mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 4.8.0.309

Browse Source 
Former-commit-id: 5f9c6ae75f295e057a7d2971f3a6df4656fa8850
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2016-11-10 13:04:39 +00:00
parent ee1447783b
commit 94b2861243
4912 changed files with 390737 additions and 49310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
external/boringssl/crypto/cipher/CMakeLists.txt vendored Normal file
View File

@@ -0,0 +1,42 @@
include_directories(../../include)
add_library(
cipher
OBJECT
cipher.c
derive_key.c
aead.c
e_null.c
e_rc2.c
e_rc4.c
e_des.c
e_aes.c
e_chacha20poly1305.c
tls_cbc.c
e_tls.c
e_ssl3.c
)
if(ENABLE_TESTS)
add_executable(
cipher_test
cipher_test.cc
$<TARGET_OBJECTS:test_support>
)
add_executable(
aead_test
aead_test.cc
$<TARGET_OBJECTS:test_support>
)
target_link_libraries(cipher_test crypto)
target_link_libraries(aead_test crypto)
add_dependencies(all_tests cipher_test aead_test)
endif()

162
external/boringssl/crypto/cipher/aead.c vendored Normal file
View File

@@ -0,0 +1,162 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/aead.h>
#include <string.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include "internal.h"
#include "../internal.h"
size_t EVP_AEAD_key_length(const EVP_AEAD *aead) { return aead->key_len; }
size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead) { return aead->nonce_len; }
size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; }
size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; }
void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) {
memset(ctx, 0, sizeof(EVP_AEAD_CTX));
}
int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
const uint8_t *key, size_t key_len, size_t tag_len,
ENGINE *impl) {
if (!aead->init) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_DIRECTION_SET);
ctx->aead = NULL;
return 0;
}
return EVP_AEAD_CTX_init_with_direction(ctx, aead, key, key_len, tag_len,
evp_aead_open);
}
int EVP_AEAD_CTX_init_with_direction(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
const uint8_t *key, size_t key_len,
size_t tag_len,
enum evp_aead_direction_t dir) {
if (key_len != aead->key_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_KEY_SIZE);
ctx->aead = NULL;
return 0;
}
ctx->aead = aead;
int ok;
if (aead->init) {
ok = aead->init(ctx, key, key_len, tag_len);
} else {
ok = aead->init_with_direction(ctx, key, key_len, tag_len, dir);
}
if (!ok) {
ctx->aead = NULL;
}
return ok;
}
void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) {
if (ctx->aead == NULL) {
return;
}
ctx->aead->cleanup(ctx);
ctx->aead = NULL;
}
/* check_alias returns 1 if |out| is compatible with |in| and 0 otherwise. If
* |in| and |out| alias, we require that |in| == |out|. */
static int check_alias(const uint8_t *in, size_t in_len, const uint8_t *out,
size_t out_len) {
if (!buffers_alias(in, in_len, out, out_len)) {
return 1;
}
return in == out;
}
int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t max_out_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
size_t possible_out_len = in_len + ctx->aead->overhead;
if (possible_out_len < in_len /* overflow */) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
goto error;
}
if (!check_alias(in, in_len, out, max_out_len)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT);
goto error;
}
if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len, in,
in_len, ad, ad_len)) {
return 1;
}
error:
/* In the event of an error, clear the output buffer so that a caller
* that doesn't check the return value doesn't send raw data. */
memset(out, 0, max_out_len);
*out_len = 0;
return 0;
}
int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t max_out_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (!check_alias(in, in_len, out, max_out_len)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT);
goto error;
}
if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, in,
in_len, ad, ad_len)) {
return 1;
}
error:
/* In the event of an error, clear the output buffer so that a caller
* that doesn't check the return value doesn't try and process bad
* data. */
memset(out, 0, max_out_len);
*out_len = 0;
return 0;
}
int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) {
if (ctx->aead->get_rc4_state == NULL) {
return 0;
}
return ctx->aead->get_rc4_state(ctx, out_key);
}
int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_len) {
if (ctx->aead->get_iv == NULL) {
return 0;
}
return ctx->aead->get_iv(ctx, out_iv, out_len);
}

362
external/boringssl/crypto/cipher/aead_test.cc vendored Normal file
View File

@@ -0,0 +1,362 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <stdint.h>
#include <string.h>
#include <vector>
#include <openssl/aead.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include "../test/file_test.h"
#include "../test/scoped_types.h"
// This program tests an AEAD against a series of test vectors from a file,
// using the FileTest format. As an example, here's a valid test case:
//
// KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4
// NONCE: 978105dfce667bf4
// IN: 6a4583908d
// AD: b654574932
// CT: 5294265a60
// TAG: 1d45758621762e061368e68868e2f929
static bool TestAEAD(FileTest *t, void *arg) {
const EVP_AEAD *aead = reinterpret_cast<const EVP_AEAD*>(arg);
std::vector<uint8_t> key, nonce, in, ad, ct, tag;
if (!t->GetBytes(&key, "KEY") ||
!t->GetBytes(&nonce, "NONCE") ||
!t->GetBytes(&in, "IN") ||
!t->GetBytes(&ad, "AD") ||
!t->GetBytes(&ct, "CT") ||
!t->GetBytes(&tag, "TAG")) {
return false;
}
ScopedEVP_AEAD_CTX ctx;
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_seal)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
std::vector<uint8_t> out(in.size() + EVP_AEAD_max_overhead(aead));
if (!t->HasAttribute("NO_SEAL")) {
size_t out_len;
if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
nonce.data(), nonce.size(), in.data(), in.size(),
ad.data(), ad.size())) {
t->PrintLine("Failed to run AEAD.");
return false;
}
out.resize(out_len);
if (out.size() != ct.size() + tag.size()) {
t->PrintLine("Bad output length: %u vs %u.", (unsigned)out_len,
(unsigned)(ct.size() + tag.size()));
return false;
}
if (!t->ExpectBytesEqual(ct.data(), ct.size(), out.data(), ct.size()) ||
!t->ExpectBytesEqual(tag.data(), tag.size(), out.data() + ct.size(),
tag.size())) {
return false;
}
} else {
out.resize(ct.size() + tag.size());
memcpy(out.data(), ct.data(), ct.size());
memcpy(out.data() + ct.size(), tag.data(), tag.size());
}
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
std::vector<uint8_t> out2(out.size());
size_t out2_len;
int ret = EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(),
out.size(), ad.data(), ad.size());
if (t->HasAttribute("FAILS")) {
if (ret) {
t->PrintLine("Decrypted bad data.");
return false;
}
ERR_clear_error();
return true;
}
if (!ret) {
t->PrintLine("Failed to decrypt.");
return false;
}
out2.resize(out2_len);
if (!t->ExpectBytesEqual(in.data(), in.size(), out2.data(), out2.size())) {
return false;
}
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
// Garbage at the end isn't ignored.
out.push_back(0);
out2.resize(out.size());
if (EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(), out.size(),
ad.data(), ad.size())) {
t->PrintLine("Decrypted bad data with trailing garbage.");
return false;
}
ERR_clear_error();
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
t->PrintLine("Failed to init AEAD.");
return false;
}
// Verify integrity is checked.
out[0] ^= 0x80;
out.resize(out.size() - 1);
out2.resize(out.size());
if (EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(), out.size(),
ad.data(), ad.size())) {
t->PrintLine("Decrypted bad data with corrupted byte.");
return false;
}
ERR_clear_error();
return true;
}
static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) {
EVP_AEAD_CTX ctx;
uint8_t key[128];
memset(key, 0, sizeof(key));
const size_t key_len = EVP_AEAD_key_length(aead);
if (key_len > sizeof(key)) {
fprintf(stderr, "Key length of AEAD too long.\n");
return 0;
}
if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len,
9999 /* a silly tag length to trigger an error */,
NULL /* ENGINE */) != 0) {
fprintf(stderr, "A silly tag length didn't trigger an error!\n");
return 0;
}
ERR_clear_error();
/* Running a second, failed _init should not cause a memory leak. */
if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len,
9999 /* a silly tag length to trigger an error */,
NULL /* ENGINE */) != 0) {
fprintf(stderr, "A silly tag length didn't trigger an error!\n");
return 0;
}
ERR_clear_error();
/* Calling _cleanup on an |EVP_AEAD_CTX| after a failed _init should be a
* no-op. */
EVP_AEAD_CTX_cleanup(&ctx);
return 1;
}
static bool TestWithAliasedBuffers(const EVP_AEAD *aead) {
const size_t key_len = EVP_AEAD_key_length(aead);
const size_t nonce_len = EVP_AEAD_nonce_length(aead);
const size_t max_overhead = EVP_AEAD_max_overhead(aead);
std::vector<uint8_t> key(key_len, 'a');
ScopedEVP_AEAD_CTX ctx;
if (!EVP_AEAD_CTX_init(ctx.get(), aead, key.data(), key_len,
EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr)) {
return false;
}
static const uint8_t kPlaintext[260] =
"testing123456testing123456testing123456testing123456testing123456testing"
"123456testing123456testing123456testing123456testing123456testing123456t"
"esting123456testing123456testing123456testing123456testing123456testing1"
"23456testing123456testing123456testing12345";
const std::vector<size_t> offsets = {
0, 1, 2, 8, 15, 16, 17, 31, 32, 33, 63,
64, 65, 95, 96, 97, 127, 128, 129, 255, 256, 257,
};
std::vector<uint8_t> nonce(nonce_len, 'b');
std::vector<uint8_t> valid_encryption(sizeof(kPlaintext) + max_overhead);
size_t valid_encryption_len;
if (!EVP_AEAD_CTX_seal(
ctx.get(), valid_encryption.data(), &valid_encryption_len,
sizeof(kPlaintext) + max_overhead, nonce.data(), nonce_len,
kPlaintext, sizeof(kPlaintext), nullptr, 0)) {
fprintf(stderr, "EVP_AEAD_CTX_seal failed with disjoint buffers.\n");
return false;
}
// Test with out != in which we expect to fail.
std::vector<uint8_t> buffer(2 + valid_encryption_len);
uint8_t *in = buffer.data() + 1;
uint8_t *out1 = buffer.data();
uint8_t *out2 = buffer.data() + 2;
memcpy(in, kPlaintext, sizeof(kPlaintext));
size_t out_len;
if (EVP_AEAD_CTX_seal(ctx.get(), out1, &out_len,
sizeof(kPlaintext) + max_overhead, nonce.data(),
nonce_len, in, sizeof(kPlaintext), nullptr, 0) ||
EVP_AEAD_CTX_seal(ctx.get(), out2, &out_len,
sizeof(kPlaintext) + max_overhead, nonce.data(),
nonce_len, in, sizeof(kPlaintext), nullptr, 0)) {
fprintf(stderr, "EVP_AEAD_CTX_seal unexpectedly succeeded.\n");
return false;
}
ERR_clear_error();
memcpy(in, valid_encryption.data(), valid_encryption_len);
if (EVP_AEAD_CTX_open(ctx.get(), out1, &out_len, valid_encryption_len,
nonce.data(), nonce_len, in, valid_encryption_len,
nullptr, 0) ||
EVP_AEAD_CTX_open(ctx.get(), out2, &out_len, valid_encryption_len,
nonce.data(), nonce_len, in, valid_encryption_len,
nullptr, 0)) {
fprintf(stderr, "EVP_AEAD_CTX_open unexpectedly succeeded.\n");
return false;
}
ERR_clear_error();
// Test with out == in, which we expect to work.
memcpy(in, kPlaintext, sizeof(kPlaintext));
if (!EVP_AEAD_CTX_seal(ctx.get(), in, &out_len,
sizeof(kPlaintext) + max_overhead, nonce.data(),
nonce_len, in, sizeof(kPlaintext), nullptr, 0)) {
fprintf(stderr, "EVP_AEAD_CTX_seal failed in-place.\n");
return false;
}
if (out_len != valid_encryption_len ||
memcmp(in, valid_encryption.data(), out_len) != 0) {
fprintf(stderr, "EVP_AEAD_CTX_seal produced bad output in-place.\n");
return false;
}
memcpy(in, valid_encryption.data(), valid_encryption_len);
if (!EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len,
nonce.data(), nonce_len, in, valid_encryption_len,
nullptr, 0)) {
fprintf(stderr, "EVP_AEAD_CTX_open failed in-place.\n");
return false;
}
if (out_len != sizeof(kPlaintext) ||
memcmp(in, kPlaintext, out_len) != 0) {
fprintf(stderr, "EVP_AEAD_CTX_open produced bad output in-place.\n");
return false;
}
return true;
}
struct KnownAEAD {
const char name[40];
const EVP_AEAD *(*func)(void);
// limited_implementation indicates that tests that assume a generic AEAD
// interface should not be performed. For example, the key-wrap AEADs only
// handle inputs that are a multiple of eight bytes in length and the
// SSLv3/TLS AEADs have the concept of “direction”.
bool limited_implementation;
};
static const struct KnownAEAD kAEADs[] = {
{ "aes-128-gcm", EVP_aead_aes_128_gcm, false },
{ "aes-256-gcm", EVP_aead_aes_256_gcm, false },
{ "chacha20-poly1305", EVP_aead_chacha20_poly1305, false },
{ "chacha20-poly1305-old", EVP_aead_chacha20_poly1305_old, false },
{ "rc4-md5-tls", EVP_aead_rc4_md5_tls, true },
{ "rc4-sha1-tls", EVP_aead_rc4_sha1_tls, true },
{ "aes-128-cbc-sha1-tls", EVP_aead_aes_128_cbc_sha1_tls, true },
{ "aes-128-cbc-sha1-tls-implicit-iv", EVP_aead_aes_128_cbc_sha1_tls_implicit_iv, true },
{ "aes-128-cbc-sha256-tls", EVP_aead_aes_128_cbc_sha256_tls, true },
{ "aes-256-cbc-sha1-tls", EVP_aead_aes_256_cbc_sha1_tls, true },
{ "aes-256-cbc-sha1-tls-implicit-iv", EVP_aead_aes_256_cbc_sha1_tls_implicit_iv, true },
{ "aes-256-cbc-sha256-tls", EVP_aead_aes_256_cbc_sha256_tls, true },
{ "aes-256-cbc-sha384-tls", EVP_aead_aes_256_cbc_sha384_tls, true },
{ "des-ede3-cbc-sha1-tls", EVP_aead_des_ede3_cbc_sha1_tls, true },
{ "des-ede3-cbc-sha1-tls-implicit-iv", EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv, true },
{ "rc4-md5-ssl3", EVP_aead_rc4_md5_ssl3, true },
{ "rc4-sha1-ssl3", EVP_aead_rc4_sha1_ssl3, true },
{ "aes-128-cbc-sha1-ssl3", EVP_aead_aes_128_cbc_sha1_ssl3, true },
{ "aes-256-cbc-sha1-ssl3", EVP_aead_aes_256_cbc_sha1_ssl3, true },
{ "des-ede3-cbc-sha1-ssl3", EVP_aead_des_ede3_cbc_sha1_ssl3, true },
{ "aes-128-key-wrap", EVP_aead_aes_128_key_wrap, true },
{ "aes-256-key-wrap", EVP_aead_aes_256_key_wrap, true },
{ "aes-128-ctr-hmac-sha256", EVP_aead_aes_128_ctr_hmac_sha256, false },
{ "aes-256-ctr-hmac-sha256", EVP_aead_aes_256_ctr_hmac_sha256, false },
{ "", NULL, false },
};
int main(int argc, char **argv) {
CRYPTO_library_init();
if (argc != 3) {
fprintf(stderr, "%s <aead> <test file.txt>\n", argv[0]);
return 1;
}
const struct KnownAEAD *known_aead;
for (unsigned i = 0;; i++) {
known_aead = &kAEADs[i];
if (known_aead->func == NULL) {
fprintf(stderr, "Unknown AEAD: %s\n", argv[1]);
return 2;
}
if (strcmp(known_aead->name, argv[1]) == 0) {
break;
}
}
const EVP_AEAD *const aead = known_aead->func();
if (!TestCleanupAfterInitFailure(aead)) {
return 1;
}
if (!known_aead->limited_implementation && !TestWithAliasedBuffers(aead)) {
fprintf(stderr, "Aliased buffers test failed for %s.\n", known_aead->name);
return 1;
}
return FileTestMain(TestAEAD, const_cast<EVP_AEAD*>(aead), argv[2]);
}

