pax_global_header00006660000000000000000000000064137716663250014532gustar00rootroot0000000000000052 comment=5a9b786fe751ab9ca533f39a1e81e1f48a4aefb7 golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/000077500000000000000000000000001377166632500231245ustar00rootroot00000000000000golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/.codeclimate.yml000066400000000000000000000001101377166632500261660ustar00rootroot00000000000000engines: gofmt: enabled: true ratings: paths: - "go/**/*.go" golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/.gitignore000066400000000000000000000001601377166632500251110ustar00rootroot00000000000000# Visual Studio Code .vscode # Build results [Bb]in/ [Oo]bj/ # BenchmarkDotNet **/BenchmarkDotNet.Artifacts/* golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/.travis.yml000066400000000000000000000007121377166632500252350ustar00rootroot00000000000000language: go go: 1.12 matrix: fast_finish: true include: - name: go vet script: go vet ./... - name: go test script: go test -v -race ./... - name: gofmt script: diff -u <(echo -n) <(gofmt -d -s .) - name: golint install: go get -u golang.org/x/lint/golint script: golint -set_exit_status ./... - name: errcheck install: go get -u github.com/kisielk/errcheck script: errcheck ./... branches: only: - develop golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/AUTHORS.md000066400000000000000000000005701377166632500245750ustar00rootroot00000000000000# miscreant.go contributors The following people hold copyright over portions of **miscreant.go** and have granted the right to use their contributions under the terms of the [MIT license](https://github.com/miscreant/miscreant.go/blob/develop/LICENSE.txt). * [Tony Arcieri (@tarcieri)](https://github.com/tarcieri) * [Dmitry Chestnykh (@dchest)](https://github.com/dchest) golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/CHANGES.md000066400000000000000000000036331377166632500245230ustar00rootroot00000000000000## [0.3.0] (2017-12-25) [0.3.0]: https://github.com/miscreant/miscreant/compare/v0.2.0...v0.3.0 * STREAM support (all languages) * AEAD APIs: TypeScript, Rust * Rust internals based on RustCrypto project providing ~10% faster performance ### Notable Pull Requests * [#100](https://github.com/miscreant/miscreant/pull/100) rust: Use AES-CTR implementation from the `aesni` crate * [#102](https://github.com/miscreant/miscreant/pull/102) rust: Use cmac and pmac crates from RustCrypto * [#103](https://github.com/miscreant/miscreant/pull/103) rust: DRY out and abstract SIV+CTR implementations across key sizes * [#104](https://github.com/miscreant/miscreant/pull/104) rust: Deny unsafe_code * [#105](https://github.com/miscreant/miscreant/pull/105) rust: AEAD API * [#112](https://github.com/miscreant/miscreant/pull/112) rust: STREAM implementation * [#117](https://github.com/miscreant/miscreant/pull/117) rust: "std" feature and allocating APIs * [#120](https://github.com/miscreant/miscreant/pull/120) rust: Dual license under MIT/Apache 2.0 * [#122](https://github.com/miscreant/miscreant/pull/122) ruby: STREAM implementation * [#124](https://github.com/miscreant/miscreant/pull/124) python: STREAM implementation * [#126](https://github.com/miscreant/miscreant/pull/126) go: Switch to using math.TrailingZeros in PMAC (requires Go 1.9+) * [#127](https://github.com/miscreant/miscreant/pull/127) js: AEAD API * [#131](https://github.com/miscreant/miscreant/pull/131) js: STREAM implementation * [#132](https://github.com/miscreant/miscreant/pull/132) go: STREAM implementation ## [0.2.0] (2017-10-01) [0.2.0]: https://github.com/miscreant/miscreant/compare/v0.1.0...v0.2.0 * AES-PMAC-SIV support (all languages) * AEAD APIs with test vectors: Go, Ruby, Python * Various breaking API changes from 0.1.0, but hopefully no one was using a v0.1 crypto library anyway. # 0.1.0 (2017-07-31) * Initial release golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/CODE_OF_CONDUCT.md000066400000000000000000000063121377166632500257250ustar00rootroot00000000000000# Contributor Covenant Code of Conduct ## Our Pledge In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards Examples of behavior that contributes to creating a positive environment include: * Using welcoming and inclusive language * Being respectful of differing viewpoints and experiences * Gracefully accepting constructive criticism * Focusing on what is best for the community * Showing empathy towards other community members Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery and unwelcome sexual attention or advances * Trolling, insulting/derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or electronic address, without explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [bascule@gmail.com]. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. [bascule@gmail.com]: mailto:bascule@gmail.com ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/4/ golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/LICENSE.txt000066400000000000000000000023421377166632500247500ustar00rootroot00000000000000Copyright (c) 2017-2019 The Miscreant Developers. The canonical list of project contributors who hold copyright over the project can be found at: https://github.com/miscreant/miscreant.go/blob/develop/AUTHORS.md MIT License Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/README.md000066400000000000000000000173171377166632500244140ustar00rootroot00000000000000# miscreant.go [![Build Status][build-shield]][build-link] [![GoDoc][godoc-shield]][godoc-link] [![MIT licensed][license-shield]][license-link] [![Gitter Chat][gitter-image]][gitter-link] > The best crypto you've never heard of, brought to you by [Phil Rogaway] Go implementation of **Miscreant**: Advanced symmetric encryption library which provides the [AES-SIV] ([RFC 5297]), [AES-PMAC-SIV], and [STREAM] constructions. These algorithms are easy-to-use (or rather, hard-to-misuse) and support encryption of individual messages or message streams. ```go import "github.com/miscreant/miscreant.go/" ``` All types are designed to be **thread-compatible**: Methods of an instance shared between multiple threads (or goroutines) must not be accessed concurrently. Callers are responsible for implementing their own mutual exclusion. ## About AES-SIV and AES-PMAC-SIV **AES-SIV** and **AES-PMAC-SIV** provide [nonce-reuse misuse-resistance] (NRMR): accidentally reusing a nonce with this construction is not a security catastrophe, unlike more popular AES encryption modes like [AES-GCM] where nonce reuse leaks both the authentication key and the XOR of both plaintexts, both of which can potentially be leveraged for *full plaintext recovery attacks*. With **AES-SIV**, the worst outcome of reusing a nonce is an attacker can see you've sent the same plaintext twice, as opposed to almost all other AES modes where it can facilitate [chosen ciphertext attacks] and/or full plaintext recovery. ## Help and Discussion Have questions? Want to suggest a feature or change? - [Gitter]: web-based chat about miscreant projects including **miscreant.go** - [Google Group]: join via web or email ([miscreant-crypto+subscribe@googlegroups.com]) ## API **Miscreant** implements the [cipher.AEAD] interface which provides [Authenticated Encryption with Associated Data]. This is the main API you should use for most purposes unless you have highly specific needs