x84, 0x91, 0x15, 0xe9, 0xdd, 0x22, 0xd2, 0xa1, 0x2b, 0x94, 0x62, + 0xbe, 0x18, 0xe1, 0x58, 0x4d, 0xf0, 0xcd, 0xb7, 0x13, 0x2e, 0x56, 0x2f, 0xa3, + 0x7b, 0xc7, 0xab, 0x29, 0x87, 0x6c, 0xda, 0x2f, 0x84, 0x5e, 0x94, 0x35, 0x76, + 0x17, 0xdb, 0x36, 0x82, 0x78, 0x9c, 0x6b, 0xee, 0x7c, 0x11, 0x55, 0x36, 0x6d, + 0x4a, 0xe9, 0xc9, 0x9e, 0x25, 0x29, 0x00, 0x61, 0x27, 0x14, 0xbd, 0x64, 0x25, + 0x62, 0x4d, 0x42, 0x6f, 0xca, 0x98, 0x6c, 0x6c, 0x77, 0x2e, 0x18, 0x70, 0x90, + ], + iv: &[ + 0xb3, 0x03, 0x34, 0x06, 0x29, 0x60, 0xd6, 0xdc, 0x27, 0x24, 0xfe, 0x86, 0x09, + 0xfa, 0x75, 0xa3, + ], + cipher: &[ + 0xb3, 0x03, 0x34, 0x06, 0x29, 0x60, 0xd6, 0xdc, 0x27, 0x24, 0xfe, 0x86, 0x09, + 0xfa, 0x75, 0xa3, 0x4a, 0x2e, 0x3b, 0x8c, 0xb9, 0x2e, 0xa9, 0x55, 0x79, 0xcf, + 0xc6, 0xbc, 0x52, 0x55, 0x6f, 0x4b, 0xb3, 0x6c, 0xce, 0x17, 0x0c, 0xd6, 0xd8, + 0xbd, 0x32, 0x17, 0x23, 0xbb, 0x87, 0x0d, 0xd1, 0x73, 0xd2, 0x4a, 0xe2, 0x82, + 0xac, 0xee, 0xdc, 0x6c, 0x79, 0x6e, 0x1b, 0x63, 0x77, 0x0c, 0xc6, 0x01, 0xf4, + 0x37, 0xa7, 0xa8, 0x23, 0x27, 0x6e, 0xc7, 0x95, 0xbf, 0xf7, 0x62, 0x2f, 0x97, + 0x89, 0x00, 0xfa, 0x41, 0x29, 0x8c, 0x36, 0x27, 0xd6, 0x56, 0xae, 0x93, 0x10, + 0x3b, 0xae, 0x4b, 0x2c, 0xf0, 0xf3, 0x37, 0x7b, 0xf2, 0x21, 0x39, 0x96, 0x81, + 0x33, 0xbd, 0x22, 0xef, 0x48, 0x7d, 0x34, 0x86, 0x81, 0xc8, 0x99, 0x42, 0x9b, + 0x97, 0x04, 0xea, 0xb1, 0xab, 0xfd, 0xe5, 0x42, 0x90, 0x4f, 0x97, 0x71, 0xe8, + 0x4d, 0xb7, 0xc8, 0x22, 0x88, 0x6d, 0xee, 0xf3, 0x4b, 0x4a, 0x84, 0x6f, 0x4a, + 0xde, + ], + }, + Test { + secret: &[ + 0xa4, 0x99, 0x40, 0xb4, 0x1a, 0x04, 0xb5, 0x9a, 0x72, 0xea, 0xdf, 0xda, 0x1a, + 0xfd, 0xf1, 0x13, 0xcd, 0x8f, 0xd6, 0x2e, 0xdf, 0x79, 0xc6, 0x67, 0x17, 0x97, + 0xec, 0x30, 0x1c, 0x0b, 0xd6, 0x79, + ], + msg: &[ + 0x72, 0x51, 0xe0, 0xf6, 0xf1, 0x73, 0x54, 0xad, 0x3e, 0x7b, 0xab, 0x8d, 0x32, + 0xdb, 0x56, 0x2f, 0x08, 0xf7, 0x73, 0x3d, 0xb9, 0x6b, 0x91, 0x99, 0x01, 0x61, + 0x68, 0x67, 0x08, 0x6d, 0x8f, 0xa8, 0x79, 0x87, 0xd0, 0xae, 0xd4, 0xd1, 0x10, + 0xde, 0x30, 0xb4, 0xef, 0x7f, 0x1f, 0x87, 0x7d, 0x96, 0xd3, 0xcf, 0x38, 0x66, + 0x14, 0xc1, 0x1a, 0xce, 0x12, 0xed, 0x73, 0x9a, 0x84, 0x70, 0x13, 0x97, 0xd1, + 0x41, 0xe4, 0x14, 0x6f, 0xfc, 0x5e, 0x71, 0xb1, 0x60, 0x1a, 0x0a, 0x90, 0x27, + 0xb9, 0x4d, 0xad, 0x5a, 0x36, 0x35, 0x48, 0xb1, 0x05, 0xd9, 0xb1, 0x85, 0x0b, + 0xf7, + ], + iv: &[ + 0x92, 0xa4, 0xf5, 0xff, 0xd2, 0x61, 0xf9, 0x4c, 0x94, 0xfc, 0x0f, 0x76, 0xae, + 0x69, 0xd3, 0xf6, + ], + cipher: &[ + 0x92, 0xa4, 0xf5, 0xff, 0xd2, 0x61, 0xf9, 0x4c, 0x94, 0xfc, 0x0f, 0x76, 0xae, + 0x69, 0xd3, 0xf6, 0x70, 0x43, 0xe1, 0xbc, 0xe8, 0xc1, 0xad, 0xcb, 0xd1, 0xfc, + 0x04, 0x14, 0x89, 0x17, 0x9c, 0x09, 0xc5, 0x08, 0x82, 0xc7, 0x2e, 0xf0, 0x1c, + 0xce, 0x1b, 0x87, 0x7c, 0xeb, 0xb5, 0x82, 0xe0, 0x6f, 0x5e, 0x87, 0x76, 0x33, + 0x8e, 0x55, 0x3a, 0xee, 0xfa, 0xc1, 0x23, 0xf4, 0xc2, 0xb2, 0x09, 0x45, 0x62, + 0x36, 0xb2, 0x28, 0x0c, 0x80, 0xb9, 0x6b, 0x65, 0xca, 0x25, 0x89, 0x79, 0xf8, + 0x0c, 0xde, 0xfc, 0xb8, 0xc9, 0xde, 0x99, 0x65, 0x4a, 0x35, 0x36, 0xb1, 0xa0, + 0x04, 0x3c, 0x7f, 0x04, 0xc2, 0x70, 0x5a, 0xd3, 0x16, 0xf1, 0xcb, 0xe5, 0x65, + 0xfb, 0x77, 0x9e, 0x0c, 0xeb, 0xab, 0xdc, 0x7d, 0x02, 0xc1, 0xd9, 0x08, 0xf4, + 0x27, 0x54, 0xb0, 0xda, 0xbc, 0xfe, 0x8d, 0x07, 0x5e, 0x38, 0x73, 0x57, 0x47, + 0xf1, 0xaa, 0x88, 0x26, 0x4c, 0x45, 0x26, 0x28, 0x16, 0xfd, 0x1d, 0x4a, 0x0a, + 0xa8, + ], + }, + Test { + secret: &[ + 0xfa, 0x16, 0x28, 0xed, 0x56, 0x25, 0xd9, 0x82, 0x45, 0xf1, 0x41, 0x88, 0x47, + 0x58, 0x71, 0x6c, 0x66, 0xdc, 0x38, 0x7f, 0x46, 0xab, 0xed, 0x39, 0x48, 0x01, + 0xaa, 0xa9, 0xce, 0x42, 0x52, 0x2d, + ], + msg: &[ + 0x6c, 0xaf, 0x5e, 0xa5, 0xff, 0xa3, 0xe2, 0xd0, 0x62, 0x15, 0xe5, 0x2e, 0xe4, + 0x49, 0x33, 0x07, 0xc8, 0xf9, 0x0b, 0x72, 0x91, 0x06, 0x24, 0x79, 0x92, 0xca, + 0x7c, 0x41, 0x26, 0xe4, 0x1b, 0xe8, 0x7f, 0xc9, 0x18, 0x14, 0x33, 0x61, 0x92, + 0x62, 0x4d, 0x57, 0xa1, 0x4d, 0xb6, 0x2a, 0xd4, 0x54, 0x18, 0xfb, 0x35, 0x50, + 0x76, 0x6e, 0x88, 0xd1, 0xec, 0x38, 0xcb, 0xd5, 0x5f, 0xea, 0x76, 0xc4, 0x98, + 0xce, 0xc7, 0xa7, 0x3b, 0x90, 0x98, 0x91, 0xc8, 0x3a, 0xaf, 0xd9, 0xf3, 0xee, + 0xff, 0xc8, 0x96, 0x16, 0x6f, 0x8d, 0xb1, 0x28, 0xb4, 0x16, 0x41, 0x9f, 0x28, + 0x59, 0x16, + ], + iv: &[ + 0xc5, 0xc6, 0xe5, 0x2d, 0x7e, 0x12, 0x69, 0x78, 0xe9, 0xb7, 0x12, 0xd6, 0x8c, + 0x8d, 0x31, 0x0f, + ], + cipher: &[ + 0xc5, 0xc6, 0xe5, 0x2d, 0x7e, 0x12, 0x69, 0x78, 0xe9, 0xb7, 0x12, 0xd6, 0x8c, + 0x8d, 0x31, 0x0f, 0x1f, 0x19, 0x95, 0x7d, 0xb7, 0x8b, 0x31, 0x26, 0x48, 0x42, + 0xd7, 0x23, 0x6a, 0x0e, 0x28, 0x04, 0xac, 0xd9, 0x42, 0x77, 0xb9, 0x60, 0xf1, + 0xf9, 0x11, 0x53, 0x85, 0xd9, 0xed, 0x6a, 0x16, 0x73, 0xe2, 0x96, 0x44, 0x9e, + 0xd1, 0xc0, 0xb7, 0x88, 0x45, 0x77, 0x0e, 0x2b, 0xc5, 0xd2, 0x1d, 0x41, 0xb2, + 0x5b, 0xa5, 0x12, 0xe6, 0x41, 0xb7, 0xd9, 0x3c, 0xa5, 0x80, 0xa9, 0xb6, 0x27, + 0x05, 0x0b, 0xdd, 0x36, 0xc6, 0x82, 0xa6, 0xd3, 0x7c, 0x3b, 0x37, 0x5e, 0x2a, + 0xa2, 0xd1, 0xc8, 0x94, 0xa1, 0xf4, 0x68, 0xc3, 0x35, 0xf0, 0xe1, 0x30, 0xe7, + 0x0e, 0xe0, 0xed, 0x4f, 0x24, 0x6b, 0x84, 0xf9, 0x70, 0x46, 0x44, 0x74, 0xaa, + 0x56, 0x35, 0x23, 0xcf, 0xd5, 0xfa, 0xfd, 0x22, 0x7e, 0x66, 0x3a, 0x8c, 0x1a, + 0xa2, 0x3f, 0x01, 0x2a, 0xee, 0x9e, 0xb4, 0x3a, 0x8e, 0x41, 0xc8, 0x79, 0x57, + 0x71, + ], + }, + Test { + secret: &[ + 0x4d, 0x0d, 0xc3, 0x19, 0xbe, 0x85, 0xd8, 0x4a, 0xd0, 0xeb, 0x94, 0x92, 0xa9, + 0xfc, 0x7c, 0xde, 0xf2, 0xbd, 0xfb, 0x51, 0x95, 0xce, 0xae, 0xdb, 0x5d, 0x17, + 0x20, 0xf0, 0x7e, 0x53, 0xb8, 0xc4, + ], + msg: &[ + 0xe1, 0xfb, 0xb3, 0xdf, 0x63, 0x47, 0x04, 0xb4, 0xda, 0x1f, 0x80, 0x8e, 0xe5, + 0x62, 0x87, 0xc0, 0x27, 0xb3, 0xf0, 0xdc, 0x0c, 0x2e, 0xd7, 0xba, 0xc6, 0xfb, + 0x13, 0xe0, 0x44, 0x62, 0xfb, 0x07, 0x27, 0xd9, 0x13, 0xd9, 0x5f, 0x3a, 0x23, + 0xb9, 0x42, 0x10, 0xe1, 0x74, 0x19, 0x74, 0x73, 0x43, 0x5f, 0x12, 0x9f, 0x88, + 0x83, 0x01, 0x0d, 0x49, 0x15, 0x46, 0x9d, 0x4d, 0x10, 0x56, 0xcf, 0x0c, 0x8c, + 0x23, 0xda, 0x68, 0x88, 0x22, 0xa4, 0x29, 0x8f, 0x4d, 0xcf, 0xd1, 0x2d, 0x32, + 0xfd, 0x5a, 0x6d, 0x12, 0x38, 0x12, 0x41, 0x54, 0x4d, 0x47, 0xef, 0xb0, 0xa0, + 0x5e, 0x9c, 0xf7, + ], + iv: &[ + 0x7f, 0x8e, 0x9d, 0xe2, 0xd7, 0xb0, 0xbb, 0xa5, 0x18, 0xf7, 0xe8, 0x87, 0xa9, + 0xff, 0x5a, 0x4a, + ], + cipher: &[ + 0x7f, 0x8e, 0x9d, 0xe2, 0xd7, 0xb0, 0xbb, 0xa5, 0x18, 0xf7, 0xe8, 0x87, 0xa9, + 0xff, 0x5a, 0x4a, 0x2e, 0x84, 0x69, 0x12, 0xa0, 0x31, 0x21, 0x8a, 0x47, 0xeb, + 0x2b, 0x8d, 0xef, 0xd2, 0xf7, 0x49, 0x4c, 0x95, 0xc7, 0x08, 0x07, 0xa2, 0x44, + 0x04, 0x79, 0x8b, 0x6d, 0x1b, 0x6f, 0x21, 0x8f, 0xe2, 0x27, 0x90, 0x11, 0xe6, + 0x65, 0x63, 0x5e, 0x0e, 0x08, 0x24, 0xf6, 0x0c, 0xa5, 0x24, 0x01, 0x86, 0x40, + 0xa4, 0xd8, 0xbe, 0x26, 0xec, 0x19, 0xfe, 0xf9, 0x62, 0xe7, 0xe0, 0xbc, 0xa8, + 0x3c, 0x40, 0x75, 0x1d, 0x36, 0xc0, 0x27, 0x44, 0x55, 0xde, 0x8a, 0xaf, 0x9e, + 0x1c, 0x0d, 0x26, 0x89, 0x3d, 0xf1, 0xb9, 0xa8, 0x41, 0x55, 0xdf, 0xbb, 0xc4, + 0xe5, 0x15, 0xf4, 0xe1, 0x26, 0x93, 0xda, 0x76, 0x01, 0x8a, 0xba, 0xbb, 0x4e, + 0x9e, 0x41, 0xdb, 0x4a, 0x21, 0xd1, 0x7e, 0xe3, 0xf8, 0xf0, 0x35, 0x7f, 0x21, + 0xb6, 0x25, 0x0c, 0xb9, 0x8f, 0xe1, 0xca, 0x79, 0x1b, 0x0a, 0xe7, 0x8d, 0x9d, + 0xd4, + ], + }, + Test { + secret: &[ + 0x92, 0x2f, 0x3f, 0x49, 0xa3, 0x53, 0x6a, 0x9b, 0x06, 0xa2, 0x87, 0x94, 0x7a, + 0x22, 0x44, 0x40, 0xeb, 0x9f, 0x82, 0x6a, 0x30, 0xd5, 0x5c, 0x7d, 0x48, 0x35, + 0xa5, 0x32, 0xf7, 0xbb, 0x14, 0xbe, + ], + msg: &[ + 0xe9, 0x7b, 0x87, 0xc8, 0x7a, 0x0c, 0xc9, 0x40, 0xaf, 0xf3, 0x2f, 0xda, 0xe7, + 0xbc, 0x37, 0xf8, 0x2f, 0xca, 0xb5, 0xf3, 0x7a, 0x02, 0x2d, 0x2e, 0xc2, 0xac, + 0x56, 0x5f, 0x2b, 0x8b, 0x16, 0x7d, 0xd4, 0xd6, 0x28, 0xb8, 0x98, 0x8c, 0x05, + 0x44, 0x99, 0x4a, 0xf9, 0xe4, 0xb1, 0x3d, 0xd7, 0xb4, 0x25, 0x6f, 0x1b, 0x8d, + 0xf0, 0xd0, 0x1e, 0x9a, 0x85, 0xf1, 0xf6, 0x96, 0xbc, 0xea, 0x45, 0x25, 0x45, + 0x4d, 0x94, 0x9a, 0xee, 0xed, 0x1d, 0x79, 0x87, 0xdb, 0x11, 0x48, 0x4d, 0x39, + 0x0f, 0xe9, 0x1c, 0xb9, 0xb8, 0xec, 0xf6, 0xbe, 0x15, 0x32, 0x6b, 0x60, 0x95, + 0x0d, 0x67, 0x3b, 0x6c, + ], + iv: &[ + 0x07, 0xe1, 0x6c, 0xcb, 0x00, 0x0f, 0x8c, 0xab, 0xb3, 0xd3, 0x32, 0x9a, 0x44, + 0x5a, 0xf0, 0x37, + ], + cipher: &[ + 0x07, 0xe1, 0x6c, 0xcb, 0x00, 0x0f, 0x8c, 0xab, 0xb3, 0xd3, 0x32, 0x9a, 0x44, + 0x5a, 0xf0, 0x37, 0x8d, 0x29, 0x16, 0x18, 0x4a, 0xd2, 0xf6, 0x89, 0x56, 0x68, + 0x6d, 0x06, 0x3e, 0xed, 0x53, 0x6c, 0xbf, 0x2b, 0x95, 0x3c, 0x9f, 0xa4, 0x21, + 0xcb, 0x7f, 0x1b, 0xa7, 0xce, 0xd1, 0xf6, 0x48, 0x04, 0x78, 0x22, 0xba, 0x6a, + 0x0d, 0x91, 0xe7, 0x9d, 0x5e, 0x8c, 0x59, 0xed, 0x4f, 0xe4, 0x79, 0xdd, 0x20, + 0x8e, 0x02, 0x68, 0x8b, 0x74, 0x35, 0x99, 0xb4, 0xd2, 0x04, 0x2f, 0xb6, 0x17, + 0xda, 0xff, 0x25, 0x02, 0x56, 0xa0, 0x05, 0x0b, 0x2b, 0xd6, 0xea, 0x94, 0x5c, + 0x35, 0x18, 0x12, 0xe5, 0x5c, 0x67, 0xdf, 0xbd, 0xa6, 0x6f, 0x70, 0xf6, 0x4d, + 0xe4, 0x1d, 0xa3, 0xe5, 0xbd, 0x5f, 0xee, 0xe9, 0x5b, 0x8a, 0x08, 0xf2, 0xf3, + 0x53, 0x3d, 0xbf, 0x38, 0x4a, 0x4a, 0x47, 0x35, 0xc4, 0x14, 0xa8, 0xe3, 0x39, + 0x2e, 0xc7, 0x2b, 0x4d, 0xf4, 0x99, 0x50, 0x24, 0x57, 0xcb, 0x32, 0xca, 0x95, + 0x79, + ], + }, + Test { + secret: &[ + 0x2b, 0x45, 0xad, 0x6e, 0x76, 0x5e, 0x03, 0x9f, 0x12, 0x78, 0x83, 0xd2, 0x77, + 0xb4, 0x35, 0xeb, 0xd7, 0xe0, 0xeb, 0xcd, 0x25, 0x05, 0x9f, 0x2e, 0x75, 0xed, + 0x7e, 0x57, 0x99, 0xb0, 0x5a, 0x9c, + ], + msg: &[ + 0x77, 0x50, 0x75, 0xc2, 0x3d, 0x3b, 0x1c, 0x5d, 0x64, 0xf2, 0x88, 0x4b, 0xd2, + 0x87, 0x85, 0x42, 0x25, 0xc7, 0x37, 0xc1, 0x0c, 0xfb, 0x8b, 0xc0, 0x4c, 0x83, + 0xd8, 0xe1, 0x4f, 0x17, 0x3a, 0xa1, 0x23, 0x98, 0xa5, 0xae, 0x3e, 0xa3, 0xe3, + 0x79, 0xf0, 0x9a, 0x01, 0x1b, 0x60, 0x45, 0xaa, 0xad, 0x7a, 0x19, 0x31, 0x8a, + 0xd9, 0x0a, 0xde, 0xec, 0x64, 0xca, 0xd3, 0xde, 0xdf, 0xd7, 0xa0, 0x46, 0x6b, + 0x0b, 0x7b, 0xcb, 0xe1, 0x84, 0xfe, 0x25, 0x7f, 0xfe, 0x7b, 0x1e, 0x60, 0x2b, + 0x0a, 0x3f, 0x6b, 0x5b, 0x30, 0x5b, 0xdf, 0x23, 0x9f, 0x43, 0x44, 0xa4, 0xfb, + 0x40, 0x09, 0xf5, 0xe2, 0xcd, + ], + iv: &[ + 0xec, 0xb8, 0xdf, 0x27, 0xe7, 0x94, 0x79, 0x25, 0x3c, 0xa4, 0x10, 0x62, 0x00, + 0xea, 0xf6, 0x98, + ], + cipher: &[ + 0xec, 0xb8, 0xdf, 0x27, 0xe7, 0x94, 0x79, 0x25, 0x3c, 0xa4, 0x10, 0x62, 0x00, + 0xea, 0xf6, 0x98, 0x31, 0xd9, 0x23, 0xa5, 0x7c, 0xfb, 0xc0, 0x81, 0x32, 0xb7, + 0x50, 0xc4, 0x51, 0xa5, 0xd5, 0xcf, 0xe2, 0xce, 0xc0, 0x74, 0x43, 0xce, 0xe1, + 0x9b, 0xce, 0x6c, 0xd7, 0xa5, 0xd5, 0xc5, 0x68, 0xf9, 0xbd, 0xeb, 0x04, 0xfd, + 0xa8, 0x15, 0x8b, 0xb4, 0xc9, 0x1d, 0xd1, 0x49, 0xcf, 0x84, 0x0e, 0x6c, 0x07, + 0xff, 0x25, 0xcf, 0x44, 0xa1, 0x14, 0x1f, 0x88, 0xd5, 0xdb, 0x31, 0x97, 0x72, + 0x59, 0x8a, 0xe6, 0xc3, 0x8a, 0xc8, 0x74, 0x9c, 0xd9, 0x70, 0x81, 0x30, 0x96, + 0x93, 0xe2, 0xd9, 0xec, 0xb5, 0x1a, 0xe7, 0xf3, 0x19, 0x1b, 0x0f, 0x5f, 0x52, + 0xb1, 0x2b, 0xca, 0x8d, 0x84, 0x35, 0x29, 0x1e, 0xb1, 0xef, 0xd5, 0xc0, 0x3f, + 0x26, 0x62, 0x07, 0x0b, 0x4a, 0x11, 0xd4, 0xf5, 0x0a, 0xb2, 0xc8, 0xbc, 0x38, + 0x0e, 0x01, 0x63, 0xf9, 0x7e, 0xe7, 0x01, 0x4c, 0xf2, 0xeb, 0x63, 0x66, 0x90, + 0xe9, 0xe5, 0x20, 0x85, 0x30, 0x84, 0x6d, 0xfe, 0x27, 0x33, 0x43, 0x9e, 0x70, + 0x08, 0x4b, 0xb9, 0x8e, + ], + }, + Test { + secret: &[ + 0x54, 0x28, 0x49, 0xa2, 0xd0, 0xec, 0x1f, 0xb8, 0x60, 0x59, 0xcf, 0x27, 0x33, + 0x69, 0xad, 0x76, 0x9d, 0x2f, 0x19, 0xa9, 0x31, 0x01, 0x3d, 0xd7, 0x80, 0x03, + 0x5d, 0x2f, 0x89, 0x45, 0x25, 0xeb, + ], + msg: &[ + 0xd8, 0x65, 0x91, 0x52, 0xe2, 0x5e, 0x15, 0xcc, 0xe2, 0xab, 0x7b, 0x3a, 0x2f, + 0xc8, 0x55, 0x9c, 0x72, 0xdf, 0x34, 0xed, 0x58, 0x8a, 0xad, 0x4a, 0xaa, 0x0f, + 0xac, 0x95, 0x8b, 0x8f, 0xb3, 0x90, 0xce, 0xc8, 0xa6, 0x27, 0x5f, 0x7f, 0xdd, + 0x06, 0x9e, 0x1e, 0x58, 0x7b, 0x62, 0x5e, 0x24, 0x0c, 0x6f, 0xec, 0x10, 0x5f, + 0xcf, 0x54, 0xcb, 0x7e, 0x4d, 0x8a, 0x91, 0xa2, 0x2a, 0xef, 0x51, 0xf2, 0x69, + 0x36, 0x25, 0xbd, 0xaf, 0x7c, 0xe6, 0x26, 0x92, 0x4a, 0x14, 0x95, 0x9f, 0xef, + 0xa4, 0xa4, 0xdd, 0x8d, 0x70, 0x4c, 0x1c, 0x67, 0xd5, 0xdb, 0xb2, 0x31, 0x19, + 0x47, 0x97, 0xae, 0x90, 0x15, 0x0a, + ], + iv: &[ + 0xd9, 0xe5, 0xf7, 0xef, 0x51, 0xdb, 0xb1, 0x03, 0xfc, 0x96, 0x68, 0x7d, 0x76, + 0x8f, 0xfc, 0xbc, + ], + cipher: &[ + 0xd9, 0xe5, 0xf7, 0xef, 0x51, 0xdb, 0xb1, 0x03, 0xfc, 0x96, 0x68, 0x7d, 0x76, + 0x8f, 0xfc, 0xbc, 0x33, 0x22, 0x18, 0xe9, 0xac, 0x22, 0xde, 0x8c, 0x27, 0x9e, + 0xa9, 0xb6, 0x16, 0x92, 0x57, 0x6b, 0x4b, 0x87, 0x31, 0x0e, 0x9e, 0xb5, 0x61, + 0x99, 0x1d, 0xc9, 0x96, 0xcd, 0x88, 0x49, 0x50, 0xe3, 0x41, 0xe8, 0x09, 0x87, + 0xfd, 0x0e, 0x9e, 0x0f, 0x18, 0x98, 0x00, 0xee, 0x24, 0xcf, 0x45, 0x48, 0x4a, + 0xf4, 0x8f, 0xa3, 0x96, 0x60, 0x08, 0x61, 0x46, 0xad, 0xaf, 0x34, 0x1f, 0x85, + 0x2c, 0x55, 0xcc, 0x69, 0xf6, 0x8a, 0x24, 0x9e, 0x9e, 0x2d, 0xd4, 0x1a, 0x9b, + 0x75, 0x96, 0xff, 0x7b, 0xe8, 0x5d, 0x1a, 0x42, 0x9e, 0x9d, 0x6f, 0xd7, 0x9c, + 0x0a, 0x01, 0xbc, 0xc3, 0x41, 0x69, 0x7a, 0xc6, 0xf8, 0x7c, 0xee, 0xd9, 0x5d, + 0x01, 0xfa, 0x6b, 0xb5, 0xec, 0xa7, 0xf0, 0x11, 0x46, 0x30, 0x14, 0xbc, 0x3e, + 0x92, 0x28, 0xda, 0x96, 0xa4, 0xe9, 0x7e, 0x82, 0x11, 0x8f, 0x1d, 0x57, 0x9f, + 0x5a, 0x71, 0xec, 0xcd, 0x05, 0xfb, 0x2f, 0x88, 0x19, 0x70, 0x68, 0x60, 0xee, + 0xb0, 0x62, 0x1d, 0x2c, + ], + }, + Test { + secret: &[ + 0x29, 0x40, 0xbf, 0x5a, 0x85, 0x98, 0x25, 0xf8, 0xf1, 0x04, 0x8d, 0xb4, 0xb3, + 0x8d, 0xd5, 0xbb, 0xfd, 0xf7, 0x50, 0xec, 0x3f, 0x47, 0xc8, 0x43, 0x82, 0x6a, + 0x12, 0x67, 0xc1, 0xc0, 0x6f, 0xd0, + ], + msg: &[ + 0x4c, 0xde, 0x81, 0xf7, 0xe5, 0x8c, 0x79, 0x16, 0x7e, 0xcb, 0xe0, 0x6b, 0x08, + 0x04, 0xee, 0xea, 0xa3, 0xe1, 0xe6, 0x78, 0x3c, 0x19, 0x37, 0x6b, 0x19, 0xce, + 0x35, 0xc0, 0x8e, 