652
external/boringssl/crypto/cipher/cipher.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

296
external/boringssl/crypto/cipher/cipher_test.cc vendored Normal file
View File

@@ -0,0 +1,296 @@
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdlib.h>
#include <string.h>
#include <string>
#include <vector>
#include <openssl/cipher.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include "../test/file_test.h"
#include "../test/scoped_types.h"
static const EVP_CIPHER *GetCipher(const std::string &name) {
if (name == "DES-CBC") {
return EVP_des_cbc();
} else if (name == "DES-ECB") {
return EVP_des_ecb();
} else if (name == "DES-EDE") {
return EVP_des_ede();
} else if (name == "DES-EDE-CBC") {
return EVP_des_ede_cbc();
} else if (name == "DES-EDE3-CBC") {
return EVP_des_ede3_cbc();
} else if (name == "RC4") {
return EVP_rc4();
} else if (name == "AES-128-ECB") {
return EVP_aes_128_ecb();
} else if (name == "AES-256-ECB") {
return EVP_aes_256_ecb();
} else if (name == "AES-128-CBC") {
return EVP_aes_128_cbc();
} else if (name == "AES-128-GCM") {
return EVP_aes_128_gcm();
} else if (name == "AES-128-OFB") {
return EVP_aes_128_ofb();
} else if (name == "AES-192-CBC") {
return EVP_aes_192_cbc();
} else if (name == "AES-192-ECB") {
return EVP_aes_192_ecb();
} else if (name == "AES-256-CBC") {
return EVP_aes_256_cbc();
} else if (name == "AES-128-CTR") {
return EVP_aes_128_ctr();
} else if (name == "AES-256-CTR") {
return EVP_aes_256_ctr();
} else if (name == "AES-256-GCM") {
return EVP_aes_256_gcm();
} else if (name == "AES-256-OFB") {
return EVP_aes_256_ofb();
}
return nullptr;
}
static bool TestOperation(FileTest *t,
const EVP_CIPHER *cipher,
bool encrypt,
size_t chunk_size,
const std::vector<uint8_t> &key,
const std::vector<uint8_t> &iv,
const std::vector<uint8_t> &plaintext,
const std::vector<uint8_t> &ciphertext,
const std::vector<uint8_t> &aad,
const std::vector<uint8_t> &tag) {
const std::vector<uint8_t> *in, *out;
if (encrypt) {
in = &plaintext;
out = &ciphertext;
} else {
in = &ciphertext;
out = &plaintext;
}
bool is_aead = EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE;
ScopedEVP_CIPHER_CTX ctx;
if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr,
encrypt ? 1 : 0)) {
return false;
}
if (t->HasAttribute("IV")) {
if (is_aead) {
if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN,
iv.size(), 0)) {
return false;
}
} else if (iv.size() != EVP_CIPHER_CTX_iv_length(ctx.get())) {
t->PrintLine("Bad IV length.");
return false;
}
}
if (is_aead && !encrypt &&
!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, tag.size(),
const_cast<uint8_t*>(tag.data()))) {
return false;
}
// The ciphers are run with no padding. For each of the ciphers we test, the
// output size matches the input size.
std::vector<uint8_t> result(in->size());
if (in->size() != out->size()) {
t->PrintLine("Input/output size mismatch (%u vs %u).", (unsigned)in->size(),
(unsigned)out->size());
return false;
}
// Note: the deprecated |EVP_CIPHER|-based AES-GCM API is sensitive to whether
// parameters are NULL, so it is important to skip the |in| and |aad|
// |EVP_CipherUpdate| calls when empty.
int unused, result_len1 = 0, result_len2;
if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()) ||
!EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key.data(), iv.data(),
-1) ||
(!aad.empty() &&
!EVP_CipherUpdate(ctx.get(), nullptr, &unused, aad.data(),
aad.size())) ||
!EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) {
t->PrintLine("Operation failed.");
return false;
}
if (chunk_size != 0) {
for (size_t i = 0; i < in->size();) {
size_t todo = chunk_size;
if (i + todo > in->size()) {
todo = in->size() - i;
}
int len;
if (!EVP_CipherUpdate(ctx.get(), result.data() + result_len1, &len,
in->data() + i, todo)) {
t->PrintLine("Operation failed.");
return false;
}
result_len1 += len;
i += todo;
}
} else if (!in->empty() &&
!EVP_CipherUpdate(ctx.get(), result.data(), &result_len1,
in->data(), in->size())) {
t->PrintLine("Operation failed.");
return false;
}
if (!EVP_CipherFinal_ex(ctx.get(), result.data() + result_len1,
&result_len2)) {
t->PrintLine("Operation failed.");
return false;
}
result.resize(result_len1 + result_len2);
if (!t->ExpectBytesEqual(out->data(), out->size(), result.data(),
result.size())) {
return false;
}
if (encrypt && is_aead) {
uint8_t rtag[16];
if (tag.size() > sizeof(rtag)) {
t->PrintLine("Bad tag length.");
return false;
}
if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, tag.size(),
rtag) ||
!t->ExpectBytesEqual(tag.data(), tag.size(), rtag,
tag.size())) {
return false;
}
}
return true;
}
static bool TestCipher(FileTest *t, void *arg) {
std::string cipher_str;
if (!t->GetAttribute(&cipher_str, "Cipher")) {
return false;
}
const EVP_CIPHER *cipher = GetCipher(cipher_str);
if (cipher == nullptr) {
t->PrintLine("Unknown cipher: '%s'.", cipher_str.c_str());
return false;
}
std::vector<uint8_t> key, iv, plaintext, ciphertext, aad, tag;
if (!t->GetBytes(&key, "Key") ||
!t->GetBytes(&plaintext, "Plaintext") ||
!t->GetBytes(&ciphertext, "Ciphertext")) {
return false;
}
if (EVP_CIPHER_iv_length(cipher) > 0 &&
!t->GetBytes(&iv, "IV")) {
return false;
}
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
if (!t->GetBytes(&aad, "AAD") ||
!t->GetBytes(&tag, "Tag")) {
return false;
}
}
enum {
kEncrypt,
kDecrypt,
kBoth,
} operation = kBoth;
if (t->HasAttribute("Operation")) {
const std::string &str = t->GetAttributeOrDie("Operation");
if (str == "ENCRYPT") {
operation = kEncrypt;
} else if (str == "DECRYPT") {
operation = kDecrypt;
} else {
t->PrintLine("Unknown operation: '%s'.", str.c_str());
return false;
}
}
const std::vector<size_t> chunk_sizes = {0, 1, 2, 5, 7, 8, 9, 15, 16,
17, 31, 32, 33, 63, 64, 65, 512};
for (size_t chunk_size : chunk_sizes) {
// By default, both directions are run, unless overridden by the operation.
if (operation != kDecrypt &&
!TestOperation(t, cipher, true /* encrypt */, chunk_size, key, iv,
plaintext, ciphertext, aad, tag)) {
return false;
}
if (operation != kEncrypt &&
!TestOperation(t, cipher, false /* decrypt */, chunk_size, key, iv,
plaintext, ciphertext, aad, tag)) {
return false;
}
}
return true;
}
int main(int argc, char **argv) {
CRYPTO_library_init();
if (argc != 2) {
fprintf(stderr, "%s <test file>\n", argv[0]);
return 1;
}
return FileTestMain(TestCipher, nullptr, argv[1]);
}

154
external/boringssl/crypto/cipher/derive_key.c vendored Normal file
View File

@@ -0,0 +1,154 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/cipher.h>
#include <assert.h>
#include <openssl/digest.h>
#include <openssl/mem.h>
#include "internal.h"
#define PKCS5_SALT_LEN 8
int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
const uint8_t *salt, const uint8_t *data, size_t data_len,
unsigned count, uint8_t *key, uint8_t *iv) {
EVP_MD_CTX c;
uint8_t md_buf[EVP_MAX_MD_SIZE];
unsigned niv, nkey, addmd = 0;
unsigned mds = 0, i;
int rv = 0;
nkey = type->key_len;
niv = type->iv_len;
assert(nkey <= EVP_MAX_KEY_LENGTH);
assert(niv <= EVP_MAX_IV_LENGTH);
if (data == NULL) {
return nkey;
}
EVP_MD_CTX_init(&c);
for (;;) {
if (!EVP_DigestInit_ex(&c, md, NULL)) {
return 0;
}
if (addmd++) {
if (!EVP_DigestUpdate(&c, md_buf, mds)) {
goto err;
}
}
if (!EVP_DigestUpdate(&c, data, data_len)) {
goto err;
}
if (salt != NULL) {
if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) {
goto err;
}
}
if (!EVP_DigestFinal_ex(&c, md_buf, &mds)) {
goto err;
}
for (i = 1; i < count; i++) {
if (!EVP_DigestInit_ex(&c, md, NULL) ||
!EVP_DigestUpdate(&c, md_buf, mds) ||
!EVP_DigestFinal_ex(&c, md_buf, &mds)) {
goto err;
}
}
i = 0;
if (nkey) {
for (;;) {
if (nkey == 0 || i == mds) {
break;
}
if (key != NULL) {
*(key++) = md_buf[i];
}
nkey--;
i++;
}
}
if (niv && i != mds) {
for (;;) {
if (niv == 0 || i == mds) {
break;
}
if (iv != NULL) {
*(iv++) = md_buf[i];
}
niv--;
i++;
}
}
if (nkey == 0 && niv == 0) {
break;
}
}
rv = type->key_len;
err:
EVP_MD_CTX_cleanup(&c);
OPENSSL_cleanse(md_buf, EVP_MAX_MD_SIZE);
return rv;
}