that are covered more specifically by one of the other APIs described below. ### Creating a cipher instance: `NewAEAD()` To initialize a `cipher.AEAD`, you will need to select one of the ciphers below to initialize it with: - `"AES-SIV"`: CMAC-based construction described in [RFC 5297]. Slower but standardized and more common. - `"AES-PMAC-SIV"`: PMAC-based construction. Faster but non-standardized and only available in the Miscreant libraries. For performance reasons we recommend **AES-PMAC-SIV** but please be aware it is only presently implemented by the Miscreant libraries. After selecting a cipher, pass in a 32-byte or 64-byte key. Note that these options are twice the size of what you might be expecting (AES-SIV uses two AES keys). You can generate a random key using the `miscreant.generateKey()` method, and then instantiate a cipher instance by calling `miscreant.newAEAD()`. You will also need to supply a nonce size. We recommend 16-bytes if you would like to use random nonces: ```go // Create a 32-byte AES-SIV key k := miscreant.GenerateKey(32) // Create a new cipher.AEAD instance c := miscreant.NewAEAD("AES-PMAC-SIV", k, 16) ``` ### Encrypting data: `Seal()` The `Seal()` method encrypts a message and authenticates a bytestring of *associated data* under a given key and nonce. The `miscreant.GenerateNonce()` function can be used to randomly generate a nonce for the message to be encrypted under. If you wish to use this approach (alternatively you can use a counter for the nonce), please make sure to pass a `nonceSize` of 16-bytes or greater to `newAEAD()`. Example: ```go import "github.com/miscreant/miscreant.go/" // Create a 32-byte AES-SIV key k := miscreant.GenerateKey(32) // Create a new cipher.AEAD instance with PMAC as the MAC c := miscreant.NewAEAD("AES-PMAC-SIV", k, 16) // Plaintext to be encrypted pt := []byte("Hello, world!") // Nonce to encrypt it under n := miscreant.GenerateNonce(c) // Associated data to authenticate along with the message // (or nil if we don't care) ad := nil // Create a destination buffer to hold the ciphertext. We need it to be the // length of the plaintext plus `c.Overhead()` to hold the IV/tag ct := make([]byte, len(pt) + c.Overhead()) // Perform encryption by calling 'Seal'. The encrypted ciphertext will be // written into the `ct` buffer c.Seal(ct, n, pt, ad) ``` ### Decryption (#open) The `Open()` method decrypts a ciphertext with the given key. Example: ```go import "github.com/miscreant/miscreant.go/" // Load an existing cryptographic key k := ... // Create a new cipher.AEAD instance c := miscreant.NewAEAD("AES-PMAC-SIV", k, 16) // Ciphertext to be decrypted ct := ... // Nonce under which the ciphertext was originally encrypted n := ... // Associated data to authenticate along with the message // (or nil if we don't care) ad := nil // Create a destination buffer to hold the resulting plaintext. // We need it to be the length of the ciphertext less `c.Overhead()` l := len(ct) - c.Overhead() if l < 0 { panic("ciphertext too short!") } pt := make([]byte, l) // Perform decryption by calling 'Open'. The decrypted plaintext will be // written into the `pt` buffer _, err := c.Open(pt, n, ct, ad) if err != nil { panic(err) } ``` ## Security Notice Though this library is written by cryptographic professionals, it has not undergone a thorough security audit, and cryptographic professionals are still humans that make mistakes. This library makes an effort to use constant time operations throughout its implementation, however actual constant time behavior has not been verified. Use this library at your own risk. ## Code of Conduct We abide by the [Contributor Covenant][cc] and ask that you do as well. For more information, please see [CODE_OF_CONDUCT.md]. ## Contributing Bug reports and pull requests are welcome on GitHub at: ## Copyright Copyright (c) 2017-2019 [The Miscreant Developers][AUTHORS]. See [LICENSE.txt] for further details. [//]: # (badges) [build-shield]: https://travis-ci.org/miscreant/miscreant.go.svg?branch=develop [build-link]: https://travis-ci.org/miscreant/miscreant.go/ [godoc-shield]: https://godoc.org/github.com/miscreant/miscreant.go?status.svg [godoc-link]: https://godoc.org/github.com/miscreant/miscreant.go/ [license-shield]: https://img.shields.io/badge/license-MIT-blue.svg [license-link]: https://github.com/miscreant/miscreant.go/blob/develop/LICENSE.txt [gitter-image]: https://badges.gitter.im/badge.svg [gitter-link]: https://gitter.im/miscreant/Lobby [//]: # (general links) [Phil Rogaway]: https://en.wikipedia.org/wiki/Phillip_Rogaway [AES-SIV]: https://github.com/miscreant/meta/wiki/AES-SIV [RFC 5297]: https://tools.ietf.org/html/rfc5297 [AES-PMAC-SIV]: https://github.com/miscreant/meta/wiki/AES-PMAC-SIV [STREAM]: https://github.com/miscreant/meta/wiki/STREAM [nonce-reuse misuse-resistance]: https://github.com/miscreant/meta/wiki/Nonce-Reuse-Misuse-Resistance [AES-GCM]: https://en.wikipedia.org/wiki/Galois/Counter_Mode [chosen ciphertext attacks]: https://en.wikipedia.org/wiki/Chosen-ciphertext_attack [Documentation]: https://github.com/miscreant/meta/wiki/Go-Documentation [Gitter]: https://gitter.im/miscreant/Lobby [Google Group]: https://groups.google.com/forum/#!forum/miscreant-crypto [miscreant-crypto+subscribe@googlegroups.com]: mailto:miscreant-crypto+subscribe@googlegroups.com?subject=subscribe [cc]: https://contributor-covenant.org [CODE_OF_CONDUCT.md]: https://github.com/miscreant/miscreant.go/blob/develop/CODE_OF_CONDUCT.md [AUTHORS]: https://github.com/miscreant/miscreant.go/blob/develop/AUTHORS.md [LICENSE.txt]: https://github.com/miscreant/miscreant.go/blob/develop/LICENSE.txt [cipher.AEAD]: https://golang.org/pkg/crypto/cipher/#AEAD [Authenticated Encryption with Associated Data]: https://en.wikipedia.org/wiki/Authenticated_encryption golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/aead.go000066400000000000000000000055241377166632500243530ustar00rootroot00000000000000// Written in 2015 by Dmitry Chestnykh. package miscreant import ( "crypto/cipher" "crypto/rand" "io" ) // Minimum nonce size for which we'll allow the generation of random nonces const minimumRandomNonceSize = 16 // aead is a wrapper for Cipher implementing cipher.AEAD interface. type aead struct { // miscreant.Cipher instance underlying this AEAD c *Cipher // Size of the nonce required nonceSize int } // GenerateKey generates a random 32-byte or 64-byte encryption key. // Panics if the key size is unsupported or source of randomness fails. func GenerateKey(length int) []byte { if length != 32 && length != 64 { panic("miscreant.GenerateKey: invalid key size: " + string(length)) } key := make([]byte, length) _, err := io.ReadFull(rand.Reader, key[:]) if err != nil { panic(err) } return key } // GenerateNonce generates a random nonce for the given `cipher.AEAD`. // Panics if the configured nonce size is less than 16-bytes (128-bits) func GenerateNonce(c cipher.AEAD) []byte { if c.NonceSize() < minimumRandomNonceSize { panic("miscreant.GenerateNonce: nonce size is too small: " + string(c.NonceSize())) } nonce := make([]byte, c.NonceSize()) _, err := io.ReadFull(rand.Reader, nonce[:]) if err != nil { panic(err) } return nonce } // NewAEAD returns an AES-SIV instance implementing cipher.AEAD interface, // with the given cipher, nonce size, and a key which must be twice as long // as an AES