0x7a, 0x14, 0xe8, 0x28, 0x5c, 0x81, 0xa7, 0x49, 0x7a, 0xd1, + 0x8d, 0x5b, 0x4f, 0xf0, 0x37, 0x05, 0x6e, 0x4d, 0x8c, 0x85, 0xb7, 0xc1, 0x58, + 0xf2, 0x7a, 0xa3, 0x0e, 0x30, 0x4b, 0xe1, 0x07, 0x40, 0x47, 0x5c, 0xea, 0xb4, + 0x4c, 0xa2, 0x49, 0xa6, 0xc7, 0x1d, 0x3b, 0x89, 0x79, 0x72, 0x1b, 0x88, 0xcd, + 0xd1, 0xf6, 0x6d, 0x4c, 0x53, 0x48, 0xb5, 0x7e, 0x50, 0xdb, 0xdc, 0x66, 0x76, + 0x1f, 0xf1, 0xe3, 0x64, 0xc9, 0xae, 0x5e, + ], + iv: &[ + 0x3c, 0x14, 0xaa, 0xca, 0x65, 0xde, 0xd8, 0x4f, 0xf0, 0xdd, 0xaa, 0x63, 0x81, + 0xd7, 0xcb, 0xfd, + ], + cipher: &[ + 0x3c, 0x14, 0xaa, 0xca, 0x65, 0xde, 0xd8, 0x4f, 0xf0, 0xdd, 0xaa, 0x63, 0x81, + 0xd7, 0xcb, 0xfd, 0x45, 0x4c, 0xa9, 0x54, 0x73, 0x2a, 0xab, 0xc1, 0xfe, 0x22, + 0xe0, 0xf1, 0xb3, 0xfe, 0x65, 0x01, 0x52, 0x35, 0x70, 0x8a, 0x07, 0x12, 0x5f, + 0x87, 0x3c, 0x7d, 0x1e, 0xd7, 0xa9, 0x90, 0x4e, 0x86, 0x19, 0x24, 0x35, 0x1d, + 0xb6, 0x3e, 0x25, 0xdd, 0x5e, 0xa5, 0xe6, 0x2d, 0x6d, 0x93, 0x64, 0x82, 0x37, + 0xd2, 0x3e, 0x0d, 0xf4, 0xff, 0x40, 0x4b, 0x95, 0xd6, 0x44, 0x44, 0xc0, 0x02, + 0x86, 0xdb, 0x7c, 0x90, 0x22, 0x3e, 0x18, 0xf4, 0x19, 0xdb, 0xd6, 0x50, 0x0a, + 0x5f, 0x80, 0x95, 0xe2, 0x46, 0x03, 0x63, 0x7b, 0x2e, 0x7d, 0x3e, 0x6e, 0x89, + 0x24, 0xf8, 0x48, 0xea, 0xe6, 0x95, 0x49, 0x67, 0xb1, 0x00, 0x4b, 0x7f, 0xab, + 0x44, 0xdf, 0x40, 0xbf, 0x07, 0x15, 0x7b, 0x5d, 0x52, 0x4a, 0x51, 0x22, 0xc9, + 0x77, 0x68, 0x34, 0x40, 0x94, 0xb8, 0x04, 0x5a, 0xa6, 0x97, 0x36, 0xe8, 0xb3, + 0x8a, 0xcd, 0x76, 0xf8, 0x57, 0x1b, 0x74, 0x5b, 0xb4, 0x46, 0xa4, 0xb9, 0x31, + 0xd9, 0xd6, 0xf6, 0xe7, + ], + }, + Test { + secret: &[ + 0x65, 0x24, 0x87, 0xa5, 0xdb, 0xa2, 0x7e, 0x3c, 0x85, 0x29, 0xa9, 0xfd, 0xf0, + 0xaa, 0x3b, 0xff, 0x90, 0x32, 0x3c, 0xc9, 0x82, 0x46, 0x11, 0x1f, 0xbd, 0xf5, + 0x6c, 0xc4, 0x9e, 0x56, 0x11, 0x20, + ], + msg: &[ + 0x86, 0x85, 0x30, 0xe4, 0xb8, 0x0b, 0xbe, 0x2e, 0xf2, 0xec, 0x74, 0x0a, 0xd5, + 0xb1, 0xc5, 0xdc, 0xe7, 0xc9, 0x9c, 0xe7, 0xd3, 0x1b, 0x6d, 0x72, 0x8c, 0x88, + 0xc4, 0x1e, 0x3b, 0xd9, 0x10, 0x22, 0x75, 0x82, 0xdc, 0x68, 0x87, 0xc2, 0x8d, + 0x5a, 0xef, 0xcd, 0x11, 0x12, 0x7f, 0xac, 0xae, 0xcc, 0xa6, 0xbc, 0x46, 0x02, + 0x37, 0xa9, 0xa3, 0xa8, 0x42, 0x96, 0x88, 0xa5, 0xdd, 0xde, 0xbd, 0xe6, 0xd7, + 0xd4, 0x4e, 0x03, 0xe8, 0x2b, 0x85, 0xb0, 0x46, 0x06, 0xfa, 0x89, 0x6f, 0x34, + 0x95, 0xd9, 0xb4, 0xf0, 0xc3, 0x37, 0x58, 0x79, 0x18, 0x4d, 0xcb, 0x1b, 0x1e, + 0x63, 0xaa, 0x9b, 0x4d, 0x75, 0x97, 0x72, 0x28, + ], + iv: &[ + 0xac, 0x20, 0xdb, 0x4c, 0x6f, 0x54, 0x33, 0xe2, 0x6c, 0x08, 0xe6, 0x96, 0x5c, + 0x5c, 0xf4, 0xdf, + ], + cipher: &[ + 0xac, 0x20, 0xdb, 0x4c, 0x6f, 0x54, 0x33, 0xe2, 0x6c, 0x08, 0xe6, 0x96, 0x5c, + 0x5c, 0xf4, 0xdf, 0xb5, 0x1e, 0xbb, 0xca, 0x9d, 0x0c, 0x25, 0xea, 0x54, 0xdf, + 0x9a, 0x2d, 0x92, 0x33, 0x15, 0xe3, 0xfa, 0x4b, 0xc7, 0xcb, 0x5b, 0xff, 0xe6, + 0x25, 0x53, 0x7e, 0xa3, 0x58, 0x08, 0x5d, 0x58, 0x0e, 0xf6, 0xb8, 0xb1, 0xb0, + 0x2f, 0xec, 0x7c, 0x8f, 0x55, 0xd3, 0xd8, 0x1e, 0x66, 0x2f, 0x68, 0x71, 0x87, + 0x8f, 0x9d, 0x86, 0x37, 0x87, 0xd8, 0x6a, 0x9a, 0xc1, 0x6e, 0x3c, 0xe7, 0x8f, + 0xb6, 0xed, 0x3c, 0x92, 0x7f, 0x20, 0x98, 0xca, 0x10, 0xf0, 0x27, 0x31, 0xb7, + 0x40, 0xb7, 0xee, 0xc1, 0x2b, 0x7b, 0x24, 0x64, 0x31, 0x8d, 0x8e, 0x47, 0x30, + 0x45, 0x84, 0x61, 0x10, 0xa1, 0x8f, 0xe5, 0xb3, 0x0a, 0x86, 0x2d, 0x46, 0xde, + 0x24, 0xf5, 0xa2, 0x1b, 0x1e, 0xf8, 0xaa, 0xbe, 0x0f, 0x4e, 0x8f, 0xce, 0x68, + 0xbb, 0x73, 0xe1, 0x39, 0xac, 0x48, 0x4c, 0x83, 0xb5, 0x91, 0xe8, 0x31, 0x2e, + 0x48, 0x15, 0xf4, 0x07, 0xb8, 0xe9, 0x37, 0xa3, 0xec, 0xb1, 0xd8, 0x5a, 0xd1, + 0x5f, 0x29, 0xb0, 0xc5, + ], + }, + Test { + secret: &[ + 0x4f, 0x0d, 0x5c, 0x9d, 0x6c, 0xc8, 0x51, 0xb0, 0x91, 0x8d, 0x31, 0x72, 0x5a, + 0x9c, 0x50, 0x2e, 0x4f, 0xd5, 0x3d, 0x19, 0x0c, 0xe7, 0xf9, 0xa4, 0x6d, 0x8a, + 0x4c, 0x20, 0xa5, 0xda, 0xe8, 0xb4, + ], + msg: &[ + 0x9e, 0x50, 0x96, 0x9f, 0xd1, 0xfc, 0x71, 0xcc, 0x39, 0x01, 0xfa, 0xbf, 0xbf, + 0x50, 0x5e, 0xe4, 0xcd, 0xe1, 0xe0, 0x8b, 0x11, 0x40, 0x30, 0xfa, 0xec, 0xa4, + 0xad, 0xfd, 0xd9, 0xe1, 0x5b, 0x8e, 0xd1, 0x43, 0x21, 0x72, 0x3e, 0xeb, 0x51, + 0x5c, 0xf8, 0xea, 0xc8, 0xd0, 0x12, 0x04, 0x4e, 0x3e, 0x10, 0xc4, 0x1b, 0x10, + 0xf2, 0xb3, 0x15, 0x3b, 0x08, 0x96, 0xaf, 0x93, 0x32, 0xf9, 0x37, 0x35, 0xea, + 0xbc, 0x0b, 0x69, 0x95, 0x25, 0xdb, 0x72, 0xcd, 0x27, 0xde, 0xff, 0x23, 0x7a, + 0x45, 0x73, 0xb7, 0x58, 0x3a, 0x44, 0x37, 0x8e, 0xcc, 0x7c, 0x90, 0x02, 0xbe, + 0x5f, 0x7b, 0xb3, 0xc3, 0x63, 0x95, 0x7f, 0x41, 0x88, + ], + iv: &[ + 0x55, 0xed, 0x85, 0x92, 0x5f, 0x17, 0x03, 0x56, 0xec, 0x34, 0x44, 0x86, 0xdc, + 0x9b, 0x37, 0x96, + ], + cipher: &[ + 0x55, 0xed, 0x85, 0x92, 0x5f, 0x17, 0x03, 0x56, 0xec, 0x34, 0x44, 0x86, 0xdc, + 0x9b, 0x37, 0x96, 0x34, 0xd0, 0xa9, 0x6d, 0x79, 0xd7, 0xd0, 0x4f, 0xc1, 0x37, + 0xd3, 0x23, 0x69, 0x56, 0xca, 0x13, 0x9d, 0x5e, 0x94, 0xce, 0x00, 0x4c, 0x3a, + 0xf9, 0x79, 0x6f, 0x15, 0x30, 0x86, 0xe1, 0x78, 0xda, 0x70, 0x83, 0xc6, 0x50, + 0x80, 0xa7, 0x2a, 0xf0, 0x7a, 0x7f, 0xee, 0x45, 0x0d, 0x60, 0x2a, 0x5b, 0x4c, + 0xbf, 0xac, 0x6a, 0xb6, 0x88, 0xde, 0x9d, 0x08, 0xc4, 0x3c, 0x71, 0x35, 0x78, + 0x1a, 0x91, 0x53, 0x63, 0x4f, 0x22, 0xc4, 0x98, 0xe7, 0xa2, 0x7c, 0x4b, 0x32, + 0xaa, 0x8d, 0xce, 0x2f, 0x4e, 0x24, 0xa2, 0x38, 0xdd, 0x61, 0x59, 0x5e, 0xf9, + 0xa4, 0x50, 0x1c, 0x3f, 0x7d, 0x90, 0x6f, 0x3f, 0xfd, 0x99, 0x65, 0xb2, 0x76, + 0x52, 0x21, 0xe8, 0xa9, 0x59, 0x2c, 0x54, 0x97, 0x83, 0x4c, 0x46, 0x7f, 0xd0, + 0x3f, 0x63, 0xea, 0xdf, 0xf8, 0x7e, 0x8e, 0xe3, 0xc9, 0x87, 0x6c, 0xb4, 0x99, + 0x71, 0x7e, 0xac, 0x47, 0x7b, 0x12, 0x78, 0xd5, 0x56, 0x79, 0x80, 0x02, 0x05, + 0x72, 0xbb, 0x8d, 0x26, + ], + }, + ]; + + for test in tests { + let enc = encrypt_with_hmac(test.iv.try_into().unwrap(), test.secret, test.msg); + assert_eq!(enc.as_slice(), test.cipher); + let dec = decrypt_with_hmac(test.secret, &enc).unwrap(); + assert_eq!(dec.as_slice(), test.msg); + } + } +} diff --git a/src/rust/bitbox02-rust-c/Cargo.toml b/src/rust/bitbox02-rust-c/Cargo.toml index b96068ff5..8c2164278 100644 --- a/src/rust/bitbox02-rust-c/Cargo.toml +++ b/src/rust/bitbox02-rust-c/Cargo.toml @@ -25,6 +25,7 @@ crate-type = ["staticlib"] [dependencies] bitbox02-rust = { path = "../bitbox02-rust", optional = true } +bitbox-aes = { path = "../bitbox-aes", features = ["use-wally-sha512"] } bitbox02 = { path = "../bitbox02", optional = true } bitbox02-noise = { path = "../bitbox02-noise", optional = true } util = { path = "../util" } diff --git a/src/rust/bitbox02-rust-c/src/lib.rs b/src/rust/bitbox02-rust-c/src/lib.rs index d4f6ac52a..53fb7551d 100644 --- a/src/rust/bitbox02-rust-c/src/lib.rs +++ b/src/rust/bitbox02-rust-c/src/lib.rs @@ -80,3 +80,37 @@ pub unsafe extern "C" fn rust_log(ptr: *const ::util::c_types::c_char) { ::util::log::rtt_target::rprintln!("{}", s); } } + +#[no_mangle] +pub extern "C" fn rust_cipher_encrypt( + iv: crate::util::Bytes, + key: crate::util::Bytes, + plain: crate::util::Bytes, + mut out: crate::util::BytesMut, + out_len: &mut usize, +) { + let enc = bitbox_aes::encrypt_with_hmac( + &iv.as_ref().try_into().unwrap(), + key.as_ref(), + plain.as_ref(), + ); + out.as_mut()[..enc.len()].copy_from_slice(&enc); + *out_len = enc.len(); +} + +#[no_mangle] +pub extern "C" fn rust_cipher_decrypt( + key: crate::util::Bytes, + cipher: crate::util::Bytes, + mut out: crate::util::BytesMut, + out_len: &mut usize, +) -> bool { + match bitbox_aes::decrypt_with_hmac(key.as_ref(), cipher.as_ref()) { + Ok(dec) => { + out.as_mut()[..dec.len()].copy_from_slice(&dec); + *out_len = dec.len(); + true + } + Err(_) => false, + } +} diff --git a/src/rust/bitbox02/build.rs b/src/rust/bitbox02/build.rs index 84c35e5b5..478f73e38 100644 --- a/src/rust/bitbox02/build.rs +++ b/src/rust/bitbox02/build.rs @@ -14,7 +14,6 @@ fn main() { // external libs println!("cargo::rustc-link-lib=wallycore"); println!("cargo::rustc-link-lib=secp256k1"); - println!("cargo::rustc-link-lib=ctaes"); println!("cargo::rustc-link-lib=fatfs"); println!("cargo::rustc-link-lib=sd-mock"); diff --git a/src/rust/vendor/ctaes/.cargo-checksum.json b/src/rust/vendor/ctaes/.cargo-checksum.json new file mode 100644 index 000000000..349c32fa6 --- /dev/null +++ b/src/rust/vendor/ctaes/.cargo-checksum.json @@ -0,0 +1 @@ +{"files":{"Cargo.lock":"81e436ae625fca3a4bd74982bc9cc72bda12bffb309d2d34cb30ba8ee97cc18c","Cargo.toml":"23631338de81e8797a221a6d6fbf32b553407065ed8d3483781a6a98ad39c633","LICENSE":"c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4","README.md":"09b0682d770ae8c3447098362935b2f1168a355e4459cdad0111b2fd000ffdc7","build.rs":"71b34b966fa507a8c92d19c9250770cf4c956f87c25a26c3e512e6e399fe268f","depend/ctaes/COPYING":"705391f5c3000c942b63c028977a372a5fb12eb0abc6210b3d835115e2544a06","depend/ctaes/README.md":"ac7bb439537cbda2893269130b744b29ea541cbcfaa1e25cacbf09cdad937bb3","depend/ctaes/bench.c":"54825ba789efeb25c46d85fd6caafc5173830c691455739c1d8b7aa42113bc2d","depend/ctaes/ctaes.c":"78913b0339766c3901825560aaba42f23081bd5ff20658ba4decd849c90e65e2","depend/ctaes/ctaes.h":"a1a62f394eda457b35d9126373d3216cebaff536ba924515162414337dc8e4db","depend/ctaes/test.c":"c8663ee34b5caf1aafdf64b35200e72a24200fdc6758214df156afcdb5de6247","src/lib.rs":"7624f7be1dfb3605b1ca6697fc3b6dd01d1a6666687ed1161ae9bd375fe70bdf"},"package":"c4cbca3712c15d1e2dcc77f4eea8c838fb98f54ffe272d13a72516d488b098ce"} \ No newline at end of file diff --git a/src/rust/vendor/ctaes/Cargo.lock b/src/rust/vendor/ctaes/Cargo.lock new file mode 100644 index 000000000..a70b57350 --- /dev/null +++ b/src/rust/vendor/ctaes/Cargo.lock @@ -0,0 +1,32 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "cc" +version = "1.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04da6a0d40b948dfc4fa8f5bbf402b0fc1a64a28dbf7d12ffd683550f2c1b63a" +dependencies = [ + "shlex", +] + +[[package]] +name = "ctaes" +version = "0.1.0" +dependencies = [ + "cc", + "hex", +] + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" diff --git a/src/rust/vendor/ctaes/Cargo.toml b/src/rust/vendor/ctaes/Cargo.toml new file mode 100644 index 000000000..c8444ee78 --- /dev/null +++ b/src/rust/vendor/ctaes/Cargo.toml @@ -0,0 +1,52 @@ +# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO +# +# When uploading crates to the registry Cargo will automatically +# "normalize" Cargo.toml files for maximal compatibility +# with all versions of Cargo and also rewrite `path` dependencies +# to registry (e.g., crates.io) dependencies. +# +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. + +[package] +edition = "2024" +name = "ctaes" +version = "0.1.0" +authors = ["Marko Bencun "] +build = "build.rs" +autolib = false +autobins = false +autoexamples = false +autotests = false +autobenches = false +description = "A wrapper of Bitcoin Core's ctaes C library. ctaes is a simple constant-time AES implementation." +homepage = "https://bitbox.swiss/" +readme = "README.md" +keywords = [ + "aes", + "crypto", + "encryption", + "ffi", + "no_std", +] +categories = [ + "cryptography", + "external-ffi-bindings", + "embedded", + "no-std", +] +license = "Apache-2.0" +repository = "https://github.com/BitBoxSwiss/rust-ctaes/" + +[lib] +name = "ctaes" +path = "src/lib.rs" + +[dependencies] + +[dev-dependencies.hex] +version = "0.4" + +[build-dependencies.cc] +version = "1" diff --git a/src/rust/vendor/ctaes/LICENSE b/src/rust/vendor/ctaes/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/src/rust/vendor/ctaes/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/src/rust/vendor/ctaes/README.md b/src/rust/vendor/ctaes/README.md new file mode 100644 index 000000000..b26f7569c --- /dev/null +++ b/src/rust/vendor/ctaes/README.md @@ -0,0 +1,4 @@ +# rust-ctaes + +This is Rust wrapper around [ctaes](https://github.com/bitcoin-core/ctaes/), a constant time +implementation of AES. diff --git a/src/rust/vendor/ctaes/build.rs b/src/rust/vendor/ctaes/build.rs new file mode 100644 index 000000000..977e0df5f --- /dev/null +++ b/src/rust/vendor/ctaes/build.rs @@ -0,0 +1,8 @@ +fn main() { + cc::Build::new() + .file("depend/ctaes/ctaes.c") + .compile("ctaes_clib"); + println!("cargo:rerun-if-changed=depend/ctaes/ctaes.c"); + println!("cargo:rerun-if-changed=depend/ctaes/ctaes.h"); + println!