1715
external/boringssl/crypto/cipher/e_aes.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

302
external/boringssl/crypto/cipher/e_chacha20poly1305.c vendored Normal file
View File

@@ -0,0 +1,302 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/aead.h>
#include <string.h>
#include <openssl/chacha.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/poly1305.h>
#include "internal.h"
#include "../internal.h"
#define POLY1305_TAG_LEN 16
struct aead_chacha20_poly1305_ctx {
unsigned char key[32];
unsigned char tag_len;
};
static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
struct aead_chacha20_poly1305_ctx *c20_ctx;
if (tag_len == 0) {
tag_len = POLY1305_TAG_LEN;
}
if (tag_len > POLY1305_TAG_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (key_len != sizeof(c20_ctx->key)) {
return 0; /* internal error - EVP_AEAD_CTX_init should catch this. */
}
c20_ctx = OPENSSL_malloc(sizeof(struct aead_chacha20_poly1305_ctx));
if (c20_ctx == NULL) {
return 0;
}
memcpy(c20_ctx->key, key, key_len);
c20_ctx->tag_len = tag_len;
ctx->aead_state = c20_ctx;
return 1;
}
static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {
struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
OPENSSL_cleanse(c20_ctx->key, sizeof(c20_ctx->key));
OPENSSL_free(c20_ctx);
}
static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
uint8_t length_bytes[8];
unsigned i;
for (i = 0; i < sizeof(length_bytes); i++) {
length_bytes[i] = data_len;
data_len >>= 8;
}
CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes));
}
typedef void (*aead_poly1305_update)(poly1305_state *ctx, const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len);
/* aead_poly1305 fills |tag| with the authentication tag for the given
* inputs, using |update| to control the order and format that the inputs are
* signed/authenticated. */
static void aead_poly1305(aead_poly1305_update update,
uint8_t tag[POLY1305_TAG_LEN],
const struct aead_chacha20_poly1305_ctx *c20_ctx,
const uint8_t nonce[12], const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) {
alignas(16) uint8_t poly1305_key[32];
memset(poly1305_key, 0, sizeof(poly1305_key));
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
c20_ctx->key, nonce, 0);
poly1305_state ctx;
CRYPTO_poly1305_init(&ctx, poly1305_key);
update(&ctx, ad, ad_len, ciphertext, ciphertext_len);
CRYPTO_poly1305_finish(&ctx, tag);
}
static int seal_impl(aead_poly1305_update poly1305_update,
const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t max_out_len, const uint8_t nonce[12],
const uint8_t *in, size_t in_len, const uint8_t *ad,
size_t ad_len) {
const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
const uint64_t in_len_64 = in_len;
/* |CRYPTO_chacha_20| uses a 32-bit block counter. Therefore we disallow
* individual operations that work on more than 256GB at a time.
* |in_len_64| is needed because, on 32-bit platforms, size_t is only
* 32-bits and this produces a warning because it's always false.
* Casting to uint64_t inside the conditional is not sufficient to stop
* the warning. */
if (in_len_64 >= (UINT64_C(1) << 32) * 64 - 64) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (in_len + c20_ctx->tag_len < in_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + c20_ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
alignas(16) uint8_t tag[POLY1305_TAG_LEN];
aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, out, in_len);
memcpy(out + in_len, tag, c20_ctx->tag_len);
*out_len = in_len + c20_ctx->tag_len;
return 1;
}
static int open_impl(aead_poly1305_update poly1305_update,
const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t max_out_len, const uint8_t nonce[12],
const uint8_t *in, size_t in_len, const uint8_t *ad,
size_t ad_len) {
const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
size_t plaintext_len;
const uint64_t in_len_64 = in_len;
if (in_len < c20_ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
/* |CRYPTO_chacha_20| uses a 32-bit block counter. Therefore we disallow
* individual operations that work on more than 256GB at a time.
* |in_len_64| is needed because, on 32-bit platforms, size_t is only
* 32-bits and this produces a warning because it's always false.
* Casting to uint64_t inside the conditional is not sufficient to stop
* the warning. */
if (in_len_64 >= (UINT64_C(1) << 32) * 64 - 64) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
plaintext_len = in_len - c20_ctx->tag_len;
alignas(16) uint8_t tag[POLY1305_TAG_LEN];
aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, in,
plaintext_len);
if (CRYPTO_memcmp(tag, in + plaintext_len, c20_ctx->tag_len) != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, nonce, 1);
*out_len = plaintext_len;
return 1;
}
static void poly1305_update_padded_16(poly1305_state *poly1305,
const uint8_t *data, size_t data_len) {
static const uint8_t padding[16] = { 0 }; /* Padding is all zeros. */
CRYPTO_poly1305_update(poly1305, data, data_len);
if (data_len % 16 != 0) {
CRYPTO_poly1305_update(poly1305, padding, sizeof(padding) - (data_len % 16));
}
}
static void poly1305_update(poly1305_state *ctx, const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) {
poly1305_update_padded_16(ctx, ad, ad_len);
poly1305_update_padded_16(ctx, ciphertext, ciphertext_len);
poly1305_update_length(ctx, ad_len);
poly1305_update_length(ctx, ciphertext_len);
}
static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 12) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
return seal_impl(poly1305_update, ctx, out, out_len, max_out_len, nonce, in,
in_len, ad, ad_len);
}
static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 12) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
return open_impl(poly1305_update, ctx, out, out_len, max_out_len, nonce, in,
in_len, ad, ad_len);
}
static const EVP_AEAD aead_chacha20_poly1305 = {
32, /* key len */
12, /* nonce len */
POLY1305_TAG_LEN, /* overhead */
POLY1305_TAG_LEN, /* max tag length */
aead_chacha20_poly1305_init,
NULL, /* init_with_direction */
aead_chacha20_poly1305_cleanup,
aead_chacha20_poly1305_seal,
aead_chacha20_poly1305_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_chacha20_poly1305(void) {
return &aead_chacha20_poly1305;
}
static void poly1305_update_old(poly1305_state *ctx, const uint8_t *ad,
size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) {
CRYPTO_poly1305_update(ctx, ad, ad_len);
poly1305_update_length(ctx, ad_len);
CRYPTO_poly1305_update(ctx, ciphertext, ciphertext_len);
poly1305_update_length(ctx, ciphertext_len);
}
static int aead_chacha20_poly1305_old_seal(
const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 8) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
uint8_t nonce_96[12];
memset(nonce_96, 0, 4);
memcpy(nonce_96 + 4, nonce, 8);
return seal_impl(poly1305_update_old, ctx, out, out_len, max_out_len,
nonce_96, in, in_len, ad, ad_len);
}
static int aead_chacha20_poly1305_old_open(
const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
if (nonce_len != 8) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
uint8_t nonce_96[12];
memset(nonce_96, 0, 4);
memcpy(nonce_96 + 4, nonce, 8);
return open_impl(poly1305_update_old, ctx, out, out_len, max_out_len,
nonce_96, in, in_len, ad, ad_len);
}
static const EVP_AEAD aead_chacha20_poly1305_old = {
32, /* key len */
8, /* nonce len */
POLY1305_TAG_LEN, /* overhead */
POLY1305_TAG_LEN, /* max tag length */
aead_chacha20_poly1305_init,
NULL, /* init_with_direction */
aead_chacha20_poly1305_cleanup,
aead_chacha20_poly1305_old_seal,
aead_chacha20_poly1305_old_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void) {
return &aead_chacha20_poly1305_old;
}

207
external/boringssl/crypto/cipher/e_des.c vendored Normal file
View File

@@ -0,0 +1,207 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/cipher.h>
#include <openssl/des.h>
#include <openssl/nid.h>
#include "internal.h"
typedef struct {
union {
double align;
DES_key_schedule ks;
} ks;
} EVP_DES_KEY;
static int des_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
DES_cblock *deskey = (DES_cblock *)key;
EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
DES_set_key(deskey, &dat->ks.ks);
return 1;
}
static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t in_len) {
EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
DES_ncbc_encrypt(in, out, in_len, &dat->ks.ks, (DES_cblock *)ctx->iv,
ctx->encrypt);
return 1;
}
static const EVP_CIPHER des_cbc = {
NID_des_cbc, 8 /* block_size */, 8 /* key_size */,
8 /* iv_len */, sizeof(EVP_DES_KEY), EVP_CIPH_CBC_MODE,
NULL /* app_data */, des_init_key, des_cbc_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_cbc(void) { return &des_cbc; }
static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t in_len) {
if (in_len < ctx->cipher->block_size) {
return 1;
}
in_len -= ctx->cipher->block_size;
EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
size_t i;
for (i = 0; i <= in_len; i += ctx->cipher->block_size) {
DES_ecb_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
&dat->ks.ks, ctx->encrypt);
}
return 1;
}
static const EVP_CIPHER des_ecb = {
NID_des_ecb, 8 /* block_size */, 8 /* key_size */,
0 /* iv_len */, sizeof(EVP_DES_KEY), EVP_CIPH_ECB_MODE,
NULL /* app_data */, des_init_key, des_ecb_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ecb(void) { return &des_ecb; }
typedef struct {
union {
double align;
DES_key_schedule ks[3];
} ks;
} DES_EDE_KEY;
static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = (DES_EDE_KEY*) ctx->cipher_data;
DES_set_key(&deskey[0], &dat->ks.ks[0]);
DES_set_key(&deskey[1], &dat->ks.ks[1]);
DES_set_key(&deskey[2], &dat->ks.ks[2]);
return 1;
}
static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len) {
DES_EDE_KEY *dat = (DES_EDE_KEY*) ctx->cipher_data;
DES_ede3_cbc_encrypt(in, out, in_len, &dat->ks.ks[0], &dat->ks.ks[1],
&dat->ks.ks[2], (DES_cblock *)ctx->iv, ctx->encrypt);
return 1;
}
static const EVP_CIPHER des_ede3_cbc = {
NID_des_ede3_cbc, 8 /* block_size */, 24 /* key_size */,
8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
NULL /* app_data */, des_ede3_init_key, des_ede3_cbc_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des_ede3_cbc; }
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
DES_cblock *deskey = (DES_cblock *) key;
DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
DES_set_key(&deskey[0], &dat->ks.ks[0]);
DES_set_key(&deskey[1], &dat->ks.ks[1]);
DES_set_key(&deskey[0], &dat->ks.ks[2]);
return 1;
}
static const EVP_CIPHER des_ede_cbc = {
NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */,
8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
NULL /* app_data */, des_ede_init_key , des_ede3_cbc_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ede_cbc(void) { return &des_ede_cbc; }
static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len) {
if (in_len < ctx->cipher->block_size) {
return 1;
}
in_len -= ctx->cipher->block_size;
DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
size_t i;
for (i = 0; i <= in_len; i += ctx->cipher->block_size) {
DES_ecb3_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
&dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2],
ctx->encrypt);
}
return 1;
}
static const EVP_CIPHER des_ede_ecb = {
NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */,
0 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_ECB_MODE,
NULL /* app_data */, des_ede_init_key , des_ede_ecb_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; }

85
external/boringssl/crypto/cipher/e_null.c vendored Normal file
View File

@@ -0,0 +1,85 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/cipher.h>
#include <string.h>
#include <openssl/nid.h>
#include "internal.h"
static int null_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
return 1;
}
static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len) {
if (in != out) {
memcpy(out, in, in_len);
}
return 1;
}
static const EVP_CIPHER n_cipher = {
NID_undef, 1 /* block size */, 0 /* key_len */, 0 /* iv_len */,
0 /* ctx_size */, 0 /* flags */, NULL /* app_data */, null_init_key,
null_cipher, NULL /* cleanup */, NULL /* ctrl */,
};
const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; }