key, either 32 or 64 bytes to select AES-128 (AES-SIV-256) // or AES-256 (AES-SIV-512). // // Unless the given nonce size is less than zero, Seal and Open will panic when // passed nonce of a different size. func NewAEAD(alg string, key []byte, nonceSize int) (cipher.AEAD, error) { switch alg { case "AES-SIV", "AES-CMAC-SIV": c, err := NewAESCMACSIV(key) if err != nil { return nil, err } return &aead{c: c, nonceSize: nonceSize}, nil case "AES-PMAC-SIV": c, err := NewAESPMACSIV(key) if err != nil { return nil, err } return &aead{c: c, nonceSize: nonceSize}, nil default: panic("NewAEAD: unknown cipher: " + alg) } } func (a *aead) NonceSize() int { return a.nonceSize } func (a *aead) Overhead() int { return a.c.Overhead() } func (a *aead) Seal(dst, nonce, plaintext, data []byte) (out []byte) { if len(nonce) != a.nonceSize && a.nonceSize >= 0 { panic("miscreant.AEAD: incorrect nonce length") } var err error if data == nil { out, err = a.c.Seal(dst, plaintext, nonce) } else { out, err = a.c.Seal(dst, plaintext, data, nonce) } if err != nil { panic("miscreant.AEAD: " + err.Error()) } return out } func (a *aead) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { if len(nonce) != a.nonceSize && a.nonceSize >= 0 { panic("miscreant.AEAD: incorrect nonce length") } if data == nil { return a.c.Open(dst, ciphertext, nonce) } return a.c.Open(dst, ciphertext, data, nonce) } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/aead_test.go000066400000000000000000000021651377166632500254100ustar00rootroot00000000000000// Written in 2015 by Dmitry Chestnykh. package miscreant import ( "bytes" "testing" ) func TestAEADAESCMACSIV(t *testing.T) { v := loadAESSIVExamples("aes_siv.tjson")[0] nonce := v.ad[0] c, err := NewAEAD("AES-SIV", v.key, len(nonce)) if err != nil { t.Fatal(err) } ct := c.Seal(nil, nonce, v.plaintext, nil) if !bytes.Equal(v.ciphertext, ct) { t.Errorf("Seal: expected: %x\ngot: %x", v.ciphertext, ct) } pt, err := c.Open(nil, nonce, ct, nil) if err != nil { t.Errorf("Open: %s", err) } if !bytes.Equal(v.plaintext, pt) { t.Errorf("Open: expected: %x\ngot: %x", v.plaintext, pt) } } func TestAEADAESPMACSIV(t *testing.T) { v := loadAESSIVExamples("aes_pmac_siv.tjson")[0] nonce := v.ad[0] c, err := NewAEAD("AES-PMAC-SIV", v.key, len(nonce)) if err != nil { t.Fatal(err) } ct := c.Seal(nil, nonce, v.plaintext, nil) if !bytes.Equal(v.ciphertext, ct) { t.Errorf("Seal: expected: %x\ngot: %x", v.ciphertext, ct) } pt, err := c.Open(nil, nonce, ct, nil) if err != nil { t.Errorf("Open: %s", err) } if !bytes.Equal(v.plaintext, pt) { t.Errorf("Open: expected: %x\ngot: %x", v.plaintext, pt) } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/block/000077500000000000000000000000001377166632500242165ustar00rootroot00000000000000golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/block/block.go000066400000000000000000000017201377166632500256370ustar00rootroot00000000000000// Common block cipher functionality shared across this library package block import ( "crypto/cipher" "crypto/subtle" ) const ( // Size of an AES block in bytes Size = 16 // R is the minimal irreducible polynomial for a 128-bit block size R = 0x87 ) // Block is a 128-bit array used by certain block ciphers (i.e. AES) type Block [Size]byte // Clear zeroes out the contents of the block func (b *Block) Clear() { // TODO: use a more secure zeroing method that won't be optimized away for i := range b { b[i] = 0 } } // Dbl performs a doubling of a block over GF(2^128): // // a<<1 if firstbit(a)=0 // (a<<1) ⊕ 0¹²⁰10000111 if firstbit(a)=1 // func (b *Block) Dbl() { var z byte for i := Size - 1; i >= 0; i-- { zz := b[i] >> 7 b[i] = b[i]<<1 | z z = zz } b[Size-1] ^= byte(subtle.ConstantTimeSelect(int(z), R, 0)) } // Encrypt a block with the given block cipher func (b *Block) Encrypt(c cipher.Block) { c.Encrypt(b[:], b[:]) } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/block/block_test.go000066400000000000000000000027271377166632500267060ustar00rootroot00000000000000package block import ( "bytes" "encoding/hex" "encoding/json" "io/ioutil" "testing" ) type dblExample struct { input []byte output []byte } // Load dbl test vectors from dbl.tjson // TODO: switch to a native Go TJSON parser when available func loadDblExamples() []dblExample { var examplesJSON map[string]interface{} exampleData, err := ioutil.ReadFile("../vectors/dbl.tjson") if err != nil { panic(err) } if err = json.Unmarshal(exampleData, &examplesJSON); err != nil { panic(err) } examplesArray := examplesJSON["examples:A"].([]interface{}) if examplesArray == nil { panic("no toplevel 'examples:A' key in dbl.tjson") } result := make([]dblExample, len(examplesArray)) for i, exampleJSON := range examplesArray { example := exampleJSON.(map[string]interface{}) inputHex := example["input:d16"].(string) input := make([]byte, hex.DecodedLen(len(inputHex))) if _, err := hex.Decode(input, []byte(inputHex)); err != nil { panic(err) } outputHex := example["output:d16"].(string) output := make([]byte, hex.DecodedLen(len(outputHex))) if _, err := hex.Decode(output, []byte(outputHex)); err != nil { panic(err) } result[i] = dblExample{input, output} } return result } func TestDbl(t *testing.T) { for i, tt := range loadDblExamples() { var b Block copy(b[:], tt.input) b.Dbl() if !bytes.Equal(b[:], tt.output) { t.Errorf("test %d: dbl mismatch\n\twant %x\n\thave %x", i, tt.output, b) continue } } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/cmac/000077500000000000000000000000001377166632500240275ustar00rootroot00000000000000golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/cmac/cmac.go000066400000000000000000000044731377166632500252710ustar00rootroot00000000000000// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // CMAC message authentication code, defined in // NIST Special Publication SP 800-38B. package cmac import ( "crypto/cipher" "hash" "github.com/miscreant/miscreant.go/block" ) type cmac struct { // c is the block cipher we're using (i.e. AES-128 or AES-256) c cipher.Block // k1 and k2 are CMAC subkeys (for finishing the tag) k1, k2 block.Block // digest contains the PMAC tag-in-progress digest block.Block // buffer contains a part of the input message, processed a block-at-a-time buf block.Block // pos marks the end of plaintext in the buffer pos uint } // New returns a new instance of a CMAC message authentication code // digest using the given cipher.Block. func New(c cipher.Block) hash.Hash { if c.BlockSize() != block.Size { panic("pmac: invalid cipher block size") } d := new(cmac) d.c = c // Subkey generation, p. 7 d.k1.Encrypt(c) d.k1.Dbl() copy(d.k2[:], d.k1[:]) d.k2.Dbl() return d } // Reset clears the digest state, starting a new digest. func (d *cmac) Reset() { d.digest.Clear() d.buf.Clear() d.pos = 0 } // Write adds the given data to the digest state. func (d *cmac) Write(p []byte) (nn int, err error) { nn = len(p) left := block.Size - d.pos if uint(len(p)) > left { xor(d.buf[d.pos:], p[:left]) p = p[left:] d.buf.Encrypt(d.c) d.pos = 0 } for uint(len(p)) > block.Size { xor(d.buf[:], p[:block.Size]) p = p[block.Size:] d.buf.Encrypt(d.c) } if len(p) > 0 { xor(d.buf[d.pos:], p) d.pos += uint(len(p)) } return } // Sum returns the CMAC digest, one cipher block in length, // of the data written with Write. func (d *cmac) Sum(in []byte) []byte { // Finish last block, mix in key, encrypt. // Don't edit ci, in case caller wants // to keep digesting after call to Sum. k := d.k1 if d.pos < uint(len(d.digest)) { k = d.k2 } for i := 0; i < len(d.buf); i++ { d.digest[i] = d.buf[i] ^ k[i] } if d.pos < uint(len(d.digest)) { d.digest[d.pos] ^= 0x80 } d.digest.Encrypt(d.c) return append(in, d.digest[:]...) } func (d *cmac) Size() int { return len(d.digest) } func (d *cmac) BlockSize() int { return d.c.BlockSize() } func xor(a, b []byte) { for i, v := range b { a[i] ^= v } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/cmac/cmac_aes_test.go000066400000000000000000000102221377166632500271450ustar00rootroot00000000000000// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package cmac import ( "bytes" "crypto/aes" "encoding/hex" "encoding/json" "io/ioutil" "testing" ) type cmacAESExample struct { key []byte message []byte tag []byte } // Load AES-CMAC test vectors from aes_cmac.tjson // TODO: switch to a native Go TJSON parser when available func loadCMACAESExamples() []cmacAESExample { var examplesJSON map[string]interface{} exampleData, err := ioutil.ReadFile("../vectors/aes_cmac.tjson") if err != nil { panic(err) } if err = json.Unmarshal(exampleData, &examplesJSON); err != nil { panic(err) } examplesArray := examplesJSON["examples:A"].([]interface{}) if examplesArray == nil { panic("no toplevel 'examples:A' key in aes_cmac.tjson") } result := make([]cmacAESExample, len(examplesArray)) for i, exampleJSON := range examplesArray { example := exampleJSON.(map[string]interface{}) keyHex := example["key:d16"].(string) key := make([]byte, hex.DecodedLen(len(keyHex))) if _, err := hex.Decode(key, []byte(keyHex)); err != nil { panic(err) } messageHex := example["message:d16"].(string) message := make([]byte, hex.DecodedLen(len(messageHex))) if _, err := hex.Decode(message, []byte(messageHex)); err != nil { panic(err) } tagHex := example["tag:d16"].(string) tag := make([]byte, hex.DecodedLen(len(tagHex))) if _, err := hex.Decode(tag, []byte(tagHex)); err != nil { panic(err) } result[i] = cmacAESExample{key, message, tag} } return result } func TestCMACAES(t *testing.T) { for i, tt := range loadCMACAESExamples() { c, err := aes.NewCipher(tt.key) if err != nil { t.Errorf("test %d: NewCipher: %s", i, err) continue } d := New(c) n, err := d.Write(tt.message) if err != nil || n != len(tt.message) { t.Errorf("test %d: Write %d: %d, %s", i, len(tt.message), n, err) continue } sum := d.Sum(nil) if !bytes.Equal(sum, tt.tag) { x := d.(*cmac) t.Errorf("test %d: tag mismatch\n\twant %x\n\thave %x\n\tk1 %x\n\tk2 %x", i, tt.tag, sum, x.k1, x.k2) continue } } } func TestWrite(t *testing.T) { cmacAESTests := loadCMACAESExamples() tt := cmacAESTests[len(cmacAESTests)-1] c, err := aes.NewCipher(tt.key) if err != nil { t.Fatal(err) } d := New(c) // Test writing byte-by-byte for _, b := range tt.message { _, err := d.Write([]byte{b}) if err != nil { t.Fatal(err) } } sum := d.Sum(nil) if !bytes.Equal(sum, tt.tag) { x := d.(*cmac) t.Fatalf("write bytes: tag mismatch\n\twant %x\n\thave %x\n\tk1 %x\n\tk2 %x", tt.tag, sum, x.k1, x.k2) } // Test writing halves d.Reset() _, err = d.Write(tt.message[:len(tt.message)/2]) if err != nil { t.Fatal(err) } _, err = d.Write(tt.message[len(tt.message)/2:]) if err != nil { t.Fatal(err) } sum = d.Sum(nil) if !bytes.Equal(sum, tt.tag) { x := d.(*cmac) t.Fatalf("write halves: tag mismatch\n\twant %x\n\thave %x\n\tk1 %x\n\tk2 %x", tt.tag, sum, x.k1, x.k2) } // Test writing third, then the rest d.Reset() _, err = d.Write(tt.message[:len(tt.message)/3]) if err != nil { t.Fatal(err) } _, err = d.Write(tt.message[len(tt.message)/3:]) if err != nil { t.Fatal(err) } sum = d.Sum(nil) if !bytes.Equal(sum, tt.tag) { x := d.(*cmac) t.Fatalf("write third: tag mismatch\n\twant %x\n\thave %x\n\tk1 %x\n\tk2 %x", tt.tag, sum, x.k1, x.k2) } // Test continuing after Sum d.Reset() _, err = d.Write(tt.message[:len(tt.message)/2]) if err != nil { t.Fatal(err) } sum = d.Sum(nil) _, err = d.Write(tt.message[len(tt.message)/2:]) if err != nil { t.Fatal(err) } sum = d.Sum(nil) if !bytes.Equal(sum, tt.tag) { x := d.(*cmac) t.Fatalf("continue after Sum: tag mismatch\n\twant %x\n\thave %x\n\tk1 %x\n\tk2 %x", tt.tag, sum, x.k1, x.k2) } } func BenchmarkCMAC_AES128(b *testing.B) { cmacAESTests := loadCMACAESExamples() c, _ := aes.NewCipher(cmacAESTests[0].key) v := make([]byte, 1024) out := make([]byte, 16) b.SetBytes(int64(len(v))) for i := 0; i < b.N; i++ { d := New(c) _, err := d.Write(v) if err != nil { panic(err) } out = d.Sum(out[:0]) } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/go.mod000066400000000000000000000000621377166632500242300ustar00rootroot00000000000000module github.com/miscreant/miscreant.go go 1.12 golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/pmac/000077500000000000000000000000001377166632500240445ustar00rootroot00000000000000golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/pmac/pmac.go000066400000000000000000000111501377166632500253110ustar00rootroot00000000000000// PMAC message authentication code, defined in // http://web.cs.ucdavis.edu/~rogaway/ocb/pmac.pdf package pmac import ( "crypto/cipher" "crypto/subtle" "hash" "math/bits" "github.com/miscreant/miscreant.go/block" ) // Number of L blocks to precompute (i.e. µ in the PMAC paper) // TODO: dynamically compute these as needed const precomputedBlocks = 31 type pmac struct { // c is the block cipher we're using (i.e. AES-128 or AES-256) c cipher.Block // l is defined as follows (quoted from the PMAC paper): // // Equation 1: // // a · x = // a<<1 if firstbit(a)=0 // (a<<1) ⊕ 0¹²⁰10000111 if firstbit(a)=1 // // Equation 2: // // a · x⁻¹ = // a>>1 if lastbit(a)=0 // (a>>1) ⊕ 10¹²⁰1000011 if lastbit(a)=1 // // Let L(0) ← L. For i ∈ [1..µ], compute L(i) ← L(i − 1) · x by // Equation (1) using a shift and a conditional xor. // // Compute L(−1) ← L · x⁻¹ by Equation (2), using a shift and a // conditional xor. // // Save the values L(−1), L(0), L(1), L(2), ..., L(µ) in a table. // (Alternatively, [ed: as we have done in this codebase] defer computing // some or all of these L(i) values until the value is actually needed.) l [precomputedBlocks]block.Block // lInv contains the multiplicative inverse (i.e. right shift) of the first // l-value, computed as described above, and is XORed into the tag in the // event the message length is a multiple of the block size lInv block.Block // digest contains the PMAC tag-in-progress digest block.Block // offset is a block specific tweak to the input message offset block.Block // buf contains a part of the input message, processed a block-at-a-time buf block.Block // pos marks the end of plaintext in the buf pos uint // ctr is the number of blocks we have MAC'd so far ctr uint // finished is set true when we are done processing a message, and forbids // any subsequent writes until we reset the internal state finished bool } // New creates a new PMAC instance using the given cipher func New(c cipher.Block) hash.Hash { if c.BlockSize() != block.Size { panic("pmac: invalid cipher block size") } d := new(pmac) d.c = c var tmp block.Block tmp.Encrypt(c) for i := range d.l { copy(d.l[i][:], tmp[:]) tmp.Dbl() } // Compute L(−1) ← L · x⁻¹: // // a>>1 if lastbit(a)=0 // (a>>1) ⊕ 10¹²⁰1000011 if lastbit(a)=1 // copy(tmp[:], d.l[0][:]) lastBit := int(tmp[block.Size-1] & 0x01) for i := block.Size - 1; i > 0; i-- { carry := byte(subtle.ConstantTimeSelect(int(tmp[i-1]&1), 0x80, 