("cargo:rustc-link-lib=static=ctaes_clib"); +} diff --git a/src/rust/vendor/ctaes/depend/ctaes/COPYING b/src/rust/vendor/ctaes/depend/ctaes/COPYING new file mode 100644 index 000000000..415b202a2 --- /dev/null +++ b/src/rust/vendor/ctaes/depend/ctaes/COPYING @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Pieter Wuille + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/src/rust/vendor/ctaes/depend/ctaes/README.md b/src/rust/vendor/ctaes/depend/ctaes/README.md new file mode 100644 index 000000000..0e7fe1775 --- /dev/null +++ b/src/rust/vendor/ctaes/depend/ctaes/README.md @@ -0,0 +1,41 @@ +ctaes +===== + +Simple C module for constant-time AES encryption and decryption. + +Features: +* Simple, pure C code without any dependencies. +* No tables or data-dependent branches whatsoever, but using bit sliced approach from https://eprint.iacr.org/2009/129.pdf. +* Very small object code: slightly over 4k of executable code when compiled with -Os. +* Slower than implementations based on precomputed tables or specialized instructions, but can do ~15 MB/s on modern CPUs. + +Performance +----------- + +Compiled with GCC 5.3.1 with -O3, on an Intel(R) Core(TM) i7-4800MQ CPU, numbers in CPU cycles: + +| Algorithm | Key schedule | Encryption per byte | Decryption per byte | +| --------- | ------------:| -------------------:| -------------------:| +| AES-128 | 2.8k | 154 | 161 | +| AES-192 | 3.1k | 169 | 181 | +| AES-256 | 4.0k | 191 | 203 | + +Build steps +----------- + +Object code: + + $ gcc -O3 ctaes.c -c -o ctaes.o + +Tests: + + $ gcc -O3 ctaes.c test.c -o test + +Benchmark: + + $ gcc -O3 ctaes.c bench.c -o bench + +Review +------ + +Results of a formal review of the code can be found in http://bitcoin.sipa.be/ctaes/review.zip diff --git a/src/rust/vendor/ctaes/depend/ctaes/bench.c b/src/rust/vendor/ctaes/depend/ctaes/bench.c new file mode 100644 index 000000000..a4a6b91d5 --- /dev/null +++ b/src/rust/vendor/ctaes/depend/ctaes/bench.c @@ -0,0 +1,175 @@ + /********************************************************************* + * Copyright (c) 2016 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://opensource.org/licenses/mit-license.php. * + **********************************************************************/ +#include +#include +#include "sys/time.h" + +#include "ctaes.h" + +static double gettimedouble(void) { + struct timeval tv; + gettimeofday(&tv, NULL); + return tv.tv_usec * 0.000001 + tv.tv_sec; +} + +static void print_number(double x) { + double y = x; + int c = 0; + if (y < 0.0) { + y = -y; + } + while (0.0 < y && y < 100.0) { + y *= 10.0; + c++; + } + printf("%.*f", c, x); +} + +static void run_benchmark(char *name, void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) { + int i; + double min = HUGE_VAL; + double sum = 0.0; + double max = 0.0; + for (i = 0; i < count; i++) { + double begin, total; + if (setup != NULL) { + setup(data); + } + begin = gettimedouble(); + benchmark(data); + total = gettimedouble() - begin; + if (teardown != NULL) { + teardown(data); + } + if (total < min) { + min = total; + } + if (total > max) { + max = total; + } + sum += total; + } + printf("%s: min ", name); + print_number(min * 1000000000.0 / iter); + printf("ns / avg "); + print_number((sum / count) * 1000000000.0 / iter); + printf("ns / max "); + print_number(max * 1000000000.0 / iter); + printf("ns\n"); +} + +static void bench_AES128_init(void* data) { + AES128_ctx* ctx = (AES128_ctx*)data; + int i; + for (i = 0; i < 50000; i++) { + AES128_init(ctx, (unsigned char*)ctx); + } +} + +static void bench_AES128_encrypt_setup(void* data) { + AES128_ctx* ctx = (AES128_ctx*)data; + static const unsigned char key[16] = {0}; + AES128_init(ctx, key); +} + +static void bench_AES128_encrypt(void* data) { + const AES128_ctx* ctx = (const AES128_ctx*)data; + unsigned char scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + AES128_encrypt(ctx, 1, scratch, scratch); + } +} + +static void bench_AES128_decrypt(void* data) { + const AES128_ctx* ctx = (const AES128_ctx*)data; + unsigned char scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + AES128_decrypt(ctx, 1, scratch, scratch); + } +} + +static void bench_AES192_init(void* data) { + AES192_ctx* ctx = (AES192_ctx*)data; + int i; + for (i = 0; i < 50000; i++) { + AES192_init(ctx, (unsigned char*)ctx); + } +} + +static void bench_AES192_encrypt_setup(void* data) { + AES192_ctx* ctx = (AES192_ctx*)data; + static const unsigned char key[24] = {0}; + AES192_init(ctx, key); +} + +static void bench_AES192_encrypt(void* data) { + const AES192_ctx* ctx = (const AES192_ctx*)data; + unsigned char scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + AES192_encrypt(ctx, 1, scratch, scratch); + } +} + +static void bench_AES192_decrypt(void* data) { + const AES192_ctx* ctx = (const AES192_ctx*)data; + unsigned char scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + AES192_decrypt(ctx, 1, scratch, scratch); + } +} + +static void bench_AES256_init(void* data) { + AES256_ctx* ctx = (AES256_ctx*)data; + int i; + for (i = 0; i < 50000; i++) { + AES256_init(ctx, (unsigned char*)ctx); + } +} + + +static void bench_AES256_encrypt_setup(void* data) { + AES256_ctx* ctx = (AES256_ctx*)data; + static const unsigned char key[32] = {0}; + AES256_init(ctx, key); +} + +static void bench_AES256_encrypt(void* data) { + const AES256_ctx* ctx = (const AES256_ctx*)data; + unsigned char scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + AES256_encrypt(ctx, 1, scratch, scratch); + } +} + +static void bench_AES256_decrypt(void* data) { + const AES256_ctx* ctx = (const AES256_ctx*)data; + unsigned char scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + AES256_decrypt(ctx, 1, scratch, scratch); + } +} + +int main(void) { + AES128_ctx ctx128; + AES192_ctx ctx192; + AES256_ctx ctx256; + run_benchmark("aes128_init", bench_AES128_init, NULL, NULL, &ctx128, 20, 50000); + run_benchmark("aes128_encrypt_byte", bench_AES128_encrypt, bench_AES128_encrypt_setup, NULL, &ctx128, 20, 4000000); + run_benchmark("aes128_decrypt_byte", bench_AES128_decrypt, bench_AES128_encrypt_setup, NULL, &ctx128, 20, 4000000); + run_benchmark("aes192_init", bench_AES192_init, NULL, NULL, &ctx192, 20, 50000); + run_benchmark("aes192_encrypt_byte", bench_AES192_encrypt, bench_AES192_encrypt_setup, NULL, &ctx192, 20, 4000000); + run_benchmark("aes192_decrypt_byte", bench_AES192_decrypt, bench_AES192_encrypt_setup, NULL, &ctx192, 20, 4000000); + run_benchmark("aes256_init", bench_AES256_init, NULL, NULL, &ctx256, 20, 50000); + run_benchmark("aes256_encrypt_byte", bench_AES256_encrypt, bench_AES256_encrypt_setup, NULL, &ctx256, 20, 4000000); + run_benchmark("aes256_decrypt_byte", bench_AES256_decrypt, bench_AES256_encrypt_setup, NULL, &ctx256, 20, 4000000); + return 0; +} diff --git a/src/rust/vendor/ctaes/depend/ctaes/ctaes.c b/src/rust/vendor/ctaes/depend/ctaes/ctaes.c new file mode 100644 index 000000000..decc66da6 --- /dev/null +++ b/src/rust/vendor/ctaes/depend/ctaes/ctaes.c @@ -0,0 +1,632 @@ + /********************************************************************* + * Copyright (c) 2016 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://opensource.org/licenses/mit-license.php. * + **********************************************************************/ + +/* Constant time, unoptimized, concise, plain C, AES implementation + * Based On: + * Emilia Kasper and Peter Schwabe, Faster and Timing-Attack Resistant AES-GCM + * https://www.iacr.org/archive/ches2009/57470001/57470001.pdf + * But using 8 16-bit integers representing a single AES state rather than 8 128-bit + * integers representing 8 AES states. + */ + +#include "ctaes.h" + +#include + +/* Slice variable slice_i contains the i'th bit of the 16 state variables in this order: + * 0 1 2 3 + * 4 5 6 7 + * 8 9 10 11 + * 12 13 14 15 + */ + +/** Convert a byte to sliced form, storing it corresponding to given row and column in s */ +static void LoadByte(AES_state* s, unsigned char byte, int r, int c) { + int i; + for (i = 0; i < 8; i++) { + s->slice[i] |= (uint16_t)(byte & 1) << (r * 4 + c); + byte >>= 1; + } +} + +/** Load 16 bytes of data into 8 sliced integers */ +static void LoadBytes(AES_state *s, const unsigned char* data16) { + int c; + for (c = 0; c < 4; c++) { + int r; + for (r = 0; r < 4; r++) { + LoadByte(s, *(data16++), r, c); + } + } +} + +/** Convert 8 sliced integers into 16 bytes of data */ +static void SaveBytes(unsigned char* data16, const AES_state *s) { + int c; + for (c = 0; c < 4; c++) { + int r; + for (r = 0; r < 4; r++) { + int b; + uint8_t v = 0; + for (b = 0; b < 8; b++) { + v |= ((s->slice[b] >> (r * 4 + c)) & 1) << b; + } + *(data16++) = v; + } + } +} + +/* S-box implementation based on the gate logic from: + * Joan Boyar and Rene Peralta, A depth-16 circuit for the AES S-box. + * https://eprint.iacr.org/2011/332.pdf +*/ +static void SubBytes(AES_state *s, int inv) { + /* Load the bit slices */ + uint16_t U0 = s->slice[7], U1 = s->slice[6], U2 = s->slice[5], U3 = s->slice[4]; + uint16_t U4 = s->slice[3], U5 = s->slice[2], U6 = s->slice[1], U7 = s->slice[0]; + + uint16_t T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15, T16; + uint16_t T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, D; + uint16_t M1, M6, M11, M13, M15, M20, M21, M22, M23, M25, M37, M38, M39, M40; + uint16_t M41, M42, M43, M44, M45, M46, M47, M48, M49, M50, M51, M52, M53, M54; + uint16_t M55, M56, M57, M58, M59, M60, M61, M62, M63; + + if (inv) { + uint16_t R5, R13, R17, R18, R19; + /* Undo linear postprocessing */ + T23 = U0 ^ U3; + T22 = ~(U1 ^ U3); + T2 = ~(U0 ^ U1); + T1 = U3 ^ U4; + T24 = ~(U4 ^ U7); + R5 = U6 ^ U7; + T8 = ~(U1 ^ T23); + T19 = T22 ^ R5; + T9 = ~(U7 ^ T1); + T10 = T2 ^ T24; + T13 = T2 ^ R5; + T3 = T1 ^ R5; + T25 = ~(U2 ^ T1); + R13 = U1 ^ U6; + T17 = ~(U2 ^ T19); + T20 = T24 ^ R13; + T4 = U4 ^ T8; + R17 = ~(U2 ^ U5); + R18 = ~(U5 ^ U6); + R19 = ~(U2 ^ U4); + D = U0 ^ R17; + T6 = T22 ^ R17; + T16 = R13 ^ R19; + T27 = T1 ^ R18; + T15 = T10 ^ T27; + T14 = T10 ^ R18; + T26 = T3 ^ T16; + } else { + /* Linear preprocessing. */ + T1 = U0 ^ U3; + T2 = U0 ^ U5; + T3 = U0 ^ U6; + T4 = U3 ^ U5; + T5 = U4 ^ U6; + T6 = T1 ^ T5; + T7 = U1 ^ U2; + T8 = U7 ^ T6; + T9 = U7 ^ T7; + T10 = T6 ^ T7; + T11 = U1 ^ U5; + T12 = U2 ^ U5; + T13 = T3 ^ T4; + T14 = T6 ^ T11; + T15 = T5 ^ T11; + T16 = T5 ^ T12; + T17 = T9 ^ T16; + T18 = U3 ^ U7; + T19 = T7 ^ T18; + T20 = T1 ^ T19; + T21 = U6 ^ U7; + T22 = T7 ^ T21; + T23 = T2 ^ T22; + T24 = T2 ^ T10; + T25 = T20 ^ T17; + T26 = T3 ^ T16; + T27 = T1 ^ T12; + D = U7; + } + + /* Non-linear transformation (shared between the forward and backward case) */ + M1 = T13 & T6; + M6 = T3 & T16; + M11 = T1 & T15; + M13 = (T4 & T27) ^ M11; + M15 = (T2 & T10) ^ M11; + M20 = T14 ^ M1 ^ (T23 & T8) ^ M13; + M21 = (T19 & D) ^ M1 ^ T24 ^ M15; + M22 = T26 ^ M6 ^ (T22 & T9) ^ M13; + M23 = (T20 & T17) ^ M6 ^ M15 ^ T25; + M25 = M22 & M20; + M37 = M21 ^ ((M20 ^ M21) & (M23 ^ M25)); + M38 = M20 ^ M25 ^ (M21 | (M20 & M23)); + M39 = M23 ^ ((M22 ^ M23) & (M21 ^ M25)); + M40 = M22 ^ M25 ^ (M23 | (M21 & M22)); + M41 = M38 ^ M40; + M42 = M37 ^ M39; + M43 = M37 ^ M38; + M44 = M39 ^ M40; + M45 = M42 ^ M41; + M46 = M44 & T6; + M47 = M40 & T8; + M48 = M39 & D; + M49 = M43 & T16; + M50 = M38 & T9; + M51 = M37 & T17; + M52 = M42 & T15; + M53 = M45 & T27; + M54 = M41 & T10; + M55 = M44 & T13; + M56 = M40 & T23; + M57 = M39 & T19; + M58 = M43 & T3; + M59 = M38 & T22; + M60 = M37 & T20; + M61 = M42 & T1; + M62 = M45 & T4; + M63 = M41 & T2; + + if (inv){ + /* Undo linear preprocessing */ + uint16_t P0 = M52 ^ M61; + uint16_t P1 = M58 ^ M59; + uint16_t P2 = M54 ^ M62; + uint16_t P3 = M47 ^ M50; + uint16_t P4 = M48 ^ M56; + uint16_t P5 = M46 ^ M51; + uint16_t P6 = M49 ^ M60; + uint16_t P7 = P0 ^ P1; + uint16_t P8 = M50 ^ M53; + uint16_t P9 = M55 ^ M63; + uint16_t P10 = M57 ^ P4; + uint16_t P11 = P0 ^ P3; + uint16_t P12 = M46 ^ M48; + uint16_t P13 = M49 ^ M51; + uint16_t P14 = M49 ^ M62; + uint16_t P15 = M54 ^ M59; + uint16_t P16 = M57 ^ M61; + uint16_t P17 = M58 ^ P2; + uint16_t P18 = M63 ^ P5; + uint16_t P19 = P2 ^ P3; + uint16_t P20 = P4 ^ P6; + uint16_t P22 = P2 ^ P7; + uint16_t P23 = P7 ^ P8; + uint16_t P24 = P5 ^ P7; + uint16_t P25 = P6 ^ P10; + uint16_t P26 = P9 ^ P11; + uint16_t P27 = P10 ^ P18; + uint16_t P28 = P11 ^ P25; + uint16_t P29 = P15 ^ P20; + s->slice[7] = P13 ^ P22; + s->slice[6] = P26 ^ P29; + s->slice[5] = P17 ^ P28; + s->slice[4] = P12 ^ P22; + s->slice[3] = P23 ^ P27; + s->slice[2] = P19 ^ P24; + s->slice[1] = P14 ^ P23; + s->slice[0] = P9 ^ P16; + } else { + /* Linear postprocessing */ + uint16_t L0 = M61 ^ M62; + uint16_t L1 = M50 ^ M56; + uint16_t L2 = M46 ^ M48; + uint16_t L3 = M47 ^ M55; + uint16_t L4 = M54 ^ M58; + uint16_t L5 = M49 ^ M61; + uint16_t L6 = M62 ^ L5; + uint16_t L7 = M46 ^ L3; + uint16_t L8 = M51 ^ M59; + uint16_t L9 = M52 ^ M53; + uint16_t L10 = M53 ^ L4; + uint16_t L11 = M60 ^ L2; + uint16_t L12 = M48 ^ M51; + uint16_t L13 = M50 ^ L0; + uint16_t L14 = M52 ^ M61; + uint16_t L15 = M55 ^ L1; + uint16_t L16 = M56 ^ L0; + uint16_t L17 = M57 ^ L1; + uint16_t L18 = M58 ^ L8; + uint16_t L19 = M63 ^ L4; + uint16_t L20 = L0 ^ L1; + uint16_t L21 = L1 ^ L7; + uint16_t L22 = L3 ^ L12; + uint16_t L23 = L18 ^ L2; + uint16_t L24 = L15 ^ L9; + uint16_t L25 = L6 ^ L10; + uint16_t L26 = L7 ^ L9; + uint16_t L27 = L8 ^ L10; + uint16_t L28 = L11 ^ L14; + uint16_t L29 = L11 ^ L17; + s->slice[7] = L6 ^ L24; + s->slice[6] = ~(L16 ^ L26); + s->slice[5] = ~(L19 ^ L28); + s->slice[4] = L6 ^ L21; + s->slice[3] = L20 ^ L22; + s->slice[2] = L25 ^ L29; + s->slice[1] = ~(L13 ^ L27); + s->slice[0] = ~(L6 ^ L23); + } +} + +#define BIT_RANGE(from,to) ((uint16_t)((1 << ((to) - (from))) - 1) << (from)) + +#define BIT_RANGE_LEFT(x,from,to,shift) (((x) & BIT_RANGE((from), (to))) << (shift)) +#define BIT_RANGE_RIGHT(x,from,to,shift) (((x) & BIT_RANGE((from), (to))) >> (shift)) + +static void ShiftRows(AES_state* s) { + int i; + for (i = 0; i < 8; i++) { + uint16_t v = s->slice[i]; + s->slice[i] = + (v & BIT_RANGE(0, 4)) | + BIT_RANGE_LEFT(v, 4, 5, 3) | BIT_RANGE_RIGHT(v, 5, 8, 1) | + BIT_RANGE_LEFT(v, 8, 10, 2) | BIT_RANGE_RIGHT(v, 10, 12, 2) | + BIT_RANGE_LEFT(v, 12, 15, 1) | BIT_RANGE_RIGHT(v, 15, 16, 3); + } +} + +static void InvShiftRows(AES_state* s) { + int i; + for (i = 0; i < 8; i++) { + uint16_t v = s->slice[i]; + s->slice[i] = + (v & BIT_RANGE(0, 4)) | + BIT_RANGE_LEFT(v, 4, 7, 1) | BIT_RANGE_RIGHT(v, 7, 8, 3) | + BIT_RANGE_LEFT(v, 8, 10, 2) | BIT_RANGE_RIGHT(v, 10, 12, 2) | + BIT_RANGE_LEFT(v, 12, 13, 3) | BIT_RANGE_RIGHT(v, 13, 16, 1); + } +} + +#define ROT(x,b) (((x) >> ((b) * 4)) | ((x) << ((4-(b)) * 4))) + +static void MixColumns(AES_state* s, int inv) { + /* The MixColumns transform treats the bytes of the columns of the state as + * coefficients of a 3rd degree polynomial over GF(2^8) and multiplies them + * by the fixed polynomial a(x) = {03}x^3 + {01}x^2 + {01}x + {02}, modulo + * x^4 + {01}. + * + * In the inverse transform, we multiply by the inverse of a(x), + * a^-1(x) = {0b}x^3 + {0d}x^2 + {09}x + {0e}. This is equal to + * a(x) * ({04}x^2 + {05}), so we can reuse the forward transform's code + * (found in OpenSSL's bsaes-x86_64.pl, attributed to Jussi Kivilinna) + * + * In the bitsliced representation, a multiplication of every column by x + * mod x^4 + 1 is simply a right rotation. + */ + + /* Shared for both directions is a multiplication by a(x), which can be + * rewritten as (x^3 + x^2 + x) + {02}*(x^3 + {01}). + * + * First compute s into the s? variables, (x^3 + {01}) * s into the s?