443
external/boringssl/crypto/cipher/e_rc2.c vendored Normal file
View File

@@ -0,0 +1,443 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/cipher.h>
#include <openssl/nid.h>
#include "internal.h"
#define c2l(c, l) \
(l = ((uint32_t)(*((c)++))), l |= ((uint32_t)(*((c)++))) << 8L, \
l |= ((uint32_t)(*((c)++))) << 16L, \
l |= ((uint32_t)(*((c)++))) << 24L)
#define c2ln(c, l1, l2, n) \
{ \
c += n; \
l1 = l2 = 0; \
switch (n) { \
case 8: \
l2 = ((uint32_t)(*(--(c)))) << 24L; \
case 7: \
l2 |= ((uint32_t)(*(--(c)))) << 16L; \
case 6: \
l2 |= ((uint32_t)(*(--(c)))) << 8L; \
case 5: \
l2 |= ((uint32_t)(*(--(c)))); \
case 4: \
l1 = ((uint32_t)(*(--(c)))) << 24L; \
case 3: \
l1 |= ((uint32_t)(*(--(c)))) << 16L; \
case 2: \
l1 |= ((uint32_t)(*(--(c)))) << 8L; \
case 1: \
l1 |= ((uint32_t)(*(--(c)))); \
} \
}
#define l2c(l, c) \
(*((c)++) = (uint8_t)(((l)) & 0xff), \
*((c)++) = (uint8_t)(((l) >> 8L) & 0xff), \
*((c)++) = (uint8_t)(((l) >> 16L) & 0xff), \
*((c)++) = (uint8_t)(((l) >> 24L) & 0xff))
#define l2cn(l1, l2, c, n) \
{ \
c += n; \
switch (n) { \
case 8: \
*(--(c)) = (uint8_t)(((l2) >> 24L) & 0xff); \
case 7: \
*(--(c)) = (uint8_t)(((l2) >> 16L) & 0xff); \
case 6: \
*(--(c)) = (uint8_t)(((l2) >> 8L) & 0xff); \
case 5: \
*(--(c)) = (uint8_t)(((l2)) & 0xff); \
case 4: \
*(--(c)) = (uint8_t)(((l1) >> 24L) & 0xff); \
case 3: \
*(--(c)) = (uint8_t)(((l1) >> 16L) & 0xff); \
case 2: \
*(--(c)) = (uint8_t)(((l1) >> 8L) & 0xff); \
case 1: \
*(--(c)) = (uint8_t)(((l1)) & 0xff); \
} \
}
typedef struct rc2_key_st { uint16_t data[64]; } RC2_KEY;
static void RC2_encrypt(uint32_t *d, RC2_KEY *key) {
int i, n;
uint16_t *p0, *p1;
uint16_t x0, x1, x2, x3, t;
uint32_t l;
l = d[0];
x0 = (uint16_t)l & 0xffff;
x1 = (uint16_t)(l >> 16L);
l = d[1];
x2 = (uint16_t)l & 0xffff;
x3 = (uint16_t)(l >> 16L);
n = 3;
i = 5;
p0 = p1 = &key->data[0];
for (;;) {
t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
x0 = (t << 1) | (t >> 15);
t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
x1 = (t << 2) | (t >> 14);
t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
x2 = (t << 3) | (t >> 13);
t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
x3 = (t << 5) | (t >> 11);
if (--i == 0) {
if (--n == 0) {
break;
}
i = (n == 2) ? 6 : 5;
x0 += p1[x3 & 0x3f];
x1 += p1[x0 & 0x3f];
x2 += p1[x1 & 0x3f];
x3 += p1[x2 & 0x3f];
}
}
d[0] = (uint32_t)(x0 & 0xffff) | ((uint32_t)(x1 & 0xffff) << 16L);
d[1] = (uint32_t)(x2 & 0xffff) | ((uint32_t)(x3 & 0xffff) << 16L);
}
static void RC2_decrypt(uint32_t *d, RC2_KEY *key) {
int i, n;
uint16_t *p0, *p1;
uint16_t x0, x1, x2, x3, t;
uint32_t l;
l = d[0];
x0 = (uint16_t)l & 0xffff;
x1 = (uint16_t)(l >> 16L);
l = d[1];
x2 = (uint16_t)l & 0xffff;
x3 = (uint16_t)(l >> 16L);
n = 3;
i = 5;
p0 = &key->data[63];
p1 = &key->data[0];
for (;;) {
t = ((x3 << 11) | (x3 >> 5)) & 0xffff;
x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
t = ((x2 << 13) | (x2 >> 3)) & 0xffff;
x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
t = ((x1 << 14) | (x1 >> 2)) & 0xffff;
x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
t = ((x0 << 15) | (x0 >> 1)) & 0xffff;
x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
if (--i == 0) {
if (--n == 0) {
break;
}
i = (n == 2) ? 6 : 5;
x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
}
}
d[0] = (uint32_t)(x0 & 0xffff) | ((uint32_t)(x1 & 0xffff) << 16L);
d[1] = (uint32_t)(x2 & 0xffff) | ((uint32_t)(x3 & 0xffff) << 16L);
}
static void RC2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
RC2_KEY *ks, uint8_t *iv, int encrypt) {
uint32_t tin0, tin1;
uint32_t tout0, tout1, xor0, xor1;
long l = length;
uint32_t tin[2];
if (encrypt) {
c2l(iv, tout0);
c2l(iv, tout1);
iv -= 8;
for (l -= 8; l >= 0; l -= 8) {
c2l(in, tin0);
c2l(in, tin1);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
RC2_encrypt(tin, ks);
tout0 = tin[0];
l2c(tout0, out);
tout1 = tin[1];
l2c(tout1, out);
}
if (l != -8) {
c2ln(in, tin0, tin1, l + 8);
tin0 ^= tout0;
tin1 ^= tout1;
tin[0] = tin0;
tin[1] = tin1;
RC2_encrypt(tin, ks);
tout0 = tin[0];
l2c(tout0, out);
tout1 = tin[1];
l2c(tout1, out);
}
l2c(tout0, iv);
l2c(tout1, iv);
} else {
c2l(iv, xor0);
c2l(iv, xor1);
iv -= 8;
for (l -= 8; l >= 0; l -= 8) {
c2l(in, tin0);
tin[0] = tin0;
c2l(in, tin1);
tin[1] = tin1;
RC2_decrypt(tin, ks);
tout0 = tin[0] ^ xor0;
tout1 = tin[1] ^ xor1;
l2c(tout0, out);
l2c(tout1, out);
xor0 = tin0;
xor1 = tin1;
}
if (l != -8) {
c2l(in, tin0);
tin[0] = tin0;
c2l(in, tin1);
tin[1] = tin1;
RC2_decrypt(tin, ks);
tout0 = tin[0] ^ xor0;
tout1 = tin[1] ^ xor1;
l2cn(tout0, tout1, out, l + 8);
xor0 = tin0;
xor1 = tin1;
}
l2c(xor0, iv);
l2c(xor1, iv);
}
tin[0] = tin[1] = 0;
}
static const uint8_t key_table[256] = {
0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5,
0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f,
0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b,
0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde,
0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e,
0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10,
0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b,
0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68,
0xfe, 0x7f, 0xc1, 0xad,
};
static void RC2_set_key(RC2_KEY *key, int len, const uint8_t *data, int bits) {
int i, j;
uint8_t *k;
uint16_t *ki;
unsigned int c, d;
k = (uint8_t *)&key->data[0];
*k = 0; /* for if there is a zero length key */
if (len > 128) {
len = 128;
}
if (bits <= 0) {
bits = 1024;
}
if (bits > 1024) {
bits = 1024;
}
for (i = 0; i < len; i++) {
k[i] = data[i];
}
/* expand table */
d = k[len - 1];
j = 0;
for (i = len; i < 128; i++, j++) {
d = key_table[(k[j] + d) & 0xff];
k[i] = d;
}
/* hmm.... key reduction to 'bits' bits */
j = (bits + 7) >> 3;
i = 128 - j;
c = (0xff >> (-bits & 0x07));
d = key_table[k[i] & c];
k[i] = d;
while (i--) {
d = key_table[k[i + j] ^ d];
k[i] = d;
}
/* copy from bytes into uint16_t's */
ki = &(key->data[63]);
for (i = 127; i >= 0; i -= 2) {
*(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
}
}
typedef struct {
int key_bits; /* effective key bits */
RC2_KEY ks; /* key schedule */
} EVP_RC2_KEY;
static int rc2_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
EVP_RC2_KEY *rc2_key = (EVP_RC2_KEY *)ctx->cipher_data;
RC2_set_key(&rc2_key->ks, EVP_CIPHER_CTX_key_length(ctx), key,
rc2_key->key_bits);
return 1;
}
static int rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t inl) {
EVP_RC2_KEY *key = (EVP_RC2_KEY *)ctx->cipher_data;
static const size_t kChunkSize = 0x10000;
while (inl >= kChunkSize) {
RC2_cbc_encrypt(in, out, kChunkSize, &key->ks, ctx->iv, ctx->encrypt);
inl -= kChunkSize;
in += kChunkSize;
out += kChunkSize;
}
if (inl) {
RC2_cbc_encrypt(in, out, inl, &key->ks, ctx->iv, ctx->encrypt);
}
return 1;
}
static int rc2_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) {
EVP_RC2_KEY *key = (EVP_RC2_KEY *)ctx->cipher_data;
switch (type) {
case EVP_CTRL_INIT:
key->key_bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
return 1;
case EVP_CTRL_SET_RC2_KEY_BITS:
/* Should be overridden by later call to |EVP_CTRL_INIT|, but
* people call it, so it may as well work. */
key->key_bits = arg;
return 1;
default:
return -1;
}
}
static const EVP_CIPHER rc2_40_cbc = {
NID_rc2_40_cbc,
8 /* block size */,
5 /* 40 bit */,
8 /* iv len */,
sizeof(EVP_RC2_KEY),
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
NULL /* app_data */,
rc2_init_key,
rc2_cbc_cipher,
NULL,
rc2_ctrl,
};
const EVP_CIPHER *EVP_rc2_40_cbc(void) {
return &rc2_40_cbc;
}
static const EVP_CIPHER rc2_cbc = {
NID_rc2_cbc,
8 /* block size */,
16 /* 128 bit */,
8 /* iv len */,
sizeof(EVP_RC2_KEY),
EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
NULL /* app_data */,
rc2_init_key,
rc2_cbc_cipher,
NULL,
rc2_ctrl,
};
const EVP_CIPHER *EVP_rc2_cbc(void) {
return &rc2_cbc;
}

87
external/boringssl/crypto/cipher/e_rc4.c vendored Normal file
View File

@@ -0,0 +1,87 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <assert.h>
#include <string.h>
#include <openssl/cipher.h>
#include <openssl/nid.h>
#include <openssl/rc4.h>
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
RC4_KEY *rc4key = (RC4_KEY *)ctx->cipher_data;
RC4_set_key(rc4key, EVP_CIPHER_CTX_key_length(ctx), key);
return 1;
}
static int rc4_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t in_len) {
RC4_KEY *rc4key = (RC4_KEY *)ctx->cipher_data;
RC4(rc4key, in_len, in, out);
return 1;
}
static const EVP_CIPHER rc4 = {
NID_rc4, 1 /* block_size */, 16 /* key_size */,
0 /* iv_len */, sizeof(RC4_KEY), EVP_CIPH_VARIABLE_LENGTH,
NULL /* app_data */, rc4_init_key, rc4_cipher,
NULL /* cleanup */, NULL /* ctrl */, };
const EVP_CIPHER *EVP_rc4(void) { return &rc4; }