0)) tmp[i] = (tmp[i] >> 1) | carry } tmp[0] >>= 1 tmp[0] ^= byte(subtle.ConstantTimeSelect(lastBit, 0x80, 0)) tmp[block.Size-1] ^= byte(subtle.ConstantTimeSelect(lastBit, block.R>>1, 0)) copy(d.lInv[:], tmp[:]) return d } // Reset clears the digest state, starting a new digest. func (d *pmac) Reset() { d.digest.Clear() d.offset.Clear() d.buf.Clear() d.pos = 0 d.ctr = 0 d.finished = false } // Write adds the given data to the digest state. func (d *pmac) Write(msg []byte) (int, error) { if d.finished { panic("pmac: already finished") } var msgPos, msgLen, remaining uint msgLen = uint(len(msg)) remaining = block.Size - d.pos // Finish filling the internal buf with the message if msgLen > remaining { copy(d.buf[d.pos:], msg[:remaining]) msgPos += remaining msgLen -= remaining d.processBuffer() } // So long as we have more than a blocks worth of data, compute // whole-sized blocks at a time. for msgLen > block.Size { copy(d.buf[:], msg[msgPos:msgPos+block.Size]) msgPos += block.Size msgLen -= block.Size d.processBuffer() } if msgLen > 0 { copy(d.buf[d.pos:d.pos+msgLen], msg[msgPos:]) d.pos += msgLen } return len(msg), nil } // Sum returns the PMAC digest, one cipher block in length, // of the data written with Write. func (d *pmac) Sum(in []byte) []byte { if d.finished { panic("pmac: already finished") } if d.pos == block.Size { xor(d.digest[:], d.buf[:]) xor(d.digest[:], d.lInv[:]) } else { xor(d.digest[:], d.buf[:d.pos]) d.digest[d.pos] ^= 0x80 } d.digest.Encrypt(d.c) d.finished = true return append(in, d.digest[:]...) } func (d *pmac) Size() int { return block.Size } func (d *pmac) BlockSize() int { return block.Size } // Update the internal tag state based on the buf contents func (d *pmac) processBuffer() { xor(d.offset[:], d.l[bits.TrailingZeros(d.ctr+1)][:]) xor(d.buf[:], d.offset[:]) d.ctr++ d.buf.Encrypt(d.c) xor(d.digest[:], d.buf[:]) d.pos = 0 } // XOR the contents of b into a in-place func xor(a, b []byte) { for i, v := range b { a[i] ^= v } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/pmac/pmac_aes_test.go000066400000000000000000000070651377166632500272120ustar00rootroot00000000000000// Copyright 2009 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package pmac import ( "bytes" "crypto/aes" "encoding/hex" "encoding/json" "io/ioutil" "testing" ) type pmacAESExample struct { key []byte message []byte tag []byte } // Load AES-PMAC test vectors from aes_pmac.tjson // TODO: switch to a native Go TJSON parser when available func loadPMACAESExamples() []pmacAESExample { var examplesJSON map[string]interface{} exampleData, err := ioutil.ReadFile("../vectors/aes_pmac.tjson") if err != nil { panic(err) } if err = json.Unmarshal(exampleData, &examplesJSON); err != nil { panic(err) } examplesArray := examplesJSON["examples:A"].([]interface{}) if examplesArray == nil { panic("no toplevel 'examples:A' key in aes_pmac.tjson") } result := make([]pmacAESExample, len(examplesArray)) for i, exampleJSON := range examplesArray { example := exampleJSON.(map[string]interface{}) keyHex := example["key:d16"].(string) key := make([]byte, hex.DecodedLen(len(keyHex))) if _, err := hex.Decode(key, []byte(keyHex)); err != nil { panic(err) } messageHex := example["message:d16"].(string) message := make([]byte, hex.DecodedLen(len(messageHex))) if _, err := hex.Decode(message, []byte(messageHex)); err != nil { panic(err) } tagHex := example["tag:d16"].(string) tag := make([]byte, hex.DecodedLen(len(tagHex))) if _, err := hex.Decode(tag, []byte(tagHex)); err != nil { panic(err) } result[i] = pmacAESExample{key, message, tag} } return result } func TestPMACAES(t *testing.T) { for i, tt := range loadPMACAESExamples() { c, err := aes.NewCipher(tt.key) if err != nil { t.Errorf("test %d: NewCipher: %s", i, err) continue } d := New(c) n, err := d.Write(tt.message) if err != nil || n != len(tt.message) { t.Errorf("test %d: Write %d: %d, %s", i, len(tt.message), n, err) continue } sum := d.Sum(nil) if !bytes.Equal(sum, tt.tag) { t.Errorf("test %d: tag mismatch\n\twant %x\n\thave %x", i, tt.tag, sum) continue } } } func TestWrite(t *testing.T) { pmacAESTests := loadPMACAESExamples() tt := pmacAESTests[len(pmacAESTests)-1] c, err := aes.NewCipher(tt.key) if err != nil { t.Fatal(err) } d := New(c) // Test writing byte-by-byte for _, b := range tt.message { _, err := d.Write([]byte{b}) if err != nil { t.Fatal(err) } } sum := d.Sum(nil) if !bytes.Equal(sum, tt.tag) { t.Fatalf("write bytes: tag mismatch\n\twant %x\n\thave %x", tt.tag, sum) } // Test writing halves d.Reset() _, err = d.Write(tt.message[:len(tt.message)/2]) if err != nil { t.Fatal(err) } _, err = d.Write(tt.message[len(tt.message)/2:]) if err != nil { t.Fatal(err) } sum = d.Sum(nil) if !bytes.Equal(sum, tt.tag) { t.Fatalf("write halves: tag mismatch\n\twant %x\n\thave %x", tt.tag, sum) } // Test writing third, then the rest d.Reset() _, err = d.Write(tt.message[:len(tt.message)/3]) if err != nil { t.Fatal(err) } _, err = d.Write(tt.message[len(tt.message)/3:]) if err != nil { t.Fatal(err) } sum = d.Sum(nil) if !bytes.Equal(sum, tt.tag) { t.Fatalf("write third: tag mismatch\n\twant %x\n\thave %x", tt.tag, sum) } } func BenchmarkPMAC_AES128(b *testing.B) { pmacAESTests := loadPMACAESExamples() c, _ := aes.NewCipher(pmacAESTests[0].key) v := make([]byte, 1024) out := make([]byte, 16) b.SetBytes(int64(len(v))) for i := 0; i < b.N; i++ { d := New(c) _, err := d.Write(v) if err != nil { panic(err) } out = d.Sum(out[:0]) } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/siv.go000066400000000000000000000140321377166632500242540ustar00rootroot00000000000000// Originally written in 2015 by Dmitry Chestnykh. // Modified in 2017 by Tony Arcieri. // // Miscreant implements Synthetic Initialization Vector (SIV)-based // authenticated encryption using the AES block cipher (RFC 5297). package miscreant import ( "crypto/aes" "crypto/cipher" "crypto/subtle" "errors" "github.com/miscreant/miscreant.go/block" "github.com/miscreant/miscreant.go/cmac" "github.com/miscreant/miscreant.go/pmac" "hash" ) // MaxAssociatedDataItems is the maximum number of associated data items const MaxAssociatedDataItems = 126 var ( // ErrKeySize indicates the given key size is not supported ErrKeySize = errors.New("siv: bad key size") // ErrNotAuthentic indicates a ciphertext is malformed or corrupt ErrNotAuthentic = errors.New("siv: authentication failed") // ErrTooManyAssociatedDataItems indicates more than MaxAssociatedDataItems were given ErrTooManyAssociatedDataItems = errors.New("siv: too many associated data items") ) // Cipher is an instance of AES-SIV, configured with either AES-CMAC or // AES-PMAC as a message authentication code. type Cipher struct { // MAC function used to derive a synthetic IV and authenticate the message h hash.Hash // Block cipher function used to encrypt the message b cipher.Block // Internal buffers tmp1, tmp2 block.Block } // NewAESCMACSIV returns a new AES-SIV cipher with the given key, which must be // twice as long as an AES key, either 32 or 64 bytes to select AES-128 // (AES-CMAC-SIV-256), or AES-256 (AES-CMAC-SIV-512). func NewAESCMACSIV(key []byte) (c *Cipher, err error) { n := len(key) if n != 32 && n != 64 { return nil, ErrKeySize } macBlock, err := aes.NewCipher(key[:n/2]) if err != nil { return nil, err } ctrBlock, err := aes.NewCipher(key[n/2:]) if err != nil { return nil, err } c = new(Cipher) c.h = cmac.New(macBlock) c.b = ctrBlock return c, nil } // NewAESPMACSIV returns a new AES-SIV cipher with the given key, which must be // twice as long as an AES key, either 32 or 64 bytes to select AES-128 // (AES-PMAC-SIV-256), or AES-256 (AES-PMAC-SIV-512). func NewAESPMACSIV(key []byte) (c *Cipher, err error) { n := len(key) if n != 32 && n != 64 { return nil, ErrKeySize } macBlock, err := aes.NewCipher(key[:n/2]) if err != nil { return nil, err } ctrBlock, err := aes.NewCipher(key[n/2:]) if err != nil { return nil, err } c = new(Cipher) c.h = pmac.New(macBlock) c.b = ctrBlock return c, nil } // Overhead returns the difference between plaintext and ciphertext lengths. func (c *Cipher) Overhead() int { return c.h.Size() } // Seal encrypts and authenticates plaintext, authenticates the given // associated data items, and appends the result to dst, returning the updated // slice. // // The plaintext and dst may alias exactly or not at all. // // For nonce-based encryption, the nonce should be the last associated data item. func (c *Cipher) Seal(dst []byte, plaintext []byte, data ...