_01 + * variables and (x^3 + x^2 + x)*s into the s?_123 variables. + */ + uint16_t s0 = s->slice[0], s1 = s->slice[1], s2 = s->slice[2], s3 = s->slice[3]; + uint16_t s4 = s->slice[4], s5 = s->slice[5], s6 = s->slice[6], s7 = s->slice[7]; + uint16_t s0_01 = s0 ^ ROT(s0, 1), s0_123 = ROT(s0_01, 1) ^ ROT(s0, 3); + uint16_t s1_01 = s1 ^ ROT(s1, 1), s1_123 = ROT(s1_01, 1) ^ ROT(s1, 3); + uint16_t s2_01 = s2 ^ ROT(s2, 1), s2_123 = ROT(s2_01, 1) ^ ROT(s2, 3); + uint16_t s3_01 = s3 ^ ROT(s3, 1), s3_123 = ROT(s3_01, 1) ^ ROT(s3, 3); + uint16_t s4_01 = s4 ^ ROT(s4, 1), s4_123 = ROT(s4_01, 1) ^ ROT(s4, 3); + uint16_t s5_01 = s5 ^ ROT(s5, 1), s5_123 = ROT(s5_01, 1) ^ ROT(s5, 3); + uint16_t s6_01 = s6 ^ ROT(s6, 1), s6_123 = ROT(s6_01, 1) ^ ROT(s6, 3); + uint16_t s7_01 = s7 ^ ROT(s7, 1), s7_123 = ROT(s7_01, 1) ^ ROT(s7, 3); + /* Now compute s = s?_123 + {02} * s?_01. */ + s->slice[0] = s7_01 ^ s0_123; + s->slice[1] = s7_01 ^ s0_01 ^ s1_123; + s->slice[2] = s1_01 ^ s2_123; + s->slice[3] = s7_01 ^ s2_01 ^ s3_123; + s->slice[4] = s7_01 ^ s3_01 ^ s4_123; + s->slice[5] = s4_01 ^ s5_123; + s->slice[6] = s5_01 ^ s6_123; + s->slice[7] = s6_01 ^ s7_123; + if (inv) { + /* In the reverse direction, we further need to multiply by + * {04}x^2 + {05}, which can be written as {04} * (x^2 + {01}) + {01}. + * + * First compute (x^2 + {01}) * s into the t?_02 variables: */ + uint16_t t0_02 = s->slice[0] ^ ROT(s->slice[0], 2); + uint16_t t1_02 = s->slice[1] ^ ROT(s->slice[1], 2); + uint16_t t2_02 = s->slice[2] ^ ROT(s->slice[2], 2); + uint16_t t3_02 = s->slice[3] ^ ROT(s->slice[3], 2); + uint16_t t4_02 = s->slice[4] ^ ROT(s->slice[4], 2); + uint16_t t5_02 = s->slice[5] ^ ROT(s->slice[5], 2); + uint16_t t6_02 = s->slice[6] ^ ROT(s->slice[6], 2); + uint16_t t7_02 = s->slice[7] ^ ROT(s->slice[7], 2); + /* And then update s += {04} * t?_02 */ + s->slice[0] ^= t6_02; + s->slice[1] ^= t6_02 ^ t7_02; + s->slice[2] ^= t0_02 ^ t7_02; + s->slice[3] ^= t1_02 ^ t6_02; + s->slice[4] ^= t2_02 ^ t6_02 ^ t7_02; + s->slice[5] ^= t3_02 ^ t7_02; + s->slice[6] ^= t4_02; + s->slice[7] ^= t5_02; + } +} + +static void AddRoundKey(AES_state* s, const AES_state* round) { + int b; + for (b = 0; b < 8; b++) { + s->slice[b] ^= round->slice[b]; + } +} + +/** column_0(s) = column_c(a) */ +static void GetOneColumn(AES_state* s, const AES_state* a, int c) { + int b; + for (b = 0; b < 8; b++) { + s->slice[b] = (a->slice[b] >> c) & 0x1111; + } +} + +/** column_c1(r) |= (column_0(s) ^= column_c2(a)) */ +static void KeySetupColumnMix(AES_state* s, AES_state* r, const AES_state* a, int c1, int c2) { + int b; + for (b = 0; b < 8; b++) { + r->slice[b] |= ((s->slice[b] ^= ((a->slice[b] >> c2) & 0x1111)) & 0x1111) << c1; + } +} + +/** Rotate the rows in s one position upwards, and xor in r */ +static void KeySetupTransform(AES_state* s, const AES_state* r) { + int b; + for (b = 0; b < 8; b++) { + s->slice[b] = ((s->slice[b] >> 4) | (s->slice[b] << 12)) ^ r->slice[b]; + } +} + +/* Multiply the cells in s by x, as polynomials over GF(2) mod x^8 + x^4 + x^3 + x + 1 */ +static void MultX(AES_state* s) { + uint16_t top = s->slice[7]; + s->slice[7] = s->slice[6]; + s->slice[6] = s->slice[5]; + s->slice[5] = s->slice[4]; + s->slice[4] = s->slice[3] ^ top; + s->slice[3] = s->slice[2] ^ top; + s->slice[2] = s->slice[1]; + s->slice[1] = s->slice[0] ^ top; + s->slice[0] = top; +} + +/** Expand the cipher key into the key schedule. + * + * state must be a pointer to an array of size nrounds + 1. + * key must be a pointer to 4 * nkeywords bytes. + * + * AES128 uses nkeywords = 4, nrounds = 10 + * AES192 uses nkeywords = 6, nrounds = 12 + * AES256 uses nkeywords = 8, nrounds = 14 + */ +static void AES_setup(AES_state* rounds, const uint8_t* key, int nkeywords, int nrounds) +{ + int i; + + /* The one-byte round constant */ + AES_state rcon = {{1,0,0,0,0,0,0,0}}; + /* The number of the word being generated, modulo nkeywords */ + int pos = 0; + /* The column representing the word currently being processed */ + AES_state column; + + for (i = 0; i < nrounds + 1; i++) { + int b; + for (b = 0; b < 8; b++) { + rounds[i].slice[b] = 0; + } + } + + /* The first nkeywords round columns are just taken from the key directly. */ + for (i = 0; i < nkeywords; i++) { + int r; + for (r = 0; r < 4; r++) { + LoadByte(&rounds[i >> 2], *(key++), r, i & 3); + } + } + + GetOneColumn(&column, &rounds[(nkeywords - 1) >> 2], (nkeywords - 1) & 3); + + for (i = nkeywords; i < 4 * (nrounds + 1); i++) { + /* Transform column */ + if (pos == 0) { + SubBytes(&column, 0); + KeySetupTransform(&column, &rcon); + MultX(&rcon); + } else if (nkeywords > 6 && pos == 4) { + SubBytes(&column, 0); + } + if (++pos == nkeywords) pos = 0; + KeySetupColumnMix(&column, &rounds[i >> 2], &rounds[(i - nkeywords) >> 2], i & 3, (i - nkeywords) & 3); + } +} + +static void AES_encrypt(const AES_state* rounds, int nrounds, unsigned char* cipher16, const unsigned char* plain16) { + AES_state s = {{0}}; + int round; + + LoadBytes(&s, plain16); + AddRoundKey(&s, rounds++); + + for (round = 1; round < nrounds; round++) { + SubBytes(&s, 0); + ShiftRows(&s); + MixColumns(&s, 0); + AddRoundKey(&s, rounds++); + } + + SubBytes(&s, 0); + ShiftRows(&s); + AddRoundKey(&s, rounds); + + SaveBytes(cipher16, &s); +} + +static void AES_decrypt(const AES_state* rounds, int nrounds, unsigned char* plain16, const unsigned char* cipher16) { + /* Most AES decryption implementations use the alternate scheme + * (the Equivalent Inverse Cipher), which allows for more code reuse between + * the encryption and decryption code, but requires separate setup for both. + */ + AES_state s = {{0}}; + int round; + + rounds += nrounds; + + LoadBytes(&s, cipher16); + AddRoundKey(&s, rounds--); + + for (round = 1; round < nrounds; round++) { + InvShiftRows(&s); + SubBytes(&s, 1); + AddRoundKey(&s, rounds--); + MixColumns(&s, 1); + } + + InvShiftRows(&s); + SubBytes(&s, 1); + AddRoundKey(&s, rounds); + + SaveBytes(plain16, &s); +} + +void AES128_init(AES128_ctx* ctx, const unsigned char* key16) { + AES_setup(ctx->rk, key16, 4, 10); +} + +void AES128_encrypt(const AES128_ctx* ctx, size_t blocks, unsigned char* cipher16, const unsigned char* plain16) { + while (blocks--) { + AES_encrypt(ctx->rk, 10, cipher16, plain16); + cipher16 += 16; + plain16 += 16; + } +} + +void AES128_decrypt(const AES128_ctx* ctx, size_t blocks, unsigned char* plain16, const unsigned char* cipher16) { + while (blocks--) { + AES_decrypt(ctx->rk, 10, plain16, cipher16); + cipher16 += 16; + plain16 += 16; + } +} + +void AES192_init(AES192_ctx* ctx, const unsigned char* key24) { + AES_setup(ctx->rk, key24, 6, 12); +} + +void AES192_encrypt(const AES192_ctx* ctx, size_t blocks, unsigned char* cipher16, const unsigned char* plain16) { + while (blocks--) { + AES_encrypt(ctx->rk, 12, cipher16, plain16); + cipher16 += 16; + plain16 += 16; + } + +} + +void AES192_decrypt(const AES192_ctx* ctx, size_t blocks, unsigned char* plain16, const unsigned char* cipher16) { + while (blocks--) { + AES_decrypt(ctx->rk, 12, plain16, cipher16); + cipher16 += 16; + plain16 += 16; + } +} + +void AES256_init(AES256_ctx* ctx, const unsigned char* key32) { + AES_setup(ctx->rk, key32, 8, 14); +} + +void AES256_encrypt(const AES256_ctx* ctx, size_t blocks, unsigned char* cipher16, const unsigned char* plain16) { + while (blocks--) { + AES_encrypt(ctx->rk, 14, cipher16, plain16); + cipher16 += 16; + plain16 += 16; + } +} + +void AES256_decrypt(const AES256_ctx* ctx, size_t blocks, unsigned char* plain16, const unsigned char* cipher16) { + while (blocks--) { + AES_decrypt(ctx->rk, 14, plain16, cipher16); + cipher16 += 16; + plain16 += 16; + } +} + +static void Xor128(uint8_t* buf1, const uint8_t* buf2) { + size_t i; + for (i = 0; i < 16; i++) { + buf1[i] ^= buf2[i]; + } +} + +static void AESCBC_encrypt(const AES_state* rounds, uint8_t* iv, int nk, size_t blocks, unsigned char* encrypted, const unsigned char* plain) { + size_t i; + unsigned char buf[16]; + + for (i = 0; i < blocks; i++) { + memcpy(buf, plain, 16); + Xor128(buf, iv); + AES_encrypt(rounds, nk, encrypted, buf); + memcpy(iv, encrypted, 16); + plain += 16; + encrypted += 16; + } +} + +static void AESCBC_decrypt(const AES_state* rounds, uint8_t* iv, int nk, size_t blocks, unsigned char* plain, const unsigned char* encrypted) { + size_t i; + uint8_t next_iv[16]; + + for (i = 0; i < blocks; i++) { + memcpy(next_iv, encrypted, 16); + AES_decrypt(rounds, nk, plain, encrypted); + Xor128(plain, iv); + memcpy(iv, next_iv, 16); + plain += 16; + encrypted += 16; + } +} + +void AES128_CBC_init(AES128_CBC_ctx* ctx, const unsigned char* key16, const uint8_t* iv) { + AES128_init(&(ctx->ctx), key16); + memcpy(ctx->iv, iv, 16); +} + +void AES192_CBC_init(AES192_CBC_ctx* ctx, const unsigned char* key16, const uint8_t* iv) { + AES192_init(&(ctx->ctx), key16); + memcpy(ctx->iv, iv, 16); +} + +void AES256_CBC_init(AES256_CBC_ctx* ctx, const unsigned char* key16, const uint8_t* iv) { + AES256_init(&(ctx->ctx), key16); + memcpy(ctx->iv, iv, 16); +} + +void AES128_CBC_encrypt(AES128_CBC_ctx* ctx, size_t blocks, unsigned char* encrypted, const unsigned char* plain) { + AESCBC_encrypt(ctx->ctx.rk, ctx->iv, 10, blocks, encrypted, plain); +} + +void AES128_CBC_decrypt(AES128_CBC_ctx* ctx, size_t blocks, unsigned char* plain, const unsigned char *encrypted) { + AESCBC_decrypt(ctx->ctx.rk, ctx->iv, 10, blocks, plain, encrypted); +} + +void AES192_CBC_encrypt(AES192_CBC_ctx* ctx, size_t blocks, unsigned char* encrypted, const unsigned char* plain) { + AESCBC_encrypt(ctx->ctx.rk, ctx->iv, 12, blocks, encrypted, plain); +} + +void AES192_CBC_decrypt(AES192_CBC_ctx* ctx, size_t blocks, unsigned char* plain, const unsigned char *encrypted) { + AESCBC_decrypt(ctx->ctx.rk, ctx->iv, 12, blocks, plain, encrypted); +} + +void AES256_CBC_encrypt(AES256_CBC_ctx* ctx, size_t blocks, unsigned char* encrypted, const unsigned char* plain) { + AESCBC_encrypt(ctx->ctx.rk, ctx->iv, 14, blocks, encrypted, plain); +} + +void AES256_CBC_decrypt(AES256_CBC_ctx* ctx, size_t blocks, unsigned char* plain, const unsigned char *encrypted) { + AESCBC_decrypt(ctx->ctx.rk, ctx->iv, 14, blocks, plain, encrypted); +} diff --git a/src/rust/vendor/ctaes/depend/ctaes/ctaes.h b/src/rust/vendor/ctaes/depend/ctaes/ctaes.h new file mode 100644 index 000000000..c916a5073 --- /dev/null +++ b/src/rust/vendor/ctaes/depend/ctaes/ctaes.h @@ -0,0 +1,68 @@ + /********************************************************************* + * Copyright (c) 2016 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://opensource.org/licenses/mit-license.php. * + **********************************************************************/ + +#ifndef CTAES_H +#define CTAES_H + +#include +#include + +typedef struct { + uint16_t slice[8]; +} AES_state; + +typedef struct { + AES_state rk[11]; +} AES128_ctx; + +typedef struct { + AES_state rk[13]; +} AES192_ctx; + +typedef struct { + AES_state rk[15]; +} AES256_ctx; + +typedef struct { + AES128_ctx ctx; + uint8_t iv[16]; /* iv is updated after each use */ +} AES128_CBC_ctx; + +typedef struct { + AES192_ctx ctx; + uint8_t iv[16]; /* iv is updated after each use */ +} AES192_CBC_ctx; + +typedef struct { + AES256_ctx ctx; + uint8_t iv[16]; /* iv is updated after each use */ +} AES256_CBC_ctx; + +void AES128_init(AES128_ctx* ctx, const unsigned char* key16); +void AES128_encrypt(const AES128_ctx* ctx, size_t blocks, unsigned char* cipher16, const unsigned char* plain16); +void AES128_decrypt(const AES128_ctx* ctx, size_t blocks, unsigned char* plain16, const unsigned char* cipher16); + +void AES192_init(AES192_ctx* ctx, const unsigned char* key24); +void AES192_encrypt(const AES192_ctx* ctx, size_t blocks, unsigned char* cipher16, const unsigned char* plain16); +void AES192_decrypt(const AES192_ctx* ctx, size_t blocks, unsigned char* plain16, const unsigned char* cipher16); + +void AES256_init(AES256_ctx* ctx, const unsigned char* key32); +void AES256_encrypt(const