463
external/boringssl/crypto/cipher/e_ssl3.c vendored Normal file
View File

@@ -0,0 +1,463 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <assert.h>
#include <limits.h>
#include <string.h>
#include <openssl/aead.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/mem.h>
#include <openssl/sha.h>
#include "internal.h"
typedef struct {
EVP_CIPHER_CTX cipher_ctx;
EVP_MD_CTX md_ctx;
} AEAD_SSL3_CTX;
static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len,
const uint8_t *ad, size_t ad_len, const uint8_t *in,
size_t in_len) {
size_t md_size = EVP_MD_CTX_size(&ssl3_ctx->md_ctx);
size_t pad_len = (md_size == 20) ? 40 : 48;
/* To allow for CBC mode which changes cipher length, |ad| doesn't include the
* length for legacy ciphers. */
uint8_t ad_extra[2];
ad_extra[0] = (uint8_t)(in_len >> 8);
ad_extra[1] = (uint8_t)(in_len & 0xff);
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
uint8_t pad[48];
uint8_t tmp[EVP_MAX_MD_SIZE];
memset(pad, 0x36, pad_len);
if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
!EVP_DigestUpdate(&md_ctx, pad, pad_len) ||
!EVP_DigestUpdate(&md_ctx, ad, ad_len) ||
!EVP_DigestUpdate(&md_ctx, ad_extra, sizeof(ad_extra)) ||
!EVP_DigestUpdate(&md_ctx, in, in_len) ||
!EVP_DigestFinal_ex(&md_ctx, tmp, NULL)) {
EVP_MD_CTX_cleanup(&md_ctx);
return 0;
}
memset(pad, 0x5c, pad_len);
if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
!EVP_DigestUpdate(&md_ctx, pad, pad_len) ||
!EVP_DigestUpdate(&md_ctx, tmp, md_size) ||
!EVP_DigestFinal_ex(&md_ctx, out, out_len)) {
EVP_MD_CTX_cleanup(&md_ctx);
return 0;
}
EVP_MD_CTX_cleanup(&md_ctx);
return 1;
}
static void aead_ssl3_cleanup(EVP_AEAD_CTX *ctx) {
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
EVP_CIPHER_CTX_cleanup(&ssl3_ctx->cipher_ctx);
EVP_MD_CTX_cleanup(&ssl3_ctx->md_ctx);
OPENSSL_free(ssl3_ctx);
ctx->aead_state = NULL;
}
static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
size_t tag_len, enum evp_aead_direction_t dir,
const EVP_CIPHER *cipher, const EVP_MD *md) {
if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH &&
tag_len != EVP_MD_size(md)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE);
return 0;
}
if (key_len != EVP_AEAD_key_length(ctx->aead)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0;
}
size_t mac_key_len = EVP_MD_size(md);
size_t enc_key_len = EVP_CIPHER_key_length(cipher);
assert(mac_key_len + enc_key_len + EVP_CIPHER_iv_length(cipher) == key_len);
/* Although EVP_rc4() is a variable-length cipher, the default key size is
* correct for SSL3. */
AEAD_SSL3_CTX *ssl3_ctx = OPENSSL_malloc(sizeof(AEAD_SSL3_CTX));
if (ssl3_ctx == NULL) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_CIPHER_CTX_init(&ssl3_ctx->cipher_ctx);
EVP_MD_CTX_init(&ssl3_ctx->md_ctx);
ctx->aead_state = ssl3_ctx;
if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len],
&key[mac_key_len + enc_key_len],
dir == evp_aead_seal) ||
!EVP_DigestInit_ex(&ssl3_ctx->md_ctx, md, NULL) ||
!EVP_DigestUpdate(&ssl3_ctx->md_ctx, key, mac_key_len)) {
aead_ssl3_cleanup(ctx);
ctx->aead_state = NULL;
return 0;
}
EVP_CIPHER_CTX_set_padding(&ssl3_ctx->cipher_ctx, 0);
return 1;
}
static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
size_t total = 0;
if (!ssl3_ctx->cipher_ctx.encrypt) {
/* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION);
return 0;
}
if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len ||
in_len > INT_MAX) {
/* EVP_CIPHER takes int as input. */
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE);
return 0;
}
if (ad_len != 11 - 2 /* length bytes */) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE);
return 0;
}
/* Compute the MAC. This must be first in case the operation is being done
* in-place. */
uint8_t mac[EVP_MAX_MD_SIZE];
unsigned mac_len;
if (!ssl3_mac(ssl3_ctx, mac, &mac_len, ad, ad_len, in, in_len)) {
return 0;
}
/* Encrypt the input. */
int len;
if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out, &len, in,
(int)in_len)) {
return 0;
}
total = len;
/* Feed the MAC into the cipher. */
if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out + total, &len, mac,
(int)mac_len)) {
return 0;
}
total += len;
unsigned block_size = EVP_CIPHER_CTX_block_size(&ssl3_ctx->cipher_ctx);
if (block_size > 1) {
assert(block_size <= 256);
assert(EVP_CIPHER_CTX_mode(&ssl3_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE);
/* Compute padding and feed that into the cipher. */
uint8_t padding[256];
unsigned padding_len = block_size - ((in_len + mac_len) % block_size);
memset(padding, 0, padding_len - 1);
padding[padding_len - 1] = padding_len - 1;
if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out + total, &len, padding,
(int)padding_len)) {
return 0;
}
total += len;
}
if (!EVP_EncryptFinal_ex(&ssl3_ctx->cipher_ctx, out + total, &len)) {
return 0;
}
total += len;
*out_len = total;
return 1;
}
static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
size_t *out_len, size_t max_out_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
if (ssl3_ctx->cipher_ctx.encrypt) {
/* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION);
return 0;
}
size_t mac_len = EVP_MD_CTX_size(&ssl3_ctx->md_ctx);
if (in_len < mac_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
if (max_out_len < in_len) {
/* This requires that the caller provide space for the MAC, even though it
* will always be removed on return. */
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (ad_len != 11 - 2 /* length bytes */) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE);
return 0;
}
if (in_len > INT_MAX) {
/* EVP_CIPHER takes int as input. */
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
/* Decrypt to get the plaintext + MAC + padding. */
size_t total = 0;
int len;
if (!EVP_DecryptUpdate(&ssl3_ctx->cipher_ctx, out, &len, in, (int)in_len)) {
return 0;
}
total += len;
if (!EVP_DecryptFinal_ex(&ssl3_ctx->cipher_ctx, out + total, &len)) {
return 0;
}
total += len;
assert(total == in_len);
/* Remove CBC padding and MAC. This would normally be timing-sensitive, but SSLv3 CBC
* ciphers are already broken. Support will be removed eventually.
* https://www.openssl.org/~bodo/ssl-poodle.pdf */
unsigned data_len;
if (EVP_CIPHER_CTX_mode(&ssl3_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE) {
unsigned padding_length = out[total - 1];
if (total < padding_length + 1 + mac_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
/* The padding must be minimal. */
if (padding_length + 1 > EVP_CIPHER_CTX_block_size(&ssl3_ctx->cipher_ctx)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
data_len = total - padding_length - 1 - mac_len;
} else {
data_len = total - mac_len;
}
/* Compute the MAC and compare against the one in the record. */
uint8_t mac[EVP_MAX_MD_SIZE];
if (!ssl3_mac(ssl3_ctx, mac, NULL, ad, ad_len, out, data_len)) {
return 0;
}
if (CRYPTO_memcmp(&out[data_len], mac, mac_len) != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
*out_len = data_len;
return 1;
}
static int aead_ssl3_get_rc4_state(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key) {
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
if (EVP_CIPHER_CTX_cipher(&ssl3_ctx->cipher_ctx) != EVP_rc4()) {
return 0;
}
*out_key = (RC4_KEY*) ssl3_ctx->cipher_ctx.cipher_data;
return 1;
}
static int aead_ssl3_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_iv_len) {
AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state;
const size_t iv_len = EVP_CIPHER_CTX_iv_length(&ssl3_ctx->cipher_ctx);
if (iv_len <= 1) {
return 0;
}
*out_iv = ssl3_ctx->cipher_ctx.iv;
*out_iv_len = iv_len;
return 1;
}
static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_md5());
}
static int aead_rc4_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_sha1());
}
static int aead_aes_128_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(),
EVP_sha1());
}
static int aead_aes_256_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(),
EVP_sha1());
}
static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx,
const uint8_t *key, size_t key_len,
size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(),
EVP_sha1());
}
static int aead_null_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len,
enum evp_aead_direction_t dir) {
return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(),
EVP_sha1());
}
static const EVP_AEAD aead_rc4_md5_ssl3 = {
MD5_DIGEST_LENGTH + 16, /* key len (MD5 + RC4) */
0, /* nonce len */
MD5_DIGEST_LENGTH, /* overhead */
MD5_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_rc4_md5_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
aead_ssl3_get_rc4_state,
NULL, /* get_iv */
};
static const EVP_AEAD aead_rc4_sha1_ssl3 = {
SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */
0, /* nonce len */
SHA_DIGEST_LENGTH, /* overhead */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_rc4_sha1_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
aead_ssl3_get_rc4_state,
NULL, /* get_iv */
};
static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = {
SHA_DIGEST_LENGTH + 16 + 16, /* key len (SHA1 + AES128 + IV) */
0, /* nonce len */
16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_aes_128_cbc_sha1_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
aead_ssl3_get_iv,
};
static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = {
SHA_DIGEST_LENGTH + 32 + 16, /* key len (SHA1 + AES256 + IV) */
0, /* nonce len */
16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_aes_256_cbc_sha1_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
aead_ssl3_get_iv,
};
static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = {
SHA_DIGEST_LENGTH + 24 + 8, /* key len (SHA1 + 3DES + IV) */
0, /* nonce len */
8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_des_ede3_cbc_sha1_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
aead_ssl3_get_iv,
};
static const EVP_AEAD aead_null_sha1_ssl3 = {
SHA_DIGEST_LENGTH, /* key len */
0, /* nonce len */
SHA_DIGEST_LENGTH, /* overhead (SHA1) */
SHA_DIGEST_LENGTH, /* max tag length */
NULL, /* init */
aead_null_sha1_ssl3_init,
aead_ssl3_cleanup,
aead_ssl3_seal,
aead_ssl3_open,
NULL, /* get_rc4_state */
NULL, /* get_iv */
};
const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; }
const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void) { return &aead_rc4_sha1_ssl3; }
const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_ssl3(void) {
return &aead_aes_128_cbc_sha1_ssl3;
}
const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void) {
return &aead_aes_256_cbc_sha1_ssl3;
}
const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void) {
return &aead_des_ede3_cbc_sha1_ssl3;
}
const EVP_AEAD *EVP_aead_null_sha1_ssl3(void) { return &aead_null_sha1_ssl3; }

673
external/boringssl/crypto/cipher/e_tls.c vendored Normal file
View File

File diff suppressed because it is too large Load Diff

164
external/boringssl/crypto/cipher/internal.h vendored Normal file
View File

@@ -0,0 +1,164 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#ifndef OPENSSL_HEADER_CIPHER_INTERNAL_H
#define OPENSSL_HEADER_CIPHER_INTERNAL_H
#include <openssl/base.h>
#include <openssl/aead.h>
#if defined(__cplusplus)
extern "C" {
#endif
/* EVP_CIPH_MODE_MASK contains the bits of |flags| that represent the mode. */
#define EVP_CIPH_MODE_MASK 0x3f
/* EVP_AEAD represents a specific AEAD algorithm. */
struct evp_aead_st {
uint8_t key_len;
uint8_t nonce_len;
uint8_t overhead;
uint8_t max_tag_len;
/* init initialises an |EVP_AEAD_CTX|. If this call returns zero then
* |cleanup| will not be called for that context. */
int (*init)(EVP_AEAD_CTX *, const uint8_t *key, size_t key_len,
size_t tag_len);
int (*init_with_direction)(EVP_AEAD_CTX *, const uint8_t *key, size_t key_len,
size_t tag_len, enum evp_aead_direction_t dir);
void (*cleanup)(EVP_AEAD_CTX *);
int (*seal)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t max_out_len, const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len, const uint8_t *ad,
size_t ad_len);
int (*open)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
size_t max_out_len, const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len, const uint8_t *ad,
size_t ad_len);
int (*get_rc4_state)(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key);
int (*get_iv)(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
size_t *out_len);
};
/* EVP_tls_cbc_get_padding determines the padding from the decrypted, TLS, CBC
* record in |in|. This decrypted record should not include any "decrypted"
* explicit IV. It sets |*out_len| to the length with the padding removed or
* |in_len| if invalid.
*
* block_size: the block size of the cipher used to encrypt the record.
* returns:
* 0: (in non-constant time) if the record is publicly invalid.
* 1: if the padding was valid
* -1: otherwise. */
int EVP_tls_cbc_remove_padding(unsigned *out_len,
const uint8_t *in, unsigned in_len,
unsigned block_size, unsigned mac_size);
/* EVP_tls_cbc_copy_mac copies |md_size| bytes from the end of the first
* |in_len| bytes of |in| to |out| in constant time (independent of the concrete
* value of |in_len|, which may vary within a 256-byte window). |in| must point
* to a buffer of |orig_len| bytes.
*
* On entry:
* orig_len >= in_len >= md_size
* md_size <= EVP_MAX_MD_SIZE */
void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size,
const uint8_t *in, unsigned in_len,
unsigned orig_len);
/* EVP_tls_cbc_record_digest_supported returns 1 iff |md| is a hash function
* which EVP_tls_cbc_digest_record supports. */
int EVP_tls_cbc_record_digest_supported(const EVP_MD *md);
/* EVP_tls_cbc_digest_record computes the MAC of a decrypted, padded TLS
* record.
*
* md: the hash function used in the HMAC.
* EVP_tls_cbc_record_digest_supported must return true for this hash.
* md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
* md_out_size: the number of output bytes is written here.
* header: the 13-byte, TLS record header.
* data: the record data itself
* data_plus_mac_size: the secret, reported length of the data and MAC
* once the padding has been removed.
* data_plus_mac_plus_padding_size: the public length of the whole
* record, including padding.
*
* On entry: by virtue of having been through one of the remove_padding
* functions, above, we know that data_plus_mac_size is large enough to contain
* a padding byte and MAC. (If the padding was invalid, it might contain the
* padding too. ) */
int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
size_t *md_out_size, const uint8_t header[13],
const uint8_t *data, size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size,
const uint8_t *mac_secret,
unsigned mac_secret_length);
#if defined(__cplusplus)
} /* extern C */
#endif
#endif /* OPENSSL_HEADER_CIPHER_INTERNAL_H */

1
external/boringssl/crypto/cipher/test/aes_128_cbc_sha1_ssl3_tests.txt.REMOVED.git-id vendored Normal file
View File

@@ -0,0 +1 @@
5bc08f07c3a6e236a177f67844f1a5012a202ad5

1
external/boringssl/crypto/cipher/test/aes_128_cbc_sha1_tls_implicit_iv_tests.txt.REMOVED.git-id vendored Normal file
View File

@@ -0,0 +1 @@
477f1eb1b47788dad48444b16e5430efe5c0cf2c

1
external/boringssl/crypto/cipher/test/aes_128_cbc_sha1_tls_tests.txt.REMOVED.git-id vendored Normal file
View File

@@ -0,0 +1 @@
2b34b7bfb374532266b4b70a842e62b98e814de1

1
external/boringssl/crypto/cipher/test/aes_128_cbc_sha256_tls_tests.txt.REMOVED.git-id vendored Normal file
View File

@@ -0,0 +1 @@
c6419fa62598adb03186c2d4199ddc79c6ddda0a

336
external/boringssl/crypto/cipher/test/aes_128_ctr_hmac_sha256.txt vendored Normal file
View File

@@ -0,0 +1,336 @@
KEY: 067b841a2540cb467b75f2188f5da4b5aeb7e0e44582a2b668b5b1ff39e21c4e65745470fb1be1aa909c62fabcf0e6ac
NONCE: 10e0ecb00da5345127407150
IN:
AD:
CT:
TAG: a82a891565e466957ad5a499d45b579d31acaf582f54d518f8f9c128936dac4c
KEY: c9d9ef2c808c3f8b22f659c12147104b08cec2390a84f0c4b887ca4c247c8c9dd45e72f48b30b67a8545750387232344
NONCE: 58bddf96158a3a588bf3ec05
IN:
AD: 5d
CT:
TAG: 3580c1601d1c9a5b1595d3dee35b0cd9e1b115d8b0abee557b2c207b8d0df5ee
KEY: f755dc6786e21f39b595389a51d36673e1ffb94ffc066c03873eb31839be6fa319fd31c8bea29f03ff28831861e60b6e
NONCE: bd6c80797f1f4c563b06fd3b
IN:
AD: 78d88005136e312639572343a2d0daf7483d8235291ee3ac002469456b075243dc03380c387030d546c2b1
CT:
TAG: dede80d810fc449a769c79a5ecd2c0d68e9e0fae567781e623ab2098c88d8a86
KEY: 43a0a28fef8b89b8fb0f76de01d802935ad561e27ca9c9fa629347be676a6af758501b6a652f369045da5fef751b56bb
NONCE: 0f6472f1e589c16ca5ad45b2
IN:
AD: 78e4eafccfc87631f0314c442ba4c07bca36f996a5b3408f9e445d6009a87ded16b33a4af9537a4619cab70d
CT:
TAG: 11fa62dd8374aabe728ebf7e9aa1c02cf8f2dbc29f9aaf1940313f0b7c3e0301
KEY: acf8e5f1bd64e6289370650b5b3fd773320025c8b229fd335d9461768cd0a17b4bcc946919932efdc9fc84a7f50768bf
NONCE: 1aecfc90d28bcdcc5a8e3578
IN:
AD: 6daedbdc69133b56f6a8f098f9f70cdb7e129e51115df385a6d86204a53412cd999cf2e69f45e168efed4742b6
CT:
TAG: fbe0511ba0ec5709def9966a9b05facf171cddd81ee2cd56e7afc867af465f31
KEY: 2773c92e6cddc9a5e5dcaf3893080fd2153f009d807df0b175c76615645f2087539e299d8411b27badb749a9845c5e29
NONCE: 6d04ed129299651aec0465f8
IN:
AD: 44219577e361a7a4681172d120a2d653a53ec74bc487ccde4954835943bca413d55c65dc665310148654d8c1e2e6bc2f06ec344473120ad1f95739b993a57f9ec0b3299cc088f385894fff876fc2ce8ce6b77ca253f177ba615101e84e17ad0e60704cff195dcd50eb48c77de409797e0b1c8c4c5b9215a4a0399954a008267b
CT:
TAG: 6ab61ac4493e58e48d071d994a000f1c1f498d22f83c8d2af56b03c155afc57e
KEY: 23189bf23bc4b734410d1c7ae321c42e144a25347a8029bb925e3d8ac1b92f4eb97227c1dece86ae9dea7d127eb33f9b
NONCE: 30681944cd5d78f46d36ed8a
IN: 59
AD:
CT: 92
TAG: 986aa8438da3cf4a98f478f90d24908c6a4e848f299873e649b256f5499d89d9
KEY: 463d1148325c5f57af670877068a78203571b8b19f40e9f0373156b7448ab315df86c77d7c85ba6e54b9bc329399f687
NONCE: cc9d015a4b5a888b36b14d05
IN: 28
AD: 6a
CT: 05
TAG: f66e8dc794b142944fa46d5c04a3e3fe00291668374846d763f2beeffd4ca4a0
KEY: 937eaab44e7c7d2cd5bbb053c12e6255e0aaa42cbe7d83025b7a2887eff8f098d019c80af849b0ed7da54a5ba5b39200
NONCE: 2b160d24df579836e1572ea2
IN: 9a
AD: 35841a33ba3a6ed3d89a1f76d06c61613d09834847e5a41f8616748e30c14335e5baa43d49fceaf85aeb22
CT: 80
TAG: 5e5799c147be0329dbcabf7ecdba6ac595ebc2d06b9d757426fbb31e8b39f62a
KEY: 68a746f382fcc11c02af7b352b9d710c137a9f59bc5886dc374ca88cdc01b86fe5678fde16cfa846846539f67a429276
NONCE: b94346c033ac1a3d709c4f09
IN: ad
AD: ad61c9168debf9974e19759088944e888346aff99f3e2e4522549c8ae332a0f41922972fb7c1d5ff24e7ae4b
CT: 46
TAG: 62ae92ff64710a9f260da2562e246356e9d749c3584fb9f40d9572307ccbbd31
KEY: 6622579d1d6350fd5dff432b69d172cc51f99bdaff50b0a1c0f4cda8d5904581ba8657ba61c6936407243d7fb64b00da
NONCE: a880caa7157a13540d2b724f
IN: 2a
AD: 95a23eafcff892deecaf093109d30290d819851ad5c91061510e54baa2b039b114c815da20f0e3ba2ba4875bdd
CT: ce
TAG: 33f09666f9fd1d92f137d9f3f7092b47b2bd71a7e3139dcd19a803a6b17f2a3a
KEY: 91ce9dd87c7d11d2c4da41863b6851c40fba786a612e0fbf0d1956a71286dfc61fa10bf7d148cecd72b6ceeb82b68d3f
NONCE: a50dc3d8fd63d3076cc70ff6
IN: da
AD: 9ce8e1a777c159ec775abbd67d85e84f3550c3296e848dec18b61bbd713a98a033805bfe6e2f2a011dd7fd754708e524168142aeee579cae19c7eab78fa7c42fa335f0c725baf556160beef9e4afd1050a2c8813be6bd14cc6982116d0229d53e9b4de923abf6ba99bdffe1d5f21748ae74caddb077d9f7488b394436222beca
CT: 2b
TAG: 1541cd745bc0259dd72a212474f5c7b8c121dd0289d674e5ba8d56a220d1f1d0
KEY: 1ad577d3b47e3fff8528e336a43a7ffef72f811e05b5c69ccfe777b10f29061e289178e394a1c87ba483c7f98ea5431d
NONCE: 1fcaa4757a9e48ed2cb3be62
IN: 46d30dac550103006c292a9ac05d31
AD:
CT: 37616eba30c55595fa0ad5d50f91ca
TAG: 5c3ac4010f75adf90f81e775b07ab939e7551a9b8e0486ba33766728ed498245
KEY: 6df310dc1847b42c68e50b03d154b73d7f3823354b32759c5369bce1a1b4cd63ccdb911c2dc792acf84b8b8f3fdfb89d
NONCE: 92e6759a31dd556ff9124d73
IN: 6daba76658db642209e276ff7c8d46
AD: 32
CT: ce1814c03037078b6be3252460af48
TAG: 46e61913f2a1ff6e77faade9a7cd37a82eff3ebec4276fbddff9266b9c9bd873
KEY: f848c2300995f5c98dcd0db24574d7c61459ca64c084421c6ad156e80e398904417ee745245ddae91be20fb07e66bdb6
NONCE: 3b177e11063445717f417d14
IN: bbf225131c821a6a60817cc65bf699
AD: 4c5ab4fdbe0018344629349feed5d8c3ae0c5b64f2b093576a2aaa1225e7a50eca01a9962c9b4f8fc5c12a
CT: 1538957e78f3ab0fed77906153d715
TAG: 2c7760d47407ad7b0d5b85fa4967eaa7b6c0bb6eb16619adde7a191abfdf3da3
KEY: d406cac07630ce2c071732a0ec95f55123486d2677465768dc7db13f90902cf172f92e19f57f5cf7c68cd7bde7ee4b4b
NONCE: 766aede0120b634a4be6fa12
IN: 3804d40090a38d4c97a5fff631068c
AD: 7707b7d0f266284e84c2ecdd5a18832650c3e27d66697616c9e9bb2f8a09a3295de0119582ca3614b9608548
CT: 91e96462a5dfbe8b7af201158a36dc
TAG: 56623e5813070a0e2f5184aed83b9863301ca02e3108f7afc478d48305e397f8
KEY: 42bb22a317ed9f9df8119746e9a1257217e5b0144051ca56f39587021d969bc0acc02795f3bd201031e8c05af08ad079
NONCE: 0a9f6bace71a1ab21f4917df
IN: 013f7b8c75307158f4f300450e7a78
AD: cd95a649ae215fe73442a6991e157232cbcabecff6042b87d41557e35b97606d606c3ded54f5d3db7aa2773f67
CT: e588dbcecbdb7667dccf7fe34f8387
TAG: b04461748109ed9068c7e9c0446528ef09b01613c3b3aa1ffeed6685ebb550f5
KEY: e1cfcbaba3a04b5108ce2a87099a6aae936ee38acd92b7e6b7df0e3bcb9ad18fc579b5d470ef3e04c23459f509852458
NONCE: 112dd267174bcd81e6fbd924
IN: 288a1e44b406aebec7b418674f81e7
AD: 7809d8011c5a963df14fb8981e874119c60b7a9d897d13a05651759db5835deffdd991fbf98b9aa71c79e48bd701b228ba248b6bed874b02da7fcf28a04c38b81c0ff628846015258af30dbf28ea4f3283f664f888fca545f5fc57dccc4ad1dd476c52fba341182ecf783706c5c458bf0ee5ec83454afba78eb8b5ca17af88ec
CT: 80f4e1012d76f6180ca00fd32c8fec
TAG: 6de00bf2fd3c88ab34ca9390f7e559875e43e0f938303816a3a75a35729bc453
KEY: 84172547d8608bd9e788a7bb60df2982963716e45f8e63f0c5033327d85c920c5e3776e314246b1694b739c39abfa29f
NONCE: a3f1643bb504b7ce9e5b43c2
IN: 7e76323eb13e64da9b240a57c95c855b
AD:
CT: 966487c18f025d67b42a04c30d3ff4c3
TAG: 8bb03d893f0ce8ea4a6a47245bc7f20c72acf8caa466edd01365d0f74c929463
KEY: 02dee8f2e63b37fe3cbae9101fed0946e05e5090510bef3324a82e3f27456a45ab1b6cdeddb1fe515ad07aefeee6ccbc
NONCE: 64723d21365d62926d5c2262
IN: 4f1f132c50a01ad48882ce88655b33f7
AD: d8
CT: b102082e14cd9ecc0895f7a6f08ab522
TAG: 2c09651c1a51cb8a375746236fe258a36e725936ccedbc4dfafee6c3084a4716
KEY: 5db57cf6301bab815d38879b35c9db72fd40ac576d259ad5074d0828364050554e9fc08335b5f2bf066b09e50fbe6ba4
NONCE: 36e5340d844de213c312177a
IN: 41a6e910b14388740ea351eb1df980c9
AD: 8316a6b9b155b2de5e724f7593ecdcee442eaef7b9ad204eda4744a5e648c2dd84f48ee81397e485953465
CT: ee21d4d47042415ca27d2ecb11b13d79
TAG: 5015da5a3339389d39d0fcafb56ef4005b342e69ba47930e84408d33aadf5f2a