AES256_ctx* ctx, size_t blocks, unsigned char* cipher16, const unsigned char* plain16); +void AES256_decrypt(const AES256_ctx* ctx, size_t blocks, unsigned char* plain16, const unsigned char* cipher16); + +void AES128_CBC_init(AES128_CBC_ctx* ctx, const unsigned char* key16, const uint8_t* iv); +void AES128_CBC_encrypt(AES128_CBC_ctx* ctx, size_t blocks, unsigned char* encrypted, const unsigned char* plain); +void AES128_CBC_decrypt(AES128_CBC_ctx* ctx, size_t blocks, unsigned char* plain, const unsigned char *encrypted); + +void AES192_CBC_init(AES192_CBC_ctx* ctx, const unsigned char* key16, const uint8_t* iv); +void AES192_CBC_encrypt(AES192_CBC_ctx* ctx, size_t blocks, unsigned char* encrypted, const unsigned char* plain); +void AES192_CBC_decrypt(AES192_CBC_ctx* ctx, size_t blocks, unsigned char* plain, const unsigned char *encrypted); + +void AES256_CBC_init(AES256_CBC_ctx* ctx, const unsigned char* key16, const uint8_t* iv); +void AES256_CBC_encrypt(AES256_CBC_ctx* ctx, size_t blocks, unsigned char* encrypted, const unsigned char* plain); +void AES256_CBC_decrypt(AES256_CBC_ctx* ctx, size_t blocks, unsigned char* plain, const unsigned char *encrypted); + +#endif /* CTAES_H */ diff --git a/src/rust/vendor/ctaes/depend/ctaes/test.c b/src/rust/vendor/ctaes/depend/ctaes/test.c new file mode 100644 index 000000000..e063afadc --- /dev/null +++ b/src/rust/vendor/ctaes/depend/ctaes/test.c @@ -0,0 +1,184 @@ + /********************************************************************* + * Copyright (c) 2016 Pieter Wuille * + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://opensource.org/licenses/mit-license.php. * + **********************************************************************/ + +#include "ctaes.h" + +#include +#include +#include + +typedef struct { + int keysize; + const char* key; + const char* plain; + const char* cipher; +} ctaes_test; + +typedef struct { + int keysize; + const char* key; + const char* iv; + int nblocks; + const char* plain; + const char* cipher; +} ctaes_cbc_test; + +static const ctaes_test ctaes_tests[] = { + /* AES test vectors from FIPS 197. */ + {128, "000102030405060708090a0b0c0d0e0f", "00112233445566778899aabbccddeeff", "69c4e0d86a7b0430d8cdb78070b4c55a"}, + {192, "000102030405060708090a0b0c0d0e0f1011121314151617", "00112233445566778899aabbccddeeff", "dda97ca4864cdfe06eaf70a0ec0d7191"}, + {256, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "00112233445566778899aabbccddeeff", "8ea2b7ca516745bfeafc49904b496089"}, + + /* AES-ECB test vectors from NIST sp800-38a. */ + {128, "2b7e151628aed2a6abf7158809cf4f3c", "6bc1bee22e409f96e93d7e117393172a", "3ad77bb40d7a3660a89ecaf32466ef97"}, + {128, "2b7e151628aed2a6abf7158809cf4f3c", "ae2d8a571e03ac9c9eb76fac45af8e51", "f5d3d58503b9699de785895a96fdbaaf"}, + {128, "2b7e151628aed2a6abf7158809cf4f3c", "30c81c46a35ce411e5fbc1191a0a52ef", "43b1cd7f598ece23881b00e3ed030688"}, + {128, "2b7e151628aed2a6abf7158809cf4f3c", "f69f2445df4f9b17ad2b417be66c3710", "7b0c785e27e8ad3f8223207104725dd4"}, + {192, "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "6bc1bee22e409f96e93d7e117393172a", "bd334f1d6e45f25ff712a214571fa5cc"}, + {192, "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "ae2d8a571e03ac9c9eb76fac45af8e51", "974104846d0ad3ad7734ecb3ecee4eef"}, + {192, "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "30c81c46a35ce411e5fbc1191a0a52ef", "ef7afd2270e2e60adce0ba2face6444e"}, + {192, "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "f69f2445df4f9b17ad2b417be66c3710", "9a4b41ba738d6c72fb16691603c18e0e"}, + {256, "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "6bc1bee22e409f96e93d7e117393172a", "f3eed1bdb5d2a03c064b5a7e3db181f8"}, + {256, "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "ae2d8a571e03ac9c9eb76fac45af8e51", "591ccb10d410ed26dc5ba74a31362870"}, + {256, "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "30c81c46a35ce411e5fbc1191a0a52ef", "b6ed21b99ca6f4f9f153e7b1beafed1d"}, + {256, "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "f69f2445df4f9b17ad2b417be66c3710", "23304b7a39f9f3ff067d8d8f9e24ecc7"} +}; + +static const ctaes_cbc_test ctaes_cbc_tests[] = { + /* AES-CBC test vectors from NIST sp800-38a. */ + { + 128, "2b7e151628aed2a6abf7158809cf4f3c", "000102030405060708090a0b0c0d0e0f", 4, + "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", + "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7" + }, + { + 192, "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", "000102030405060708090a0b0c0d0e0f", 4, + "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", + "4f021db243bc633d7178183a9fa071e8b4d9ada9ad7dedf4e5e738763f69145a571b242012fb7ae07fa9baac3df102e008b0e27988598881d920a9e64f5615cd" + }, + { + 256, "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "000102030405060708090a0b0c0d0e0f", 4, + "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", + "f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461b2eb05e2c39be9fcda6c19078c6a9d1b" + } +}; + +static void from_hex(unsigned char* data, int len, const char* hex) { + int p; + for (p = 0; p < len; p++) { + int v = 0; + int n; + for (n = 0; n < 2; n++) { + assert((*hex >= '0' && *hex <= '9') || (*hex >= 'a' && *hex <= 'f')); + if (*hex >= '0' && *hex <= '9') { + v |= (*hex - '0') << (4 * (1 - n)); + } else { + v |= (*hex - 'a' + 10) << (4 * (1 - n)); + } + hex++; + } + *(data++) = v; + } + assert(*hex == 0); +} + +int main(void) { + int i; + int fail = 0; + for (i = 0; i < sizeof(ctaes_tests) / sizeof(ctaes_tests[0]); i++) { + unsigned char key[32], plain[16], cipher[16], ciphered[16], deciphered[16]; + const ctaes_test* test = &ctaes_tests[i]; + assert(test->keysize == 128 || test->keysize == 192 || test->keysize == 256); + from_hex(plain, 16, test->plain); + from_hex(cipher, 16, test->cipher); + switch (test->keysize) { + case 128: { + AES128_ctx ctx; + from_hex(key, 16, test->key); + AES128_init(&ctx, key); + AES128_encrypt(&ctx, 1, ciphered, plain); + AES128_decrypt(&ctx, 1, deciphered, cipher); + break; + } + case 192: { + AES192_ctx ctx; + from_hex(key, 24, test->key); + AES192_init(&ctx, key); + AES192_encrypt(&ctx, 1, ciphered, plain); + AES192_decrypt(&ctx, 1, deciphered, cipher); + break; + } + case 256: { + AES256_ctx ctx; + from_hex(key, 32, test->key); + AES256_init(&ctx, key); + AES256_encrypt(&ctx, 1, ciphered, plain); + AES256_decrypt(&ctx, 1, deciphered, cipher); + break; + } + } + if (memcmp(cipher, ciphered, 16)) { + fprintf(stderr, "E(key=\"%s\", plain=\"%s\") != \"%s\"\n", test->key, test->plain, test->cipher); + fail++; + } + if (memcmp(plain, deciphered, 16)) { + fprintf(stderr, "D(key=\"%s\", cipher=\"%s\") != \"%s\"\n", test->key, test->cipher, test->plain); + fail++; + } + } + for (i = 0; i < sizeof(ctaes_cbc_tests) / sizeof(ctaes_cbc_tests[0]); i++) { + const ctaes_cbc_test* test = &ctaes_cbc_tests[i]; + unsigned char key[32], iv[16], plain[4 * 16], cipher[4 * 16], ciphered[4 * 16], deciphered[4 * 16]; + assert(test->keysize == 128 || test->keysize == 192 || test->keysize == 256); + assert(test->nblocks == 4); + from_hex(iv, 16, test->iv); + from_hex(plain, test->nblocks * 16, test->plain); + from_hex(cipher, test->nblocks * 16, test->cipher); + switch (test->keysize) { + case 128: { + AES128_CBC_ctx ctx; + from_hex(key, 16, test->key); + AES128_CBC_init(&ctx, key, iv); + AES128_CBC_encrypt(&ctx, test->nblocks, ciphered, plain); + AES128_CBC_init(&ctx, key, iv); + AES128_CBC_decrypt(&ctx, test->nblocks, deciphered, cipher); + break; + } + case 192: { + AES192_CBC_ctx ctx; + from_hex(key, 24, test->key); + AES192_CBC_init(&ctx, key, iv); + AES192_CBC_encrypt(&ctx, test->nblocks, ciphered, plain); + AES192_CBC_init(&ctx, key, iv); + AES192_CBC_decrypt(&ctx, test->nblocks, deciphered, cipher); + break; + } + case 256: { + AES256_CBC_ctx ctx; + from_hex(key, 32, test->key); + AES256_CBC_init(&ctx, key, iv); + AES256_CBC_encrypt(&ctx, test->nblocks, ciphered, plain); + AES256_CBC_init(&ctx, key, iv); + AES256_CBC_decrypt(&ctx, test->nblocks, deciphered, cipher); + break; + } + } + if (memcmp(cipher, ciphered, test->nblocks * 16)) { + fprintf(stderr, "E(key=\"%s\", plain=\"%s\") != \"%s\"\n", test->key, test->plain, test->cipher); + fail++; + } + if (memcmp(plain, deciphered, test->nblocks * 16)) { + fprintf(stderr, "D(key=\"%s\", cipher=\"%s\") != \"%s\"\n", test->key, test->cipher, test->plain); + fail++; + } + } + if (fail == 0) { + fprintf(stderr, "All tests successful\n"); + } else { + fprintf(stderr, "%i tests failed\n", fail); + } + return (fail != 0); +} diff --git a/src/rust/vendor/ctaes/src/lib.rs b/src/rust/vendor/ctaes/src/lib.rs new file mode 100644 index 000000000..49ad8adce --- /dev/null +++ b/src/rust/vendor/ctaes/src/lib.rs @@ -0,0 +1,558 @@ +#![no_std] + +#[macro_use] +extern crate alloc; + +use alloc::vec::Vec; + +use core::mem::MaybeUninit; + +// FFI view of the C structs. +// Layout taken directly from *ctaes.h*. + +#[repr(C)] +struct AESState { + slice: [u16; 8], +} + +#[repr(C)] +struct AES128Ctx { + rk: [AESState; 11], +} + +#[repr(C)] +struct AES192Ctx { + rk: [AESState; 13], +} + +#[repr(C)] +struct AES256Ctx { + rk: [AESState; 15], +} + +#[repr(C)] +struct AES128CbcCtx { + ctx: AES128Ctx, + iv: [u8; 16], +} + +#[repr(C)] +struct AES192CbcCtx { + ctx: AES192Ctx, + iv: [u8; 16], +} + +#[repr(C)] +struct AES256CbcCtx { + ctx: AES256Ctx, + iv: [u8; 16], +} + +#[derive(Debug, Eq, PartialEq, Clone)] +pub enum Error { + /// The CBC plain/cipher buffer is not a multiple of 16, the block size. + NotBlockAligned, +} + +unsafe extern "C" { + fn AES128_init(ctx: *mut AES128Ctx, key16: *const u8); + fn AES128_encrypt(ctx: *const AES128Ctx, blocks: usize, cipher: *mut u8, plain: *const u8); + fn AES128_decrypt(ctx: *const AES128Ctx, blocks: usize, plain: *mut u8, cipher: *const u8); + + fn AES192_init(ctx: *mut AES192Ctx, key24: *const u8); + fn AES192_encrypt(ctx: *const AES192Ctx, blocks: usize, cipher: *mut u8, plain: *const u8); + fn AES192_decrypt(ctx: *const AES192Ctx, blocks: usize, plain: *mut u8, cipher: *const u8); + + fn AES256_init(ctx: *mut AES256Ctx, key32: *const u8); + fn AES256_encrypt(ctx: *const AES256Ctx, blocks: usize, cipher: *mut u8, plain: *const u8); + fn AES256_decrypt(ctx: *const AES256Ctx, blocks: usize, plain: *mut u8, cipher: *const u8); + + fn AES128_CBC_init(ctx: *mut AES128CbcCtx, key16: *const u8, iv: *const u8); + fn AES128_CBC_encrypt(ctx: *mut AES128CbcCtx, blocks: usize, out: *mut u8, inp: *const u8); + fn AES128_CBC_decrypt(ctx: *mut AES128CbcCtx, blocks: usize, out: *mut u8, inp: *const u8); + + fn AES192_CBC_init(ctx: *mut AES192CbcCtx, key24: *const u8, iv: *const u8); // header typo: key16 + fn AES192_CBC_encrypt(ctx: *mut AES192CbcCtx, blocks: usize, out: *mut u8, inp: *const u8); + fn AES192_CBC_decrypt(ctx: *mut AES192CbcCtx, blocks: usize, out: *mut u8, inp: *const u8); + + fn AES256_CBC_init(ctx: *mut AES256CbcCtx, key32: *const u8, iv: *const u8); + fn AES256_CBC_encrypt(ctx: *mut AES256CbcCtx, blocks: usize, out: *mut u8, inp: *const u8); + fn AES256_CBC_decrypt(ctx: *mut AES256CbcCtx, blocks: usize, out: *mut u8, inp: *const u8); +} + +/// Macro spares the copy-paste. +macro_rules! impl_aes { + ($name:ident, $Ctx:ident, $key_len:expr, + $init:ident, $enc:ident, $dec:ident) => { + pub struct $name { + inner: $Ctx, + } + + impl $name { + /// Create a new context. + pub fn new(key: &[u8; $key_len]) -> Self { + let mut ctx = MaybeUninit::<$Ctx>::uninit(); + unsafe { + $init(ctx.as_mut_ptr(), key.as_ptr()); + Self { + inner: ctx.assume_init(), + } + } + } + + /// Encrypts the input. The input must not be empty and its size must be a multiple of + /// 16. The output size must be the same as the input size. + pub fn encrypt_to_slice(&self, plain: &[u8], cipher: &mut [u8]) { + assert!(!plain.is_empty()); + assert_eq!(plain.len() % 16, 0, "input is not block-aligned"); + assert_eq!( + plain.len(), + cipher.len(), + "output must have the same size as the input" + ); + unsafe { + $enc( + &self.inner, + plain.len() / 16, + cipher.as_mut_ptr(), + plain.as_ptr(), + ) + } + } + + /// Encrypts the input. The input must not be empty and its size must be a multiple of + /// 16. + pub fn encrypt(&self, plain: &[u8]) -> Vec { + assert!(!plain.is_empty()); + assert_eq!(plain.len() % 16, 0, "input is not block-aligned"); + let mut out = vec![0u8; plain.len()]; + self.encrypt_to_slice(plain, out.as_mut_slice()); + out + } + + /// Decrypts the input. The input must not be empty and its size must be a multiple of + /// 16. The output size must be the same as the input size. + pub fn decrypt_to_slice(&self, cipher: &[u8], plain: &mut [u8]) { + assert!(!cipher.is_empty()); + assert_eq!(cipher.len() % 16, 0, "input is not block-aligned"); + assert_eq!( + plain.len(), + cipher.len(), + "output must have the same size as the input" + ); + unsafe { + $dec( + &self.inner, + cipher.len() / 16, + plain.as_mut_ptr(), + cipher.as_ptr(), + ) + } + } + + /// Decrypts the input. The input must not be empty and its size must be a multiple of + /// 16. + pub fn decrypt(&self, cipher: &[u8]) -> Vec { + assert!(!cipher.is_empty()); + assert_eq!(cipher.len() % 16, 0, "input is not block-aligned"); + let mut out = vec![0u8; cipher.len()]; + self.decrypt_to_slice(cipher, out.as_mut_slice()); + out + } + } + }; +} + +macro_rules! impl_aes_cbc { + ($name:ident, $Ctx:ident, $key_len:expr, + $init:ident, $enc:ident, $dec:ident) => { + pub struct $name { + inner: $Ctx, + } + + impl $name { + /// Create a new CBC context. + pub fn new(key: &[u8; $key_len], iv: &[u8; 16]) -> Self { + let mut ctx = MaybeUninit::<$Ctx>::uninit(); + unsafe { + $init(ctx.as_mut_ptr(), key.as_ptr(), iv.as_ptr()); + Self { + inner: ctx.assume_init(), + } + } + } + + /// Encrypts the input. The input must not be empty and its size must be a multiple of + /// 16. The output size must be the same as the input size. + pub fn encrypt_to_slice(&mut self, plain: &[u8], cipher: &mut [u8]) { + assert_eq!(plain.len() % 16, 0, "input is not block-aligned"); + assert_eq!( + plain.len(), + cipher.len(), + "output must have the same size as the input" + ); + unsafe { + $enc( + &mut self.inner, + plain.len() / 16, + cipher.as_mut_ptr(), + plain.as_ptr(), + ) + } + } + + /// Encrypts the input. The input must not be empty and its size must be a multiple of + /// 16. + pub fn encrypt(&mut self, plain: &[u8]) -> Vec { + assert_eq!(plain.len() % 16, 0, "input is not block-aligned"); + let mut out = vec![0u8; plain.len()]; + self.encrypt_to_slice(plain, out.as_mut_slice()); + out + } + + /// Decrypts the input. The input must not be empty and its size must be a multiple of + /// 16. The output size must be the same as the input size. + pub fn decrypt_to_slice(&mut self, cipher: &[u8], plain: &mut [u8]) { + assert_eq!(cipher.len() % 16, 0, "input is not block-aligned"); + assert_eq!( + plain.len(), + cipher.len(), + "output must have the same size as the input" + ); + unsafe { + $dec( + &mut self.inner, + cipher.len() / 16, + plain.as_mut_ptr(), + cipher.as_ptr(), + ) + } + } + + /// Decrypts the input. The input must not be empty and its size must be a multiple of + /// 16. + pub fn decrypt(&mut self, cipher: &[u8]) -> Vec { + assert_eq!(cipher.len() % 16, 0, "input is not block-aligned"); + let mut out = vec![0u8; cipher.len()]; + self.decrypt_to_slice(cipher, out.as_mut_slice()); + out + } + } + }; +} + +impl_aes!( + Aes128, + AES128Ctx, + 16, + AES128_init, + AES128_encrypt, + AES128_decrypt +); +impl_aes!( + Aes192, + AES192Ctx, + 24, + AES192_init, + AES192_encrypt, + AES192_decrypt +); +impl_aes!( + Aes256, + AES256Ctx, + 32, + AES256_init, + AES256_encrypt, + AES256_decrypt +); + +impl_aes_cbc!( + Aes128Cbc, + AES128CbcCtx, + 16, + AES128_CBC_init, + AES128_CBC_encrypt, + AES128_CBC_decrypt +); +impl_aes_cbc!( + Aes192Cbc, + AES192CbcCtx, + 24, + AES192_CBC_init, + AES192_CBC_encrypt, + AES192_CBC_decrypt +); +impl_aes_cbc!( + Aes256Cbc, + AES256CbcCtx, + 32, + AES256_CBC_init, + AES256_CBC_encrypt, + AES256_CBC_decrypt +); + +#[cfg(test)] +mod tests { + use super::*; + use hex::decode; + + fn unhex(s: &str) -> Vec { + decode(s).unwrap() + } + + #[test] + fn test_roundtrip() { + let key = [0u8; 32]; + let plain = [0u8; 16]; + let aes = Aes256::new(&key); + let cipher = aes.encrypt(&plain); + assert_eq!(hex::encode(&cipher), "dc95c078a2408989ad48a21492842087"); + let dec = aes.decrypt(&cipher); + assert_eq!(plain, dec.as_slice()); + } + + /* ---------- ECB vectors, taken from ctaes/test.c ---------- */ + + struct Ecb<'a> { + ks: usize, + key: &'a str, + plain: &'a str, + cipher: &'a str, + } + + const ECB: &[Ecb] = &[ + // FIPS-197 test vectors + Ecb { + ks: 128, + key: "000102030405060708090a0b0c0d0e0f", + plain: "00112233445566778899aabbccddeeff", + cipher: "69c4e0d86a7b0430d8cdb78070b4c55a", + }, + Ecb { + ks: 192, + key: "000102030405060708090a0b0c0d0e0f1011121314151617", + plain: "00112233445566778899aabbccddeeff", + cipher: "dda97ca4864cdfe06eaf70a0ec0d7191", + }, + Ecb { + ks: 256, + key: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + plain: "00112233445566778899aabbccddeeff", + cipher: "8ea2b7ca516745bfeafc49904b496089", + }, + // NIST SP800-38A ECB + Ecb { + ks: 128, + key: "2b7e151628aed2a6abf7158809cf4f3c", + plain: "6bc1bee22e409f96e93d7e117393172a", + cipher: "3ad77bb40d7a3660a89ecaf32466ef97", + }, + Ecb { + ks: 128, + key: "2b7e151628aed2a6abf7158809cf4f3c", + plain: "ae2d8a571e03ac9c9eb76fac45af8e51", + cipher: "f5d3d58503b9699de785895a96fdbaaf", + }, + Ecb { + ks: 128, + key: "2b7e151628aed2a6abf7158809cf4f3c", + plain: "30c81c46a35ce411e5fbc1191a0a52ef", + cipher: "43b1cd7f598ece23881b00e3ed030688", + }, + Ecb { + ks: 128, + key: "2b7e151628aed2a6abf7158809cf4f3c", + plain: "f69f2445df4f9b17ad2b417be66c3710", + cipher: "7b0c785e27e8ad3f8223207104725dd4", + }, + Ecb { + ks: 192, + key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", + plain: "6bc1bee22e409f96e93d7e117393172a", + cipher: "bd334f1d6e45f25ff712a214571fa5cc", + }, + Ecb { + ks: 192, + key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", + plain: "ae2d8a571e03ac9c9eb76fac45af8e51", + cipher: "974104846d0ad3ad7734ecb3ecee4eef", + }, + Ecb { + ks: 192, + key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", + plain: "30c81c46a35ce411e5fbc1191a0a52ef", + cipher: "ef7afd2270e2e60adce0ba2face6444e", + }, + Ecb { + ks: 192, + key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", + plain: "f69f2445df4f9b17ad2b417be66c3710", + cipher: "9a4b41ba738d6c72fb16691603c18e0e", + }, + Ecb { + ks: 256, + key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", + plain: "6bc1bee22e409f96e93d7e117393172a", + cipher: "f3eed1bdb5d2a03c064b5a7e3db181f8", + }, + Ecb { + ks: 256, + key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", + plain: "ae2d8a571e03ac9c9eb76fac45af8e51", + cipher: "591ccb10d410ed26dc5ba74a31362870", + }, + Ecb { + ks: 256, + key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", + plain: "30c81c46a35ce411e5fbc1191a0a52ef", + cipher: "b6ed21b99ca6f4f9f153e7b1beafed1d", + }, + Ecb { + ks: 256, + key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", + plain: "f69f2445df4f9b17ad2b417be66c3710", + cipher: "23304b7a39f9f3ff067d8d8f9e24ecc7", + }, + ]; + + /* ---------- CBC vectors, taken from ctaes/test.c ---------- */ + + struct Cbc<'a> { + ks: usize, + key: &'a str, + iv: &'a str, + plain: &'a str, + cipher: &'a str, + } + + const CBC: &[Cbc] = &[ + Cbc { + ks: 128, + key: "2b7e151628aed2a6abf7158809cf4f3c", + iv: "000102030405060708090a0b0c0d0e0f", + plain: "6bc1bee22e409f96e93d7e117393172a\ + ae2d8a571e03ac9c9eb76fac45af8e51\ + 30c81c46a35ce411e5fbc1191a0a52ef\ + f69f2445df4f9b17ad2b417be66c3710", + cipher: "7649abac8119b246cee98e9b12e9197d\ + 5086cb9b507219ee95db113a917678b2\ + 73bed6b8e3c1743b7116e69e22229516\ + 3ff1caa1681fac09120eca307586e1a7", + }, + Cbc { + ks: 192, + key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", + iv: "000102030405060708090a0b0c0d0e0f", + plain: "6bc1bee22e409f96e93d7e117393172a\ + ae2d8a571e03ac9c9eb76fac45af8e51\ + 30c81c46a35ce411e5fbc1191a0a52ef\ + f69f2445df4f9b17ad2b417be66c3710", + cipher: "4f021db243bc633d7178183a9fa071e8\ + b4d9ada9ad7dedf4e5e738763f69145a\ + 571b242012fb7ae07fa9baac3df102e0\ + 08b0e27988598881d920a9e64f5615cd", + }, + Cbc { + ks: 256, + key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", + iv: "000102030405060708090a0b0c0d0e0f", + plain: "6bc1bee22e409f96e93d7e117393172a\ + ae2d8a571e03ac9c9eb76fac45af8e51\ + 30c81c46a35ce411e5fbc1191a0a52ef\ + f69f2445df4f9b17ad2b417be66c3710", + cipher: "f58c4c04d6e5f1ba779eabfb5f7bfbd6\ + 9cfc4e967edb808d679f777bc6702c7d\ + 39f23369a9d9bacfa530e26304231461\ + b2eb05e2c39be9fcda6c19078c6a9d1b", + }, + ]; + + #[test] + fn test_ecb() { + for v in ECB { + let key = unhex(v.key); + let plain = unhex(v.plain); + + /* encrypt */ + let cipher = match v.ks { + 128 => { + let aes = Aes128::new(key.as_slice().try_into().unwrap()); + aes.encrypt(&plain) + } + 192 => { + let aes = Aes192::new(key.as_slice().try_into().unwrap()); + aes.encrypt(&plain) + } + 256 => { + let aes = Aes256::new(key.as_slice().try_into().unwrap()); + aes.encrypt(&plain) + } + _ => unreachable!(), + }; + assert_eq!(unhex(v.cipher), cipher); + + /* decrypt */ + let dec = match v.ks { + 128 => { + let aes = Aes128::new(key.as_slice().try_into().unwrap()); + aes.decrypt(&cipher) + } + 192 => { + let aes = Aes192::new(key.as_slice().try_into().unwrap()); + aes.decrypt(&cipher) + } + 256 => { + let aes = Aes256::new(key.as_slice().try_into().unwrap()); + aes.decrypt(&cipher) + } + _ => unreachable!(), + }; + assert_eq!(plain, dec); + } + } + + #[test] + fn test_cbc() { + for v in CBC { + let key = unhex(v.key); + let iv: [u8; 16] = unhex(v.iv).as_slice().try_into().unwrap(); + let plain = unhex(v.plain); + + /* encrypt */ + let cipher = match v.ks { + 128 => { + let mut cbc = Aes128Cbc::new(key.as_slice().try_into().unwrap(), &iv); + cbc.encrypt(&plain) + } + 192 => { + let mut cbc = Aes192Cbc::new(key.as_slice().try_into().unwrap(), &iv); + cbc.encrypt(&plain) + } + 256 => { + let mut cbc = Aes256Cbc::new(key.as_slice().try_into().unwrap(), &iv); + cbc.encrypt(&plain) + } + _ => unreachable!(), + }; + assert_eq!(unhex(v.cipher), cipher); + + /* decrypt */ + let dec = match v.ks { + 128 => { + let mut cbc = Aes128Cbc::new(key.as_slice().try_into().unwrap(), &iv); + cbc.decrypt(&cipher) + } + 192 => { + let mut cbc = Aes192Cbc::new(key.as_slice().try_into().unwrap(), &iv); + cbc.decrypt(&cipher) + } + 256 => { + let mut cbc = Aes256Cbc::new(key.as_slice().try_into().unwrap(), &iv); + cbc.decrypt(&cipher) + } + _ => unreachable!(), + }; + assert_eq!(plain, dec); + } + } +} diff --git a/test/simulator/CMakeLists.txt b/test/simulator/CMakeLists.txt index 3d1d7eaaa..888fc98a0 100644 --- a/test/simulator/CMakeLists.txt +++ b/test/simulator/CMakeLists.txt @@ -58,7 +58,6 @@ target_include_directories( add_library(bitbox_objects-simulator OBJECT ${DBB-FILTERED-SOURCES} - ${CTAES-SOURCES} ${ETHEREUM-SOURCES} framework/mock_cipher.c framework/mock_memory.c @@ -97,7 +96,6 @@ target_include_directories( SYSTEM PUBLIC ${CMAKE_SOURCE_DIR}/external ${CMAKE_SOURCE_DIR}/external/asf4-drivers/hal/utils/include - ${CMAKE_SOURCE_DIR}/external/ctaes ${CMAKE_SOURCE_DIR}/external/fatfs/source $ $ @@ -117,7 +115,6 @@ target_include_directories( SYSTEM PUBLIC ${CMAKE_SOURCE_DIR}/external ${CMAKE_SOURCE_DIR}/external/asf4-drivers/hal/utils/include - ${CMAKE_SOURCE_DIR}/external/ctaes ${CMAKE_SOURCE_DIR}/external/fatfs/source $ $ @@ -137,7 +134,6 @@ add_dependencies(bitbox_objects-simulator rust-cbindgen wallycore secp256k1 - ctaes fatfs sd-mock-simulator ) @@ -157,7 +153,6 @@ target_link_libraries(bitbox-simulator secp256k1 PRIVATE wallycore - ctaes fatfs sd-mock-simulator ) diff --git a/test/unit-test/CMakeLists.txt b/test/unit-test/CMakeLists.txt index 65b3b564d..0b7192ceb 100644 --- a/test/unit-test/CMakeLists.txt +++ b/test/unit-test/CMakeLists.txt @@ -58,7 +58,6 @@ target_include_directories( add_library(bitbox_objects OBJECT ${DBB-FILTERED-SOURCES} - ${CTAES-SOURCES} ${ETHEREUM-SOURCES} framework/mock_cipher.c framework/mock_screen.c @@ -102,7 +101,6 @@ target_include_directories( SYSTEM PUBLIC ${CMAKE_SOURCE_DIR}/external ${CMAKE_SOURCE_DIR}/external/asf4-drivers/hal/utils/include - ${CMAKE_SOURCE_DIR}/external/ctaes ${CMAKE_SOURCE_DIR}/external/fatfs/source $ $ @@ -122,7 +120,6 @@ target_include_directories( SYSTEM PUBLIC ${CMAKE_SOURCE_DIR}/external ${CMAKE_SOURCE_DIR}/external/asf4-drivers/hal/utils/include - ${CMAKE_SOURCE_DIR}/external/ctaes ${CMAKE_SOURCE_DIR}/external/fatfs/source $ $ @@ -142,7 +139,6 @@ add_dependencies(bitbox_objects rust-cbindgen wallycore secp256k1 - ctaes fatfs sd-mock ) @@ -162,7 +158,6 @@ target_link_libraries(bitbox secp256k1 PRIVATE wallycore - ctaes fatfs sd-mock ) diff --git a/test/unit-test/test_cipher.c b/test/unit-test/test_cipher.c index 0f8394930..10c82762e 100644 --- a/test/unit-test/test_cipher.c +++ b/test/unit-test/test_cipher.c @@ -3857,18 +3857,6 @@ static void _test_cipher_aes_hmac_encrypt(void** state) } } -static void _test_cipher_aes_hmac_encrypt_unhappy(void** state) -{ - const uint8_t secret[32] = {0}; - const uint8_t in[100] = {0}; - uint8_t out[164] = {0}; - size_t outlen = sizeof(out) - 1; // outlen too small - assert_false(cipher_aes_hmac_encrypt(in, sizeof(in), out, &outlen, secret)); - - outlen = sizeof(out); - assert_false(cipher_aes_hmac_encrypt(in, sizeof(in), out, &outlen, NULL)); -} - static void _test_cipher_aes_hmac_decrypt_unhappy(void** state) { const uint8_t secret[32] = {0}; @@ -3891,7 +3879,6 @@ int main(void) { const struct CMUnitTest tests[] = { cmocka_unit_test(_test_cipher_aes_hmac_encrypt), - cmocka_unit_test(_test_cipher_aes_hmac_encrypt_unhappy), cmocka_unit_test(_test_cipher_aes_hmac_decrypt_unhappy), }; return cmocka_run_group_tests(tests, NULL, NULL); From 865d6d9e3cf49a10ae32ea36f39d55c71b0321b8 Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Sun, 27 Apr 2025 12:14:20 +0200 Subject: [PATCH 2/7] optiga: move config sanity check to factorysetup only It causes a long delay before the orientation animation. It's a sanity check only, so doing it as part of the factory setup only suffices. We also enable it in debug builds, so it catches a misconfigured device (e.g. if you forgot to run factorysetup on a new PCB). --- src/optiga/optiga.c | 46 +++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/src/optiga/optiga.c b/src/optiga/optiga.c index dbeddc662..4e38c1a1d 100644 --- a/src/optiga/optiga.c +++ b/src/optiga/optiga.c @@ -35,6 +35,15 @@ // Must be 0 for the production firmware releases. #define FACTORY_DURING_PROD 0 +// When to do a sanity check of the expected metadata configuration. The check takes a while and +// causes a noticable delay at boot, so we don't enable it for production firmwares. We also enable +// it in debug builds. +#if FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1 || !defined(NDEBUG) +#define VERIFY_METADATA 1 +#else +#define VERIFY_METADATA 0 +#endif + // Number of times the first kdf slot can be used over the lifetime of the device. // The maxmimum does not seem to be specified, so we use something a little below the endurance // indication of 600000 updates. See Solution Reference Manual Figure 32. @@ -122,6 +131,7 @@ static const securechip_interface_functions_t* _ifs = NULL; // During development, set this to `LCSO_STATE_CREATION`. #define FINAL_LCSO_STATE LCSO_STATE_OPERATIONAL +#if FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1 || VERIFY_METADATA == 1 static const uint8_t _platform_binding_metadata[] = { // Metadata tag in the data object 0x20, @@ -411,18 +421,6 @@ static const uint8_t _password_metadata[] = { 0x31, }; -#if SMALL_MONOTONIC_COUNTER_MAX_USE > 255 -#error Max unlock attempts does not fit in one byte -#endif -// The intial/reset buffer for the small monotonic counter. Initial value: 0, threshold: -// `SMALL_MONOTONIC_COUNTER_MAX_USE`. Table "Common data structures" -> "Counter": -// https://github.com/Infineon/optiga-trust-m-overview/blob/98b2b9c178f0391b1ab26b52082899704dab688a/docs/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#link24b48059_db81_40f5_8b65_7afca4918ab1 -// Bytes 0-3 are the initial counter value, set to 0. -// Bytes 4-7 are the threshold. -// Ints are encoded as uint32 big endian. -static const uint8_t _counter_password_reset_buf[8] = - {0, 0, 0, 0, 0, 0, 0, SMALL_MONOTONIC_COUNTER_MAX_USE}; - static const uint8_t _counter_password_metadata[] = { // Metadata tag in the data object 0x20, @@ -455,6 +453,20 @@ static const uint8_t _counter_password_metadata[] = { 0x00, }; +#endif + +#if SMALL_MONOTONIC_COUNTER_MAX_USE > 255 +#error Max unlock attempts does not fit in one byte +#endif +// The intial/reset buffer for the small monotonic counter. Initial value: 0, threshold: +// `SMALL_MONOTONIC_COUNTER_MAX_USE`. Table "Common data structures" -> "Counter": +// https://github.com/Infineon/optiga-trust-m-overview/blob/98b2b9c178f0391b1ab26b52082899704dab688a/docs/OPTIGA%E2%84%A2%20Trust%20M%20Solution%20Reference%20Manual.md#link24b48059_db81_40f5_8b65_7afca4918ab1 +// Bytes 0-3 are the initial counter value, set to 0. +// Bytes 4-7 are the threshold. +// Ints are encoded as uint32 big endian. +static const uint8_t _counter_password_reset_buf[8] = + {0, 0, 0, 0, 0, 0, 0, SMALL_MONOTONIC_COUNTER_MAX_USE}; + // // Sync wrappers around optiga util/crypt functions // @@ -517,6 +529,7 @@ static optiga_lib_status_t _optiga_util_write_data_sync( return res; } +#if FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1 || VERIFY_METADATA == 1 static optiga_lib_status_t _optiga_util_read_metadata_sync( optiga_util_t* me, uint16_t optiga_oid, @@ -528,6 +541,7 @@ static optiga_lib_status_t _optiga_util_read_metadata_sync( _WAIT(res, _optiga_lib_status); return res; } +#endif #if FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1 static optiga_lib_status_t _optiga_util_write_metadata_sync( @@ -781,6 +795,7 @@ static int _write_arbitrary_data(const arbitrary_data_t* data) } #endif +#if VERIFY_METADATA == 1 // In a metadata object (0x20 ...), // extract tag data for a specific tag. // Returns false if the metadata is invalid or the tag is not present, or if the tag data is larger @@ -834,6 +849,7 @@ static bool _read_metadata_tag( // Tag not found return false; } +#endif #if FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1 // Read the LcsO status from a metadata object. Returns false if the metadata is invalid or LcsO is @@ -1212,6 +1228,7 @@ static int _factory_setup(void) } #endif // FACTORYSETUP == 1 || FACTORY_DURING_PROD == 1 +#if VERIFY_METADATA == 1 static int _verify_metadata( uint16_t oid, const uint8_t* expected_metadata, @@ -1257,6 +1274,7 @@ static int _verify_metadata( } return 0; } +#endif static int _set_password( const uint8_t* password_secret, @@ -1443,8 +1461,8 @@ static int _verify_config(void) return res; } +#if VERIFY_METADATA == 1 // Verify metadata tags are setup as expected. - { const uint8_t check_tags[] = {0xC0, 0xD0, 0xD1, 0xD3, 0xE8}; res = _verify_metadata( @@ -1558,7 +1576,7 @@ static int _verify_config(void) return res; } } - +#endif return 0; } From 18912a97645ff60b8c85ad524b8dcf001e783441 Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Mon, 28 Apr 2025 17:37:24 +0200 Subject: [PATCH 3/7] memory: add a check to avoid overflow No caller ran into this, but good to make sure. --- src/memory/memory.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/memory/memory.c b/src/memory/memory.c index d61f0d46f..7411a61ac 100644 --- a/src/memory/memory.c +++ b/src/memory/memory.c @@ -504,6 +504,9 @@ bool memory_set_encrypted_seed_and_hmac(const uint8_t* encrypted_seed_and_hmac, { chunk_1_t chunk = {0}; CLEANUP_CHUNK(chunk); + if (len > sizeof(chunk.fields.encrypted_seed_and_hmac)) { + return false; + } _read_chunk(CHUNK_1, chunk_bytes); chunk.fields.encrypted_seed_and_hmac_len = len; memset( From 7f939aebe27320956ed52c9ba7b021ecb5acdb46 Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Fri, 25 Apr 2025 00:26:09 +0200 Subject: [PATCH 4/7] wip --- src/rust/Cargo.lock | 1 + src/rust/bitbox02-rust/Cargo.toml | 1 + src/rust/bitbox02-rust/src/hww/api/restore.rs | 4 +- src/rust/bitbox02-rust/src/keystore.rs | 55 ++++++++++++++++++- src/rust/bitbox02-sys/build.rs | 6 +- src/rust/bitbox02-sys/wrapper.h | 1 + src/rust/bitbox02/src/cipher.rs | 35 ++++++++++++ src/rust/bitbox02/src/keystore.rs | 13 ----- src/rust/bitbox02/src/lib.rs | 1 + src/rust/bitbox02/src/memory.rs | 45 +++++++++++++++ src/rust/bitbox02/src/securechip.rs | 24 ++++++++ src/rust/bitbox02/src/util.rs | 2 +- 12 files changed, 170 insertions(+), 18 deletions(-) create mode 100644 src/rust/bitbox02/src/cipher.rs diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index 9db38a23b..baba25819 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -116,6 +116,7 @@ dependencies = [ "bech32", "binascii", "bip32-ed25519", + "bitbox-aes", "bitbox02", "bitbox02-noise", "bitcoin", diff --git a/src/rust/bitbox02-rust/Cargo.toml b/src/rust/bitbox02-rust/Cargo.toml index d3ab9a60f..d6fdde271 100644 --- a/src/rust/bitbox02-rust/Cargo.toml +++ b/src/rust/bitbox02-rust/Cargo.toml @@ -28,6 +28,7 @@ doctest = false [dependencies] bitbox02 = {path = "../bitbox02"} +bitbox-aes = { path = "../bitbox-aes", features = ["use-wally-sha512"] } util = { path = "../util" } erc20_params = { path = "../erc20_params", optional = true } binascii = { version = "0.1.4", default-features = false, features = ["encode"] } diff --git a/src/rust/bitbox02-rust/src/hww/api/restore.rs b/src/rust/bitbox02-rust/src/hww/api/restore.rs index 80dc4430e..0c61b5f42 100644 --- a/src/rust/bitbox02-rust/src/hww/api/restore.rs +++ b/src/rust/bitbox02-rust/src/hww/api/restore.rs @@ -66,7 +66,7 @@ pub async fn from_file( } let password = password::enter_twice(hal).await?; - if let Err(err) = bitbox02::keystore::encrypt_and_store_seed(data.get_seed(), &password) { + if let Err(err) = crate::keystore::encrypt_and_store_seed(data.get_seed(), &password) { hal.ui() .status(&format!("Could not\nrestore backup\n{:?}", err), false) .await; @@ -145,7 +145,7 @@ pub async fn from_mnemonic( } }; - if let Err(err) = bitbox02::keystore::encrypt_and_store_seed(&seed, &password) { + if let Err(err) = crate::keystore::encrypt_and_store_seed(&seed, &password) { hal.ui() .status(&format!("Could not\nrestore backup\n{:?}", err), false) .await; diff --git a/src/rust/bitbox02-rust/src/keystore.rs b/src/rust/bitbox02-rust/src/keystore.rs index 70b4f23b1..4e9f6eb01 100644 --- a/src/rust/bitbox02-rust/src/keystore.rs +++ b/src/rust/bitbox02-rust/src/keystore.rs @@ -18,7 +18,60 @@ pub mod ed25519; use alloc::vec::Vec; use crate::bip32; -use bitbox02::keystore; +use bitbox02::{keystore, memory, securechip}; + +#[derive(Debug)] +pub enum Error { + AlreadyInitialized, + Memory, + SeedSize, + SecureChip, + IncorrectPassword, +} + +fn validate_seed_length(len: usize) -> Result<(), Error> { + match len { + 16 | 24 | 32 => Ok(()), + _ => Err(Error::SeedSize), + } +} + +fn get_and_decrypt_seed(password: &str) -> Result>, Error> { + let encrypted_seed_and_hmac = + memory::get_encrypted_seed_and_hmac().map_err(|_| Error::Memory)?; + + // TODO check actual SC result + let secret: zeroize::Zeroizing> = + securechip::stretch_password(password).map_err(|_| Error::SecureChip)?; + let seed = bitbox_aes::decrypt_with_hmac(&secret, &encrypted_seed_and_hmac) + .map_err(|_| Error::IncorrectPassword)?; + validate_seed_length(seed.len())?; + Ok(seed) +} + +pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error> { + if memory::is_initialized() { + return Err(Error::AlreadyInitialized); + } + keystore::lock(); + validate_seed_length(seed.len())?; + securechip::init_new_password(password).map_err(|_| Error::SecureChip)?; + let secret: zeroize::Zeroizing> = + securechip::stretch_password(password).map_err(|_| Error::SecureChip)?; + // TODO: set IV randomly using random_32_bytes(). + let iv = &[0u8; 16]; + let encrypted_seed: Vec = + bitbox_aes::encrypt_with_hmac(iv, secret.as_slice().try_into().unwrap(), seed); + memory::set_encrypted_seed_and_hmac(&encrypted_seed).map_err(|_| Error::Memory)?; + + // Verify seed. + if get_and_decrypt_seed(password)?.as_slice() != seed { + // TODO: reset hww + return Err(Error::Memory); + } + + Ok(()) +} /// Derives an xpub from the keystore seed at the given keypath. pub fn get_xpub(keypath: &[u32]) -> Result { diff --git a/src/rust/bitbox02-sys/build.rs b/src/rust/bitbox02-sys/build.rs index 9297e73a9..14b7258cd 100644 --- a/src/rust/bitbox02-sys/build.rs +++ b/src/rust/bitbox02-sys/build.rs @@ -65,7 +65,6 @@ const ALLOWLIST_FNS: &[&str] = &[ "keystore_copy_seed", "keystore_create_and_store_seed", "keystore_encode_xpub_at_keypath", - "keystore_encrypt_and_store_seed", "keystore_get_bip39_mnemonic", "keystore_get_bip39_word", "keystore_get_ed25519_seed", @@ -99,6 +98,8 @@ const ALLOWLIST_FNS: &[&str] = &[ "memory_set_initialized", "memory_set_mnemonic_passphrase_enabled", "memory_set_seed_birthdate", + "memory_set_encrypted_seed_and_hmac", + "memory_get_encrypted_seed_and_hmac", "memory_setup", "menu_create", "mock_memory_factoryreset", @@ -127,6 +128,8 @@ const ALLOWLIST_FNS: &[&str] = &[ "securechip_model", "securechip_monotonic_increments_remaining", "securechip_u2f_counter_set", + "securechip_init_new_password", + "securechip_stretch_password", "smarteeprom_bb02_config", "status_create", "trinary_choice_create", @@ -139,6 +142,7 @@ const ALLOWLIST_FNS: &[&str] = &[ "wally_free_string", "wally_get_secp_context", "wally_sha512", + "cipher_aes_hmac_encrypt", ]; const RUSTIFIED_ENUMS: &[&str] = &[ diff --git a/src/rust/bitbox02-sys/wrapper.h b/src/rust/bitbox02-sys/wrapper.h index 6c9bdaf04..175259426 100644 --- a/src/rust/bitbox02-sys/wrapper.h +++ b/src/rust/bitbox02-sys/wrapper.h @@ -13,6 +13,7 @@ // limitations under the License. #include +#include #include #include #include diff --git a/src/rust/bitbox02/src/cipher.rs b/src/rust/bitbox02/src/cipher.rs new file mode 100644 index 000000000..ccbb95508 --- /dev/null +++ b/src/rust/bitbox02/src/cipher.rs @@ -0,0 +1,35 @@ +// Copyright 2020 Shift Crypto AG +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use alloc::vec::Vec; + +pub fn aes_hmac_encrypt(input: &[u8], key: &[u8]) -> Result>, ()> { + let mut output = zeroize::Zeroizing::new(vec![0u8; input.len() + 64]); + let mut output_size: usize = output.len(); + match unsafe { + bitbox02_sys::cipher_aes_hmac_encrypt( + input.as_ptr(), + input.len() as _, + output.as_mut_ptr(), + &mut output_size, + key.as_ptr(), + ) + } { + true => { + output.truncate(output_size); + Ok(output) + } + false => Err(()), + } +} diff --git a/src/rust/bitbox02/src/keystore.rs b/src/rust/bitbox02/src/keystore.rs index 4bd70023c..a474cc809 100644 --- a/src/rust/bitbox02/src/keystore.rs +++ b/src/rust/bitbox02/src/keystore.rs @@ -293,19 +293,6 @@ pub fn bip39_mnemonic_to_seed(mnemonic: &str) -> Result Result<(), Error> { - match unsafe { - bitbox02_sys::keystore_encrypt_and_store_seed( - seed.as_ptr(), - seed.len(), - crate::util::str_to_cstr_vec(password).unwrap().as_ptr(), - ) - } { - keystore_error_t::KEYSTORE_OK => Ok(()), - err => Err(err.into()), - } -} - pub fn get_ed25519_seed() -> Result>, ()> { let mut seed = zeroize::Zeroizing::new([0u8; 96].to_vec()); match unsafe { bitbox02_sys::keystore_get_ed25519_seed(seed.as_mut_ptr()) } { diff --git a/src/rust/bitbox02/src/lib.rs b/src/rust/bitbox02/src/lib.rs index e2079a526..2dd2125cf 100644 --- a/src/rust/bitbox02/src/lib.rs +++ b/src/rust/bitbox02/src/lib.rs @@ -34,6 +34,7 @@ use alloc::string::String; pub mod testing; pub mod bip32; +pub mod cipher; pub mod keystore; pub mod memory; pub mod random; diff --git a/src/rust/bitbox02/src/memory.rs b/src/rust/bitbox02/src/memory.rs index 2a43281b5..ee7dd002a 100644 --- a/src/rust/bitbox02/src/memory.rs +++ b/src/rust/bitbox02/src/memory.rs @@ -15,6 +15,7 @@ extern crate alloc; use alloc::string::String; +use alloc::vec::Vec; // deduct one for the null terminator. pub const DEVICE_NAME_MAX_LEN: usize = bitbox02_sys::MEMORY_DEVICE_NAME_MAX_LEN as usize - 1; @@ -160,13 +161,57 @@ pub fn multisig_get_by_hash(hash: &[u8]) -> Option { } } +pub fn set_encrypted_seed_and_hmac(encrypted_seed_and_hmac: &[u8]) -> Result<(), ()> { + match unsafe { + bitbox02_sys::memory_set_encrypted_seed_and_hmac( + encrypted_seed_and_hmac.as_ptr(), + encrypted_seed_and_hmac.len().try_into().unwrap(), + ) + } { + true => Ok(()), + false => Err(()), + } +} + +pub fn get_encrypted_seed_and_hmac() -> Result, ()> { + let mut out = vec![0u8; 96]; + let mut out_size = 0u8; + match unsafe { + bitbox02_sys::memory_get_encrypted_seed_and_hmac(out.as_mut_ptr(), &mut out_size) + } { + true => { + out.truncate(out_size as usize); + Ok(out) + } + false => Err(()), + } +} + #[cfg(test)] mod tests { use super::*; + use crate::testing::mock_memory; #[test] fn test_get_attestation_bootloader_hash() { + mock_memory(); + let expected: [u8; 32] = *b"\x71\x3d\xf0\xd5\x8c\x71\x7d\x40\x31\x78\x7c\xdc\x8f\xa3\x5b\x90\x25\x82\xbe\x6a\xb6\xa2\x2e\x09\xde\x44\x77\xd3\x0e\x22\x30\xfc"; assert_eq!