KEY: a493dd6de6fd6584599096442dd9345f6f2d8fc2d426c78eee2b992b4071aba4ce463f3ca293c84b2faf3e8644b6ec25
NONCE: 4f9be6f788ee960adc650d86
IN: 4de6e244251091cf13762d20685e9085
AD: d15da312b7522c18384acdbf6348b5e105557f1790a6a203a65acd73397524681666743f3145048775ad84e3
CT: bb1296457daa39d889c8f986938d6a39
TAG: b93548cea90c34d03d6f5683ae2cc78814531b803d42cfe57623fd4bdc8f084c
KEY: 8cc59ebe2c7375a70915c48d2978a1f720bc0aa2775ce9189ae7b3d5dda9a81e56cde0e0a29939599409b71f0b65f346
NONCE: b0ab041f37ea1e594f1eddb3
IN: cd0aeaf6806cb99e6bc1c8c5d830de8c
AD: 8f4b5a9609df757826dbe7e51bb6a2c6f45f601263cf668836193513cf008ab6b36a7d5447039f1268821ec37e
CT: 5d5375b9d9cff6d0c1dbd14221509a0d
TAG: d8850bbc838e068b817c24d018f8f1e1cb8aac0a68392a700f48099f81b6c37c
KEY: f3e9c507478d3f99dbf3e2421e45929b096ab3f3d4aa4ef9c338c5a1a2425c9936b7df602502d33cbafcf781350da77e
NONCE: d4872a30c9d1fa9001a25afe
IN: 25e05ea69a956b12a9be4ef03ae9d30c
AD: 8b346c20e7c64b805d9c8d325829201753069c60b3f221f31474f55cb20315373ccd7c2a8f215e9efc407ae91b05d8b6d693a3780fdd65d7715cdded86c3d6204055812f3fce897f829d1df9ffaaf48885291701ac1765090c383162dd13d6bac88baa0cb2d748363bbb79843a1594ec6d8778854a63b7c9ffeb6d1fb17e90f1
CT: 61325c7e0d29e9ad50b9c0fec02d7ef4
TAG: 4b2d0caece46ce2496445883c03234e900189c22b54390b399d78ee4ebfbb7d4
KEY: 3d9b651e65e9239c9e33aafb091b348161ab797901fd0468aedd014e4d5683c8f3f54f20ea6bb07bb25dd258df7bcd5e
NONCE: 32bcf856a14437114e7814cc
IN: 08a667c2923f87a7db6502478d32280bdc
AD:
CT: 5e8e02cc91c732356bb9f1fc599426a379
TAG: 5449e878d558beff4bc7dfbb5f0195444705cfb259773b4faec524fbaca37ea0
KEY: 2124cedb5f3f2558f8b9a2304a29c0df6102333cb4aa10625aa82cd76ab645c73f3b7cbf7c96cacdcb9e0b738e40c042
NONCE: 7ae419446a3a105beb2fbcc5
IN: a305dc4a2e50cc8e7a65a4b10b73849636
AD: 70
CT: fcaea620f7e9ed1337214c4b432d9869d2
TAG: bfc739c8504a4d9033ab1915f46c1bf65c5382fe9ed1c134026ba32c63ca131e
KEY: b027feb1aced8fb3af27a9fd7f531c30991ec1abd9f230a3e5d6ee9fc6a77747013f8e14dcdbd07b0083d0ce23dfa711
NONCE: a30a6520f933ff5265e6e305
IN: a705f842d542cb6957fbce21854755c6dc
AD: 447bdaf34dfab9cc3dd7777ebaf80077f391093bac9817bf02ad98db9d3f271282ecaf0ff19652f92076d1
CT: 3ddcb07c121b498f1abb73bedb527d4df4
TAG: 55957a0e884dea22d6ace10e5936cdac891f5b54225349ede5c44715f1064b5e
KEY: ffefb7770a7cf125395703985823f3e926f3722ca0764518fd2b8996577bec03648c8d542af1c6e36b51174b0ba88316
NONCE: 4c31394b4b24f6251a839891
IN: f026a1d352c37b204c6c1138abee9a9a75
AD: 1e7c0f71a3aacd87ea785521ea31f93b1efd0bdf97952e0b84ecd50c706806deffc19caea312b5a9988454d2
CT: 23c8bae37db93ed9f55f2903e04b7c6a8e
TAG: 89d0a7e7d921dea5bb54c28e79b612688e42506aa69b141de830c8d63bdefcee
KEY: 453cf5e4f48ce5a961c94af0e1639c156965970f561ac17fe08d5b75975abe3db87412640972e463290800666be80441
NONCE: b3e3f9708a86c7cdf139e496
IN: 53f1b11de497cc6ecb411a777dc3d60197
AD: afe29e074dcce850ac6640230e6b9f66a64587c5fbe8679144e065d3b1700c721833ba8f918e926c9142f5f362
CT: 15d5f597be46a19566a72c5e843b77f70c
TAG: a561c3375c096a116a721e9404e555a2deaf3f677a8611694281663274708f58
KEY: 3d497f81d0652d475bcd85cf53bda13f79ef0afeaec09dd679a6e5ea58f87ba6576269f836096d5ac034594b17073331
NONCE: 3fb1664830821e2b524890c8
IN: bd75c313f5c8f6007a2185bc39d0af01bb
AD: 50744ed959e2b8ba5b5f4807e2997ea0b96ebfcdeaa1c6b33853219844592e82ad67abf6ccbb272cfdba6a3e45c07fec4d4a0ebe4235f11d916771a764d9a129d39f6b84f0b5fb4cdf789ca2f5ea306b25d047a9b1a1e2e90905b6fba472e70b2fa25c96602cfa0031f31c68954d7487507081b8e70f8aa1342cb8b4a98ce9c2
CT: abe3869ac43fd8b429ee8b8539c970bc86
TAG: 33fcd301c2bf624bccb92a986c2dd5f2ecafc32649ff550eb5312fc81cbce46e
KEY: 353c3e9f87b40fc0281869c68d9d9bee5c95771dd79998c059bc5ceda71f139fe447cfdf340e9eac57f232b9d230e45d
NONCE: cc7a4b46b02f4e7f96fd34e3
IN: 44bcb61332930f606276268ddbf3287bcaedb5b25704489cbee63ec839d7a69533dbfb6e95fe5b4694eb485beb1437f0777774868ecf45c8a5b3edafa1d62a
AD:
CT: d038d67b8b690519fafa7467c9fb94135f9bf0bcd8247cd2c30da62ddf37a6d9a3a9bdcf8ec081fb4469c0fc2798e2e30afede7cda384438fd01e5d672dcb8
TAG: db2c685a59cdf304c1fb57b66966a5ca1cc3536fe21eb1113c25868428640c7d
KEY: 3b3786e38e110ec0c8b05fbdb3d9b6d117d1ebcdc0e7d942249fea6baafa31fe5caac227979fc833b104641e8e9ed01e
NONCE: 53bf31912a3ededc01c91f84
IN: 6de5890028382aafb186042864c5cca1a77ff80ba4f7f0942dcffa1579711093fb652c8d475dfca81a976be8ca77eb9c7a6b49dca1425610c945bf404ba65b
AD: a9
CT: 886939354fa117139f5e077baa186825ee7e2955c3a74f88af3a86b260ee9f9959a90409e7d602e36cea31e606aeaa8b9229e28f7fa58ace6fd217e5cce1e7
TAG: 91a769003ec900dbb40ea9c9b959882d822421b510ba85ca826bc4af3b5c42e0
KEY: 5a75c97f3583983bbc5eee4a882b766a6708d798a46f71e63b7509af69afd7cf86f9b42df04b626940914007078a8b9b
NONCE: 426e8bcbcffb6b425706dae0
IN: c24fa29a66197cad518c5a1a76abd9446a8f24c2dd81e953bfc5c00544c119d67986781a1c754224af234b0ec5e44e78610a4420eb78c283e9a56637c35c24
AD: 6376835513967e4ccaff9a0c56b4d27a2bd0d013cd54abf95fe9a162d036af285ebc9567a16ed5abfa69aa
CT: bc4daeef3ccdf9abdaa75591781685eee3fd7825bfe63132817a7e0f93817f22bfca30ed775a773f5bb290aac3a381a01085e861cab7b9fe4c5143138e17a5
TAG: 79c779bfcb974ad9a8ac88dce5027df5691a3a1163a5d5893b4cdb1663b17aa1
KEY: d1b301c029fe3b81e4b97e08e84dbc03b138f422161c0e74ccbda3172c034b99610f09a9e611f0e9a3ca40af4fcb3c56
NONCE: 4032c79eb3ee4b63e44fa932
IN: 71bcf5a5198787b85a66221c22e7bdb9d038dd3e10000555ec9271e54bfefc460ef4e71729ff7ae52859015b49f45df89ddf183fe1e19de3acb032dbaa4d57
AD: f1cd18ff1e5ad2b65de41e083b5175966625ebebb3031e1027761e407dae4e8e193ffe7dea52ff61147f1b4e
CT: 7c521a703b7d1cbd086bdc316d4f2ff0852c462eeaa1d7a586c561354be9ed412d9d9bd1f78cc85468750f1af09b7b17dc1ee84c926760d63504cd3a1dfa3a
TAG: 831f3552890d997f0a8f2d832b6e92e26f6e865424699f0364a82d86ab7734d0
KEY: fdd24bf37b36666a4f641115581ab4bd6b896dd3017006031b3675beed33f21a314363e3a07bbbf4359d9ac02eec847f
NONCE: 7767cff1a096a9f7d8a9b32c
IN: e62b7695dd41baf49d1b356e64c6d5504784380b75724b86f5f3185d1a530664aea0e5f9aeef347e1ea4754acaa7f3c233638db234c0e93db02e0bf988e7ab
AD: 2d650f3daed2564b0df86fa23ed0343634663adfae2c422f80f9d5674bbb63e824f01ad3994834f889133bbc0e
CT: a51f50a6ce77a22ec472bc18c37d08fb28e77efe55065b600e3edbd9ac97f0fd0eec93cd312ec7ef886cb04e1849526f0a38b14d862bcd578b99bf9a007c2e
TAG: 89d83264364c9c84ba705e5549abcd496abed3900f65e3daa012275fed18a7da
KEY: 0f88e2d00d2c4bd682f1591ea5f4c1a1090180e1195809cb363b27c863360a85b27814e6a724effa44f298430d6c9628
NONCE: 6e2e62ecb2aa47c7e5921d25
IN: 91efc710a57adb57017725cfa26d17d3e2993c5ee66942ca42e770a83763e9df8a455bd408dc1e2661cf301f1dd669cd6d5b4d92a886be0f54527779bae8f9
AD: d060cbe84271e85f25a3dcb6dbf299551f0dcd5783e3df80468636e491c0100f3ec8316f24240482a88bc430a398b0ecaee5c48a274ffb2d835e200bc39ec0aa86a1c90c9e2dcb4217595d48826a81de90eb949846a33fc26bf8886ca0554e1b8f12cbeee36e65e33cbbf610c2d24264619fa93c44c88e0e3d9d368fdece461b
CT: 10d99b98ed67d85a44fa57e706a8b028c61ef17f35f6713613d158cad90e826f90ef036a2190ba123f9b68b352ca94fbebf8ea947e569ad45f00e6a36975f8
TAG: e345bebcc4a8ac01528bc5f317e5c378236b292c2baab6ae8654245da35d90d6
KEY: 1ccec52c77239bdf6ca50e5b702943b23015d08cb1d9bac592b3dec4c96be904110713e52e114a8bc294df26530a758a
NONCE: 38554b7c40027afe9721e14a
IN: dac91fcdb3768df8d5ae9ddba1fe5917c084a5d9e6b14eee9a609cab2da34ec9f95cf2d10fff77108477e694c76f362e29b9a9287d8b190a748ed0a929967ff8
AD:
CT: e6bcb38b3bfd0b428a14bb3aca01a4a9e54b0853f10bd7750f5bb58d0e7dd18006f8929d7d862e5d6601ef63be8442334b4d51a99219cfedaa31f7ab19028459
TAG: c4f05d9415840c2325dabbcd12dbeda31e47637437514c606dedfb8ce622edd0
KEY: c82ad4c6f248bc51d3a51b958ecc2460a3c64d669f6c485c2309d26abb3fa84644a0d8c28da8091f90184b53cd556413
NONCE: 35a29938fb7a31225b08d0e4
IN: bb0045cec5587e50b148b140b6969612425243ed1412e812aa9f4b471ed34ced6dfa9e0acf3e31455893e4ee7e66b4661c6e1f80b7d6f1159c11387ce579b80f
AD: 12
CT: 5f1854fc2fb11fd721755445a1efa5a28607a725ad71cda9a3464860a6a0efe3f58727c0e0cd315f867611232abd72034dfc2b9deace8cf6cb507b1cd4032b59
TAG: e40429ca19a88da73a7654d7ed8e0621ac2e504b0245615e262ac70bd05a3f47
KEY: b01bec74fe97e5af7db2a0b1432f8b4c069447d2b56dc2668371387f753b03465412213999d2394a4b79873db06c590a
NONCE: fec7de97d54dec8d36c9f253
IN: 88ab078d03ffacd128edbceea7ace2e6465f4076097445a5db7f0e61ed817b6e24f22874489049bee0c58d0aa2b42b4db0bbef6ec88d032da9c82ebef57c424d
AD: cf0ceb3e80a76d1a75f6e070f5d3fee1cd1e2699434f96e7cb3adce12d4a3148dd433b08c68b9d66962f24
CT: 8aa3c7478b0cd86fa30870957fb5307345f89346a869d508da9d3a4fe36fb3d6a9b0c3c1bc2d44c8ea31ec028012098d6032085af0b54603dc2fa65ff091fdd6
TAG: acb670172ec3754064b366566bdccf5056eae132e2041f1a285c5883e7eff4f3
KEY: 699a94f6e6eb457b186af58c25118fcea81c8f0ad265e7c16bd6cdca15c9db64bb9a537580ca0474a4b4d54d47412d88
NONCE: ac3fb6525f4357d831529407
IN: a7300aa94f3d357cdb272f0a739979e08aad9551dd3bfcd0b5aca6a0972a71b502639e79e1b9e0d22db2f3220b982800d9cebbac3d10d9bf86ea25d3d417fc57
AD: 19c3d34bb9d57d0f63f14bdd3da06a43a5afe6a8c505f038cb403515876a2765c2d61aa7e4c84e11c999b81d
CT: 8b472f1069ace78172611369b03073f751e5206dcd2ce3b45c431095f303e70c59bfad3af8006e66e4a68f8fa2ffa534bd76bdef089d07dd38988cbf723393c6
TAG: 8e7c3c2c41b1117928ca1cd0cd48c25c319c18e009804c007d1aab0967c0d0d4
KEY: f3a7b8c2a39531d5fb3c97bc9224168aa835973f48243d6f046d00937ed428e5d672e22af26e734f0c24f989fe62621a
NONCE: 65c61af60769672f0eeda005
IN: 59667fceb2594e002c844a47d2b3935d2c99570b1639f0887fb082499e1d36f9699ff9ef53be3b4236136aa9e441abdc63dfe536e6fc9fa8f332baa1dad577ad
AD: f79036742501f1ac19dbb2984e09cf5000bc4bc0424082376c307b8f1e5bf74dd29c802139d7ea93d55d336464
CT: 9375a81f016c2dc59a8e99dc33fc0db7ef99ab2f9ade4b0ba000a614ff2bd13bfbee2d4a2338109c98c1147edca6023cea43570adc503da98379326ace89d796
TAG: f563869420699dfa0aa84751526bd75af1473bd88311001e49230b09b8ef2797
KEY: 27611a8f11cb57d08648ec816b5f3c45882dae394200cdfc803d1a52bb03f225206574ea63b63423da6972bf5a994332
NONCE: a7f617fe7a52dd76ee443dff
IN: d6ccb950515a4a2de7c3cf5a73b568f32fe30567bb22b3b46feb7ef07205d3215a3d689b96d4b9dbaac5a5bd6ecac6ba50314b19b37179fff2557c869950e162
AD: 777282a98b2f262ed9456fed3610a2028bcc4433eb8f028597d3bfa220bdb0c04882de03a276d0191cd1a125270ce1630c1b94e2ec0021ce5c494d2e0bdb8745e6e94a387cbb31a0898965174bcff8bba105f94dbf080059b49dee71c3194fefe679ef6c00065154ea809293b088c0c3f2ed7824aac72319a4c4ad85ea990844
CT: 41eacc31aa3c3a282ae7638d48fc7541d2f129e4cb3455df7e60259be9a814c8e1642ea826ac1ec7ed1fcc216a6624e79845521e7a8b16702566f27f7a7f3317
TAG: b959992feb7005410f9ea6963525e3d9244f038731ffab8da8c4ebc72489f17a
KEY: 0d9322713cd132c339c38ec7a75862860de304c70486b89b0f587095c66bfd1abe56f0b34f9ca0dac577fd4262616600
NONCE: 3298d02dd4eb85a98cb935e3
IN: 5dfedb1d168fe262d35f78d797560b2634f71d40f438c21cdcb8e73cf9884c11570554f55a6abd23d0e7775a9ab385ae6c9bbd67f08d1aec57347a8fad5a4b8c7b042b03c25facbffc76f0b1ce2e6c07d427eaebe71255d661ac8e8bfe8867e2d947d496ce2318a601d0beed02426311ca678d036deb3b4c65b1f89bd644a410
AD:
CT: ff09fe27f12a87d5208bf246378ee0740e848262442b8b9c7670c8a73fe6732192cde43c1a1246743ed49e15ec63c87dc06eb3e0c92c1f286108b2c7e0754dcf1b9c3fc87efe3683289daabf2db71d8742061f93098788c3c6f26328b86e358507a03af296d2c29009562cad3763399e0e2b89ed440f756c16214c8ab7ddfb84
TAG: 5076c80fc76c67d6e4f9b9d470cc184db62ea7da49cae44cb3ce9e46c2f2ca9e
KEY: 2695671fe86f1658d8b01ec856fb4c9d09a0c51a1b994fc87a3f72bec12052537b7429f11f7eb4aef0b128302ec8f336
NONCE: 9739e577595418c47b9c10b7
IN: c723c39be334a0761db795076e81e3dd85e37a57258c7e0e10fe0f48dc31bd5e683430aa70531b7c8e3a904e49bec838e760d07afa9f86b2cf78ae90f612c4560632acb7ea2d89fb1fd5396d0337111c429cdba99c6a52e863e8603aac24a83302ebf86ae69a212cb938e12085cbf73a28f75e4422995a5ec8705b12d4aa8b6d
AD: 31
CT: 1569b20732ee6395e605217e1cb419ce57496ba6f6e889bdfa3c93575e969eb7a0410c7930b7ea146e88577376d84f0e824b62890eb84bfe768a1513a12c2958ad1835bc1eabe602cf40f7812c7dd7da955567242cd7512090fca685fdd7306bd98a908b09464961114abbdcd610c153637400a1f81825cfdf06505947fe54ee
TAG: d07e14a62a32ef1933abc2127cc5bfc1e43bbca663e460409c6faa3a4ccf99f3
KEY: 1785ef6e7016733dd1952b3268639f231e7afa973c0a3db8780b81084c67a1783200149a1ed849ca8b5c14c7b1798b4b
NONCE: cdf48b73c3c8d8625e52fe11
IN: 14002f17e056d7f5524537cee6c2061e2741c01a6f9a82e2cb1747887875860d51bebf8d9b63950a051f6b228ad7567227f8a45b9fa7c4ab47eab410125303defa7e3141bd9bc5bf4ed56550801ff3bfc2dfaaf499c192b1e18879b2f59e1230778132818df8f6ad8a3dce9a1d11c98075b8b4e560edd9b5ea180f0424ab3706
AD: a35e86e22e9a3df65e4c08e5175b4216fa9895a1be6252de911cf98349841494617eefaa007759dad7f337
CT: 99eae989435578cb57715a7457da31b807b8078a59c2332a0a866eee9da5188baed3f517b6808095f0067e9b4b91cc1424a464f0a09fc946adbe4135a17b0e8e545d2046f81cdfdb233aa3520797319c0884ccbade8235c32d195e7b802017f88ddd86fb630de19eb97f4bf91029c001fc8f1cd2189a8ee6c120e9f1682a8703
TAG: 1848f0b163e7b0d270e2a0ced288ea6525697170aae15038f3dcbb4ea49ef843
KEY: ba9aed2bfa90eaed9b27a697bb44c715c0209cae6b2c4ddffc684bcf07ab51b0e096dbcfa26c18fc24b63408317da567
NONCE: 4b850d6bfa64520f1aa1e79e
IN: 5bcc2ea4d729c84340c5ceb827f239578971c595e915f0bd9d49ed51d723f8d0e8362e69fd11466230bda0dad57ad724307edcc621ebde1e57fa91fee206d81d2bb6ead94b4a804f74b6cae979f66bdfa4ad93d107ccf114c59cd3d261aa6e2fc0dfbd0df5f7c18e80d0699cc1712abbefab5029e35549d2919d0f937d444051
AD: f80c759062e9ed0ee597406aedbcda9a14261d66a9546f1c939d20cb1d0d0974fe7a9b33d8c93287a6a8d60a
CT: dae4fc873d302c51e55910e67482bb80ac68e9bc6ef77cb3e57a31d85fe75f9071d0b64026ba16d0b68fa9c0b7e958cf7682bcd329c4174ea0e3f3f9d2e65d82aae1350a53ea7cdcf9ab848b85cd731751f0e2917628e5066f5b1ddebc7dbda5d2d37e46a7a7ee62bb49c4431af730f9cd3da4c1d0e5f8593d8c99803f781bee
TAG: 58b42e9117fc8cc2ba5cff74b0d92e8b381a444fa837018b15e9514fc4319fb4
KEY: 37235623acb0d650f905f106dc3bfe6fd83192e53056de8795ed8d20c6e58e5efd84584007ecb17de9e76b392e12fcd7
NONCE: dc441f1c743a92c4b975c6b6
IN: 960ceb8d80774bd88b7c5f17042ad2e4baac71b4021c548458cffcd9a049291cb0df93076c115b54f9af878745acebc6e8f04666d053b1ed980728043c4fe7f67b2bcb0341d8a4973ed126342f9add14279f8402cbbffcecfc847379dca8a68ba4f2f26141acfca7f3ef558dbaf04629f0f46e43246b19d875be452f14e7bf56
AD: 32579218062560f15ff966932838460f99099782e79f1f8c41cd9f6eb59b4c2c3d2dae9cd199fe66d74c7a9940
CT: 49ad8e24a31e90ab1f8dc37dc51dff0f93f1420e79eb108f90f800274a5aa573f64e274cd52f1dbfdee363e4f86e1457bfb8f87ce57aefd34c3a5a3a93db4ebde3f73a3b4c202c993903ab378ae71042ad238e94f400c7ac1891a9890b19d445eb1db60773a3ea165f7c4b2bb2071faaf588daebac7ce09ebfc88f4d9232d9ca
TAG: 82f908b837a5768598982f860ecea16aee84427371c4de1f1314749b70ffc173
KEY: e7fc36c9fe87a38f9bb4ca67723267e80e16bf39740eb1090234a473d68aed9c96fe2f96e539795eb042276aec5d7505
NONCE: 83d768746d40dcd695e49ff4
IN: e61f0e02a70249b62ec9a8fdbaf6622c9c6316599daff421f1b19815707b67587d196b7e1452c7d7609f108ea946675ac5d97ed215b92a451aa6a11717ab7819f84848151007f37e2cdc8aa99969c3d5652aeeb65fc21b621865f47f44eb2c528ee1142d11f513761a6bb2d169126503db5b263a410cadd2773ff931a032a885
AD: 59114e9f21b380ae6068609ac36688e6aa7c2533cbfe07013ad1b6663bfa42e39f20e62b45c0faa256c1d33caa9f59b1e30d8502bb7148d051451b3d0265cb9fd0d82e4f4e0489ac606956762d8e7b70abd7eca413ddb708f119c342b3d0d5df673769d8df281656d909b68b6f6438edd60339fd84ff69918b6036ad12a0a588
CT: 4f12807736c9ab32a2be2e00c9a0236394a8bcfcec6037e7582af462a73bf10aa73bd90e2bc24b97f7001ccf653574aea294bc7b30b77540f475e0e846ab78ffcfa1fef28058e540fea43d9017d4efa05c837611b2eacf0034f26cb7903eff7874973c6da7843892bfc676170a75f839e297dc7f04c74b40f4bda20a45b2a352
TAG: 9b05aab44ba4d1451f14e087be626232ed11c4ed04081f0d4d47ab593fc619b1

Some files were not shown because too many files have changed in this diff Show More