(get_attestation_bootloader_hash(), expected); } + + #[test] + fn test_encrypted_seed_and_hmac_roundtrip() { + for len in 0..=96 { + mock_memory(); + let value: Vec = (0..len as u8).collect(); + assert!(set_encrypted_seed_and_hmac(&value).is_ok()); + assert_eq!(get_encrypted_seed_and_hmac().unwrap(), value); + } + { + mock_memory(); + let value: Vec = (0..97 as u8).collect(); + assert!(set_encrypted_seed_and_hmac(&value).is_err()); + } + } } diff --git a/src/rust/bitbox02/src/securechip.rs b/src/rust/bitbox02/src/securechip.rs index 4ea29948e..1fbe3cb8e 100644 --- a/src/rust/bitbox02/src/securechip.rs +++ b/src/rust/bitbox02/src/securechip.rs @@ -14,6 +14,8 @@ pub use bitbox02_sys::securechip_model_t as Model; +use alloc::vec::Vec; + pub fn attestation_sign(challenge: &[u8; 32], signature: &mut [u8; 64]) -> Result<(), ()> { match unsafe { bitbox02_sys::securechip_attestation_sign(challenge.as_ptr(), signature.as_mut_ptr()) @@ -46,6 +48,28 @@ pub fn u2f_counter_set(_counter: u32) -> Result<(), ()> { Ok(()) } +pub fn init_new_password(password: &str) -> Result<(), ()> { + match unsafe { + bitbox02_sys::securechip_init_new_password(crate::util::str_to_cstr_vec(password)?.as_ptr()) + } { + 0 => Ok(()), + _ => Err(()), + } +} + +pub fn stretch_password(password: &str) -> Result>, ()> { + let mut out = zeroize::Zeroizing::new(vec![0u8; 32]); + match unsafe { + bitbox02_sys::securechip_stretch_password( + crate::util::str_to_cstr_vec(password)?.as_ptr(), + out.as_mut_ptr(), + ) + } { + 0 => Ok(out), + _ => Err(()), + } +} + pub fn model() -> Result { let mut ver = core::mem::MaybeUninit::uninit(); match unsafe { bitbox02_sys::securechip_model(ver.as_mut_ptr()) } { diff --git a/src/rust/bitbox02/src/util.rs b/src/rust/bitbox02/src/util.rs index f487e87c9..f6ed5ee15 100644 --- a/src/rust/bitbox02/src/util.rs +++ b/src/rust/bitbox02/src/util.rs @@ -44,7 +44,7 @@ pub fn truncate_str(s: &str, len: usize) -> &str { } /// Converts a Rust string to a null terminated C string by appending a null -/// terminator. Returns `Err(())` if the input already contians a null byte. +/// terminator. Returns `Err(())` if the input already contains a null byte. pub fn str_to_cstr_vec(input: &str) -> Result, ()> { Ok(alloc::ffi::CString::new(input) .or(Err(()))? From c4605fab239de7bb744b0d3db5a3b4c6e318353d Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Mon, 28 Apr 2025 18:30:49 +0200 Subject: [PATCH 5/7] wip --- src/rust/bitbox02-rust/src/keystore.rs | 7 +++---- src/rust/bitbox02-sys/build.rs | 1 + src/rust/bitbox02/src/random.rs | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/rust/bitbox02-rust/src/keystore.rs b/src/rust/bitbox02-rust/src/keystore.rs index 4e9f6eb01..1411c1bd8 100644 --- a/src/rust/bitbox02-rust/src/keystore.rs +++ b/src/rust/bitbox02-rust/src/keystore.rs @@ -18,7 +18,7 @@ pub mod ed25519; use alloc::vec::Vec; use crate::bip32; -use bitbox02::{keystore, memory, securechip}; +use bitbox02::{keystore, memory, random, securechip}; #[derive(Debug)] pub enum Error { @@ -58,10 +58,9 @@ pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error> securechip::init_new_password(password).map_err(|_| Error::SecureChip)?; let secret: zeroize::Zeroizing> = securechip::stretch_password(password).map_err(|_| Error::SecureChip)?; - // TODO: set IV randomly using random_32_bytes(). - let iv = &[0u8; 16]; + let iv: &[u8; 16] = &random::combined_32_bytes()[..16].try_into().unwrap(); let encrypted_seed: Vec = - bitbox_aes::encrypt_with_hmac(iv, secret.as_slice().try_into().unwrap(), seed); + bitbox_aes::encrypt_with_hmac(&iv, secret.as_slice().try_into().unwrap(), seed); memory::set_encrypted_seed_and_hmac(&encrypted_seed).map_err(|_| Error::Memory)?; // Verify seed. diff --git a/src/rust/bitbox02-sys/build.rs b/src/rust/bitbox02-sys/build.rs index 14b7258cd..2b6ccf851 100644 --- a/src/rust/bitbox02-sys/build.rs +++ b/src/rust/bitbox02-sys/build.rs @@ -108,6 +108,7 @@ const ALLOWLIST_FNS: &[&str] = &[ "progress_create", "progress_set", "random_32_bytes_mcu", + "random_32_bytes", "random_mock_reset", "reboot", "reset_reset", diff --git a/src/rust/bitbox02/src/random.rs b/src/rust/bitbox02/src/random.rs index df48df249..d8a86abbb 100644 --- a/src/rust/bitbox02/src/random.rs +++ b/src/rust/bitbox02/src/random.rs @@ -29,6 +29,20 @@ pub fn mcu_32_bytes(out: &mut [u8; 32]) { } } +#[cfg(target_arch = "arm")] +pub fn combined_32_bytes() -> [u8; 32] { + let mut out = [0u8; 32]; + unsafe { bitbox02_sys::random_32_bytes(out.as_mut_ptr()) } + out +} + +#[cfg(not(target_arch = "arm"))] +pub fn combined_32_bytes() -> [u8; 32] { + let mut out = [0u8; 32]; + mcu_32_bytes(&mut out); + out +} + #[cfg(feature = "testing")] pub fn mock_reset() { unsafe { From 3ab9b5b65cd93d5d9350009cae9e35f13ee09e34 Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Mon, 28 Apr 2025 22:53:58 +0200 Subject: [PATCH 6/7] wip --- src/rust/bitbox02-rust/src/keystore.rs | 2 +- src/rust/bitbox02-sys/build.rs | 1 + src/rust/bitbox02/src/memory.rs | 7 +++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/rust/bitbox02-rust/src/keystore.rs b/src/rust/bitbox02-rust/src/keystore.rs index 1411c1bd8..57fcda2c8 100644 --- a/src/rust/bitbox02-rust/src/keystore.rs +++ b/src/rust/bitbox02-rust/src/keystore.rs @@ -65,7 +65,7 @@ pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error> // Verify seed. if get_and_decrypt_seed(password)?.as_slice() != seed { - // TODO: reset hww + memory::reset_hww().map_err(|_| Error::Memory)?; return Err(Error::Memory); } diff --git a/src/rust/bitbox02-sys/build.rs b/src/rust/bitbox02-sys/build.rs index 2b6ccf851..da7ec8d11 100644 --- a/src/rust/bitbox02-sys/build.rs +++ b/src/rust/bitbox02-sys/build.rs @@ -101,6 +101,7 @@ const ALLOWLIST_FNS: &[&str] = &[ "memory_set_encrypted_seed_and_hmac", "memory_get_encrypted_seed_and_hmac", "memory_setup", + "memory_reset_hww", "menu_create", "mock_memory_factoryreset", "spi_mem_full_erase", diff --git a/src/rust/bitbox02/src/memory.rs b/src/rust/bitbox02/src/memory.rs index ee7dd002a..a9e484b65 100644 --- a/src/rust/bitbox02/src/memory.rs +++ b/src/rust/bitbox02/src/memory.rs @@ -187,6 +187,13 @@ pub fn get_encrypted_seed_and_hmac() -> Result, ()> { } } +pub fn reset_hww() -> Result<(), ()> { + match unsafe { bitbox02_sys::memory_reset_hww() } { + true => Ok(()), + false => Err(()), + } +} + #[cfg(test)] mod tests { use super::*; From fc4c3c70e181cc07489f8dda15423c8acfa1b8c0 Mon Sep 17 00:00:00 2001 From: Marko Bencun Date: Mon, 28 Apr 2025 23:48:11 +0200 Subject: [PATCH 7/7] wip intermediate So C tests can be shown to pass with the Rust impl. --- src/keystore.c | 57 +----------------------- src/rust/bitbox02-rust-c/src/keystore.rs | 38 ++++++++++++++++ src/rust/bitbox02-rust-c/src/lib.rs | 2 + src/rust/bitbox02-rust/src/keystore.rs | 2 +- src/rust/bitbox02/src/keystore.rs | 2 +- 5 files changed, 43 insertions(+), 58 deletions(-) create mode 100644 src/rust/bitbox02-rust-c/src/keystore.rs diff --git a/src/keystore.c b/src/keystore.c index b68bb00a3..ef80f2303 100644 --- a/src/keystore.c +++ b/src/keystore.c @@ -210,67 +210,12 @@ static keystore_error_t _get_and_decrypt_seed( return KEYSTORE_OK; } -static bool _verify_seed( - const char* password, - const uint8_t* expected_seed, - size_t expected_seed_len) -{ - uint8_t decrypted_seed[KEYSTORE_MAX_SEED_LENGTH] = {0}; - size_t seed_len; - UTIL_CLEANUP_32(decrypted_seed); - if (_get_and_decrypt_seed(password, decrypted_seed, &seed_len, NULL) != KEYSTORE_OK) { - return false; - } - if (expected_seed_len != seed_len) { - return false; - } - if (!MEMEQ(expected_seed, decrypted_seed, seed_len)) { - return false; - } - return true; -} - keystore_error_t keystore_encrypt_and_store_seed( const uint8_t* seed, size_t seed_length, const char* password) { - if (memory_is_initialized()) { - return KEYSTORE_ERR_MEMORY; - } - keystore_lock(); - if (!_validate_seed_length(seed_length)) { - return KEYSTORE_ERR_SEED_SIZE; - } - if (securechip_init_new_password(password)) { - return KEYSTORE_ERR_SECURECHIP; - } - uint8_t secret[32] = {0}; - UTIL_CLEANUP_32(secret); - if (securechip_stretch_password(password, secret)) { - return KEYSTORE_ERR_SECURECHIP; - } - - size_t encrypted_seed_len = seed_length + 64; - uint8_t encrypted_seed[encrypted_seed_len]; - UTIL_CLEANUP_32(encrypted_seed); - if (!cipher_aes_hmac_encrypt(seed, seed_length, encrypted_seed, &encrypted_seed_len, secret)) { - return KEYSTORE_ERR_ENCRYPT; - } - if (encrypted_seed_len > 255) { // sanity check, can't happen - Abort("keystore_encrypt_and_store_seed"); - } - uint8_t encrypted_seed_len_u8 = (uint8_t)encrypted_seed_len; - if (!memory_set_encrypted_seed_and_hmac(encrypted_seed, encrypted_seed_len_u8)) { - return KEYSTORE_ERR_MEMORY; - } - if (!_verify_seed(password, seed, seed_length)) { - if (!memory_reset_hww()) { - return KEYSTORE_ERR_MEMORY; - } - return KEYSTORE_ERR_MEMORY; - } - return KEYSTORE_OK; + return rust_keystore_encrypt_and_store_seed(rust_util_bytes(seed, seed_length), password); } keystore_error_t keystore_create_and_store_seed( diff --git a/src/rust/bitbox02-rust-c/src/keystore.rs b/src/rust/bitbox02-rust-c/src/keystore.rs new file mode 100644 index 000000000..63471354d --- /dev/null +++ b/src/rust/bitbox02-rust-c/src/keystore.rs @@ -0,0 +1,38 @@ +// Copyright 2025 Shift Cryptosecurity AG +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +extern crate alloc; +use crate::util::Bytes; + +use bitbox02::keystore::keystore_error_t; +use bitbox02_rust::keystore::Error; + +#[no_mangle] +pub unsafe extern "C" fn rust_keystore_encrypt_and_store_seed( + seed: Bytes, + password: *const core::ffi::c_char, +) -> u8 { + let password_str = core::ffi::CStr::from_ptr(password).to_str().unwrap(); + match bitbox02_rust::keystore::encrypt_and_store_seed(seed.as_ref(), password_str) { + Ok(()) => 0, + Err(err) => match err { + // In C this err didn't exist and ERR_MEMORY was used. + Error::AlreadyInitialized => keystore_error_t::KEYSTORE_ERR_MEMORY as _, + Error::Memory => keystore_error_t::KEYSTORE_ERR_MEMORY as _, + Error::SeedSize => keystore_error_t::KEYSTORE_ERR_SEED_SIZE as _, + Error::SecureChip => keystore_error_t::KEYSTORE_ERR_SECURECHIP as _, + Error::IncorrectPassword => keystore_error_t::KEYSTORE_ERR_INCORRECT_PASSWORD as _, + }, + } +} diff --git a/src/rust/bitbox02-rust-c/src/lib.rs b/src/rust/bitbox02-rust-c/src/lib.rs index 53fb7551d..5831ff317 100644 --- a/src/rust/bitbox02-rust-c/src/lib.rs +++ b/src/rust/bitbox02-rust-c/src/lib.rs @@ -36,6 +36,8 @@ mod p256; mod sha2; #[cfg(feature = "firmware")] mod workflow; +#[cfg(feature = "firmware")] +mod keystore; #[cfg(feature = "firmware")] mod der; diff --git a/src/rust/bitbox02-rust/src/keystore.rs b/src/rust/bitbox02-rust/src/keystore.rs index 57fcda2c8..984c06a40 100644 --- a/src/rust/bitbox02-rust/src/keystore.rs +++ b/src/rust/bitbox02-rust/src/keystore.rs @@ -51,7 +51,7 @@ fn get_and_decrypt_seed(password: &str) -> Result>, E pub fn encrypt_and_store_seed(seed: &[u8], password: &str) -> Result<(), Error> { if memory::is_initialized() { - return Err(Error::AlreadyInitialized); + return Err(Error::Memory); } keystore::lock(); validate_seed_length(seed.len())?; diff --git a/src/rust/bitbox02/src/keystore.rs b/src/rust/bitbox02/src/keystore.rs index a474cc809..974e81d1c 100644 --- a/src/rust/bitbox02/src/keystore.rs +++ b/src/rust/bitbox02/src/keystore.rs @@ -19,7 +19,7 @@ use alloc::vec::Vec; use core::convert::TryInto; -use bitbox02_sys::keystore_error_t; +pub use bitbox02_sys::keystore_error_t; pub const BIP39_WORDLIST_LEN: u16 = bitbox02_sys::BIP39_WORDLIST_LEN as u16; pub const EC_PUBLIC_KEY_LEN: usize = bitbox02_sys::EC_PUBLIC_KEY_LEN as _;