[]byte) ([]byte, error) { if len(data) > MaxAssociatedDataItems { return nil, ErrTooManyAssociatedDataItems } // Authenticate iv := c.s2v(data, plaintext) ret, out := sliceForAppend(dst, len(iv)+len(plaintext)) copy(out, iv) // Encrypt zeroIVBits(iv) ctr := cipher.NewCTR(c.b, iv) ctr.XORKeyStream(out[len(iv):], plaintext) return ret, nil } // Open decrypts ciphertext, authenticates the decrypted plaintext and the given // associated data items and, if successful, appends the resulting plaintext // to dst, returning the updated slice. The additional data items must match the // items passed to Seal. // // The ciphertext and dst may alias exactly or not at all. // // For nonce-based encryption, the nonce should be the last associated data item. func (c *Cipher) Open(dst []byte, ciphertext []byte, data ...[]byte) ([]byte, error) { if len(data) > MaxAssociatedDataItems { return nil, ErrTooManyAssociatedDataItems } if len(ciphertext) < c.Overhead() { return nil, ErrNotAuthentic } // Decrypt iv := c.tmp1[:c.Overhead()] copy(iv, ciphertext) zeroIVBits(iv) ctr := cipher.NewCTR(c.b, iv) ret, out := sliceForAppend(dst, len(ciphertext)-len(iv)) ctr.XORKeyStream(out, ciphertext[len(iv):]) // Authenticate expected := c.s2v(data, out) if subtle.ConstantTimeCompare(ciphertext[:len(iv)], expected) != 1 { return nil, ErrNotAuthentic } return ret, nil } func (c *Cipher) s2v(s [][]byte, sn []byte) []byte { h := c.h h.Reset() tmp, d := c.tmp1, c.tmp2 tmp.Clear() // NOTE(dchest): The standalone S2V returns CMAC(1) if the number of // passed vectors is zero, however in SIV construction this case is // never triggered, since we always pass plaintext as the last vector // (even if it's zero-length), so we omit this case. _, err := h.Write(tmp[:]) if err != nil { panic(err) } copy(d[:], h.Sum(d[:0])) h.Reset() for _, v := range s { _, err := h.Write(v) if err != nil { panic(err) } copy(tmp[:], h.Sum(tmp[:0])) h.Reset() d.Dbl() xor(d[:], tmp[:]) } tmp.Clear() if len(sn) >= h.BlockSize() { n := len(sn) - len(d) copy(tmp[:], sn[n:]) _, err = h.Write(sn[:n]) if err != nil { panic(err) } } else { copy(tmp[:], sn) tmp[len(sn)] = 0x80 d.Dbl() } xor(tmp[:], d[:]) _, err = h.Write(tmp[:]) if err != nil { panic(err) } return h.Sum(tmp[:0]) } func xor(a, b []byte) { for i, v := range b { a[i] ^= v } } func zeroIVBits(iv []byte) { // "We zero-out the top bit in each of the last two 32-bit words // of the IV before assigning it to Ctr" // — http://web.cs.ucdavis.edu/~rogaway/papers/siv.pdf iv[len(iv)-8] &= 0x7f iv[len(iv)-4] &= 0x7f } // sliceForAppend takes a slice and a requested number of bytes. It returns a // slice with the contents of the given slice followed by that many bytes and a // second slice that aliases into it and contains only the extra bytes. If the // original slice has sufficient capacity then no allocation is performed. func sliceForAppend(in []byte, n int) (head, tail []byte) { if total := len(in) + n; cap(in) >= total { head = in[:total] } else { head = make([]byte, total) copy(head, in) } tail = head[len(in):] return } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/siv_test.go000066400000000000000000000130711377166632500253150ustar00rootroot00000000000000// Written in 2015 by Dmitry Chestnykh. // // To the extent possible under law, the author have dedicated all copyright // and related and neighboring rights to this software to the public domain // worldwide. This software is distributed without any warranty. // http://creativecommons.org/publicdomain/zero/1.0/ package miscreant import ( "bytes" "encoding/hex" "encoding/json" "io/ioutil" "testing" ) type aesSIVExample struct { name string key []byte ad [][]byte plaintext []byte ciphertext []byte } // Load AES-SIV test vectors from aes_siv.tjson // TODO: switch to a native Go TJSON parser when available func loadAESSIVExamples(filename string) []aesSIVExample { var examplesJSON map[string]interface{} exampleData, err := ioutil.ReadFile("vectors/" + filename) if err != nil { panic(err) } if err = json.Unmarshal(exampleData, &examplesJSON); err != nil { panic(err) } examplesArray := examplesJSON["examples:A"].([]interface{}) if examplesArray == nil { panic("no toplevel 'examples:A' key in " + filename) } result := make([]aesSIVExample, len(examplesArray)) for i, exampleJSON := range examplesArray { example := exampleJSON.(map[string]interface{}) name := example["name:s"].(string) keyHex := example["key:d16"].(string) key := make([]byte, hex.DecodedLen(len(keyHex))) if _, err := hex.Decode(key, []byte(keyHex)); err != nil { panic(err) } adHeaders := example["ad:A"].([]interface{}) ad := make([][]byte, len(adHeaders)) for j, adHeader := range adHeaders { adHeaderHex := adHeader.(string) adDecoded := make([]byte, hex.DecodedLen(len(adHeaderHex))) if _, err := hex.Decode(adDecoded, []byte(adHeaderHex)); err != nil { panic(err) } ad[j] = adDecoded } plaintextHex := example["plaintext:d16"].(string) plaintext := make([]byte, hex.DecodedLen(len(plaintextHex))) if _, err := hex.Decode(plaintext, []byte(plaintextHex)); err != nil { panic(err) } ciphertextHex := example["ciphertext:d16"].(string) ciphertext := make([]byte, hex.DecodedLen(len(ciphertextHex))) if _, err := hex.Decode(ciphertext, []byte(ciphertextHex)); err != nil { panic(err) } result[i] = aesSIVExample{name, key, ad, plaintext, ciphertext} } return result } func TestAESCMACSIV(t *testing.T) { for i, v := range loadAESSIVExamples("aes_siv.tjson") { c, err := NewAESCMACSIV(v.key) if err != nil { t.Errorf("NewAESCMACSIV: %d: %s", i, err) } ct, err := c.Seal(nil, v.plaintext, v.ad...) if err != nil { t.Errorf("Seal: %d: %s", i, err) } if !bytes.Equal(v.ciphertext, ct) { t.Errorf("Seal: %d: expected: %x\ngot: %x", i, v.ciphertext, ct) } pt, err := c.Open(nil, ct, v.ad...) if err != nil { t.Errorf("Open: %d: %s", i, err) } if !bytes.Equal(v.plaintext, pt) { t.Errorf("Open: %d: expected: %x\ngot: %x", i, v.plaintext, pt) } } } func TestAESPMACSIV(t *testing.T) { for i, v := range loadAESSIVExamples("aes_pmac_siv.tjson") { c, err := NewAESPMACSIV(v.key) if err != nil { t.Errorf("NewAESPMACSIV: %d: %s", i, err) } ct, err := c.Seal(nil, v.plaintext, v.ad...) if err != nil { t.Errorf("Seal: %d: %s", i, err) } if !bytes.Equal(v.ciphertext, ct) { t.Errorf("Seal: %d: expected: %x\ngot: %x", i, v.ciphertext, ct) } pt, err := c.Open(nil, ct, v.ad...) if err != nil { t.Errorf("Open: %d: %s", i, err) } if !bytes.Equal(v.plaintext, pt) { t.Errorf("Open: %d: expected: %x\ngot: %x", i, v.plaintext, pt) } } } func TestAESCMACSIVAppend(t *testing.T) { v := loadAESSIVExamples("aes_siv.tjson")[0] c, err := NewAESCMACSIV(v.key) if err != nil { t.Fatalf("NewAESCMACSIV: %s", err) } out := []byte{1, 2, 3, 4} x, err := c.Seal(out, v.plaintext, v.ad...) if err != nil { t.Fatalf("Seal: %s", err) } if !bytes.Equal(x[:4], out[:4]) { t.Fatalf("Seal: didn't correctly append") } out = make([]byte, 4, 100) x, err = c.Seal(out, v.plaintext, v.ad...) if err != nil { t.Fatalf("Seal: %s", err) } if !bytes.Equal(x[:4], out[:4]) { t.Fatalf("Seal: didn't correctly append with sufficient capacity") } out = make([]byte, 4) x, err = c.Open(out, v.ciphertext, v.ad...) if err != nil { t.Fatalf("Open: %s", err) } if !bytes.Equal(x[:4], out[:4]) { t.Fatalf("Open: didn't correctly append") } out = make([]byte, 4, 100) x, err = c.Open(out, v.ciphertext, v.ad...) if err != nil { t.Fatalf("Open: %s", err) } if !bytes.Equal(x[:4], out[:4]) { t.Fatalf("Open: didn't correctly append with sufficient capacity") } } func BenchmarkSIVAES128_Seal_1K(b *testing.B) { a := make([]byte, 64) m := make([]byte, 1024) c, _ := NewAESCMACSIV(make([]byte, 32)) out := make([]byte, 0, len(m)+c.Overhead()) b.SetBytes(int64(len(m))) for i := 0; i < b.N; i++ { _, _ = c.Seal(out, m, a) } } func BenchmarkSIVAES128_Seal_8K(b *testing.B) { a := make([]byte, 64) m := make([]byte, 8192) c, _ := NewAESCMACSIV(make([]byte, 32)) b.SetBytes(int64(len(m))) out := make([]byte, 0, len(m)+c.Overhead()) for i := 0; i < b.N; i++ { _, _ = c.Seal(out, m, a) } } func BenchmarkSIVAES128_Open_1K(b *testing.B) { a := make([]byte, 64) m := make([]byte, 1024) c, _ := NewAESCMACSIV(make([]byte, 32)) x, _ := c.Seal(nil, m, a) out := make([]byte, 0, len(m)) b.SetBytes(int64(len(m))) for i := 0; i < b.N; i++ { _, _ = c.Open(out, x, a) } } func BenchmarkSIVAES128_Open_8K(b *testing.B) { a := make([]byte, 64) m := make([]byte, 8192) c, _ := NewAESCMACSIV(make([]byte, 32)) x, _ := c.Seal(nil, m, a) out := make([]byte, 0, len(m)) b.SetBytes(int64(len(m))) for i := 0; i < b.N; i++ { _, _ = c.Open(out, x, a) } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/stream.go000066400000000000000000000133401377166632500247470ustar00rootroot00000000000000package miscreant import ( "crypto/cipher" "encoding/binary" ) // streamNoncePrefixSize is the user-supplied nonce size const streamNoncePrefixSize = 8 // streamExtendedNonceSize is the nonce prefix + 32-bit counter + 1-byte last block flag const streamExtendedNonceSize = streamNoncePrefixSize + 4 + 1 // lastBlockFlag indicates that a block is the last in the STREAM const lastBlockFlag byte = 1 // counterMax is the maximum allowable value for the stream counter const counterMax uint64 = 0xFFFFFFFF // StreamEncryptor encrypts message streams, selecting the nonces using a // 32-bit counter, generalized for any cipher.AEAD algorithm // // This construction corresponds to the ℰ stream encryptor object as defined in // the paper Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance type StreamEncryptor struct { // cipher.AEAD instance underlying this STREAM a cipher.AEAD // Nonce encoder instance which computes per-message nonces n *nonceEncoder32 } // NewStreamEncryptor returns a STREAM encryptor instance with the given // cipher, nonce, and a key which must be twice as long as an AES key, either // 32 or 64 bytes to select AES-128 (AES-SIV-256) or AES-256 (AES-SIV-512). func NewStreamEncryptor(alg string, key, nonce []byte) (*StreamEncryptor, error) { aead, err := NewAEAD(alg, key, streamExtendedNonceSize) if err != nil { return nil, err } nonceEncoder, err := newNonceEncoder32(nonce) if err != nil { return nil, err } return &StreamEncryptor{a: aead, n: nonceEncoder}, nil } // NonceSize returns the size of the nonce that must be passed to // NewStreamEncryptor func (e *StreamEncryptor) NonceSize() int { return streamNoncePrefixSize } // Overhead returns the maximum difference between the lengths of a // plaintext and its ciphertext, which in the case of AES-SIV modes // is the size of the initialization vector func (e *StreamEncryptor) Overhead() int { return e.a.Overhead() } // Seal the next message in the STREAM, which encrypts and authenticates // plaintext, authenticates the additional data and appends the result to dst, // returning the updated slice. // // The plaintext and dst may alias exactly or not at all. To reuse // plaintext's storage for the encrypted output, use plaintext[:0] as dst. // // The lastBlock argument should be set to true if this is the last message // in the STREAM. No further messages can be encrypted after the last one func (e *StreamEncryptor) Seal(dst, plaintext, aData []byte, lastBlock bool) []byte { return e.a.Seal(dst, e.n.Next(lastBlock), plaintext, aData) } // StreamDecryptor decrypts message streams, selecting the nonces using a // 32-bit counter, generalized for any cipher.AEAD algorithm // // This construction corresponds to the ℰ stream encryptor object as defined in // the paper Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance type StreamDecryptor struct { // cipher.AEAD instance underlying this STREAM a cipher.AEAD // Nonce encoder instance which computes per-message nonces n *nonceEncoder32 } // NewStreamDecryptor returns a STREAM encryptor instance with the given // cipher, nonce, and a key which must be twice as long as an AES key, either // 32 or 64 bytes to select AES-128 (AES-SIV-256) or AES-256 (AES-SIV-512). func NewStreamDecryptor(alg string, key, nonce []byte) (*StreamDecryptor, error) { aead, err := NewAEAD(alg, key, streamExtendedNonceSize) if err != nil { return nil, err } nonceEncoder, err := newNonceEncoder32(nonce) if err != nil { return nil, err } return &StreamDecryptor{a: aead, n: nonceEncoder}, nil } // NonceSize returns the size of the nonce that must be passed to // NewStreamDecryptor func (d *StreamDecryptor) NonceSize() int { return streamNoncePrefixSize } // Overhead returns the maximum difference between the lengths of a // plaintext and its ciphertext, which in the case of AES-SIV modes // is the size of the initialization vector func (d *StreamDecryptor) Overhead() int { return d.a.Overhead() } // Open decrypts and authenticates the next ciphertext in the STREAM, // and also authenticates the additional data, ensuring it matches // the value passed to Seal. // // If successful, it appends the resulting plaintext to dst and returns // the updated slice. // // The ciphertext and dst may alias exactly or not at all. To reuse // ciphertext's storage for the decrypted output, use ciphertext[:0] as dst. // // Even if the function fails, the contents of dst, up to its capacity, // may be overwritten. func (d *StreamDecryptor) Open(dst, ciphertext, aData []byte, lastBlock bool) ([]byte, error) { return d.a.Open(dst, d.n.Next(lastBlock), ciphertext, aData) } // Computes STREAM nonces based on the current position in the STREAM. // // Accepts a 64-bit nonce and uses a 32-bit counter internally. // // Panics if the nonce size is incorrect, or the 32-bit counter overflows type nonceEncoder32 struct { value [streamExtendedNonceSize]byte counter uint64 finished bool } func newNonceEncoder32(noncePrefix []byte) (*nonceEncoder32, error) { if len(noncePrefix) != streamNoncePrefixSize { panic("miscreant.STREAM: incorrect nonce length") } value := [streamExtendedNonceSize]byte{0} copy(value[:streamNoncePrefixSize], noncePrefix) return &nonceEncoder32{ value: value, counter: 0, finished: false, }, nil } func (n *nonceEncoder32) Next(lastBlock bool) []byte { if n.finished { panic("miscreant.STREAM: already finished") } counterSlice := n.value[streamNoncePrefixSize : streamNoncePrefixSize+4] binary.BigEndian.PutUint32(counterSlice, uint32(n.counter)) if lastBlock { n.value[len(n.value)-1] = lastBlockFlag n.finished = true } else { n.counter++ if n.counter > counterMax { panic("miscreant.STREAM: nonce counter overflowed") } } return n.value[:] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/stream_test.go000066400000000000000000000063651377166632500260170ustar00rootroot00000000000000package miscreant import ( "bytes" "encoding/hex" "encoding/json" "io/ioutil" "testing" ) type streamExample struct { name string alg string key []byte nonce []byte blocks []streamBlockExample } type streamBlockExample struct { ad []byte plaintext []byte ciphertext []byte } // Load STREAM test vectors from aes_siv_stream.tjson // TODO: switch to a native Go TJSON parser when available func loadSTREAMExamples() []streamExample { var examplesJSON map[string]interface{} exampleData, err := ioutil.ReadFile("vectors/aes_siv_stream.tjson") if err != nil { panic(err) } if err = json.Unmarshal(exampleData, &examplesJSON); err != nil { panic(err) } examplesArray := examplesJSON["examples:A"].([]interface{}) if examplesArray == nil { panic("no toplevel 'examples:A' key in aes_siv_stream.tjson") } result := make([]streamExample, len(examplesArray)) for i, exampleJSON := range examplesArray { example := exampleJSON.(map[string]interface{}) name := example["name:s"].(string) alg := example["alg:s"].(string) keyHex := example["key:d16"].(string) key := make([]byte, hex.DecodedLen(len(keyHex))) if _, err := hex.Decode(key, []byte(keyHex)); err != nil { panic(err) } nonceHex := example["nonce:d16"].(string) nonce := make([]byte, hex.DecodedLen(len(nonceHex))) if _, err := hex.Decode(nonce, []byte(nonceHex)); err != nil { panic(err) } blockValues := example["blocks:A"].([]interface{}) blocks := make([]streamBlockExample, len(blockValues)) for j, blockJSON := range blockValues { block := blockJSON.(map[string]interface{}) adHex := block["ad:d16"].(string) ad := make([]byte, hex.DecodedLen(len(adHex))) if _, err := hex.Decode(ad, []byte(adHex)); err != nil { panic(err) } plaintextHex := block["plaintext:d16"].(string) plaintext := make([]byte, hex.DecodedLen(len(plaintextHex))) if _, err := hex.Decode(plaintext, []byte(plaintextHex)); err != nil { panic(err) } ciphertextHex := block["ciphertext:d16"].(string) ciphertext := make([]byte, hex.DecodedLen(len(ciphertextHex))) if _, err := hex.Decode(ciphertext, []byte(ciphertextHex)); err != nil { panic(err) } blocks[j] = streamBlockExample{ad, plaintext, ciphertext} } result[i] = streamExample{name, alg, key, nonce, blocks} } return result } func TestStreamEncryptor(t *testing.T) { vectors := loadSTREAMExamples() for _, v := range vectors { enc, err := NewStreamEncryptor(v.alg, v.key, v.nonce) if err != nil { t.Fatal(err) } for i, b := range v.blocks { lastBlock := i+1 == len(v.blocks) ct := enc.Seal(nil, b.plaintext, b.ad, lastBlock) if !bytes.Equal(b.ciphertext, ct) { t.Errorf("Seal: expected: %x\ngot: %x", b.ciphertext, ct) } } } } func TestStreamDecryptor(t *testing.T) { vectors := loadSTREAMExamples() for _, v := range vectors { dec, err := NewStreamDecryptor(v.alg, v.key, v.nonce) if err != nil { t.Fatal(err) } for i, b := range v.blocks { lastBlock := i+1 == len(v.blocks) pt, err := dec.Open(nil, b.ciphertext, b.ad, lastBlock) if err != nil { t.Errorf("Open: %s", err) } if !bytes.Equal(b.plaintext, pt) { t.Errorf("Open: expected: %x\ngot: %x", b.plaintext, pt) } } } } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/000077500000000000000000000000001377166632500246115ustar00rootroot00000000000000golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes.tjson000066400000000000000000000012161377166632500264400ustar00rootroot00000000000000{ "examples:A":[ { "key:d16": "2b7e151628aed2a6abf7158809cf4f3c", "src:d16": "3243f6a8885a308d313198a2e0370734", "dst:d16": "3925841d02dc09fbdc118597196a0b32" }, { "key:d16": "000102030405060708090a0b0c0d0e0f", "src:d16": "00112233445566778899aabbccddeeff", "dst:d16": "69c4e0d86a7b0430d8cdb78070b4c55a" }, { "key:d16": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "src:d16": "00112233445566778899aabbccddeeff", "dst:d16": "8ea2b7ca516745bfeafc49904b496089" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_cmac.tjson000066400000000000000000000036571377166632500274360ustar00rootroot00000000000000{ "examples:A":[ { "key:d16":"2b7e151628aed2a6abf7158809cf4f3c", "message:d16":"", "tag:d16":"bb1d6929e95937287fa37d129b756746" }, { "key:d16":"2b7e151628aed2a6abf7158809cf4f3c", "message:d16":"6bc1bee22e409f96e93d7e117393172a", "tag:d16":"070a16b46b4d4144f79bdd9dd04a287c" }, { "key:d16":"2b7e151628aed2a6abf7158809cf4f3c", "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411", "tag:d16":"dfa66747de9ae63030ca32611497c827" }, { "key:d16":"2b7e151628aed2a6abf7158809cf4f3c", "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", "tag:d16":"51f0bebf7e3b9d92fc49741779363cfe" }, { "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "message:d16":"", "tag:d16":"028962f61b7bf89efc6b551f4667d983" }, { "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "message:d16":"6bc1bee22e409f96e93d7e117393172a", "tag:d16":"28a7023f452e8f82bd4bf28d8c37c35c" }, { "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411", "tag:d16":"aaf3d8f1de5640c232f5b169b9c911e6" }, { "key:d16":"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", "message:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", "tag:d16":"e1992190549f6ed5696a2c056c315410" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_ctr.tjson000066400000000000000000000013331377166632500273100ustar00rootroot00000000000000{ "examples:A":[ { "key:d16":"2b7e151628aed2a6abf7158809cf4f3c", "iv:d16":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "plaintext:d16":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51", "ciphertext:d16":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff" }, { "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "iv:d16":"202122232425262728292a2b2c2d2e2f", "plaintext:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122", "ciphertext:d16":"61a7916d4a8a161b14c8f398b94faedba3a3e29ad93f55451ed31fe92d3abf841c7c81" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_pmac.tjson000066400000000000000000000157211377166632500274460ustar00rootroot00000000000000{ "examples:A":[ { "name:s":"PMAC-AES-128-0B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"", "tag:d16":"4399572cd6ea5341b8d35876a7098af7" }, { "name:s":"PMAC-AES-128-3B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"000102", "tag:d16":"256ba5193c1b991b4df0c51f388a9e27" }, { "name:s":"PMAC-AES-128-16B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"000102030405060708090a0b0c0d0e0f", "tag:d16":"ebbd822fa458daf6dfdad7c27da76338" }, { "name:s":"PMAC-AES-128-20B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"000102030405060708090a0b0c0d0e0f10111213", "tag:d16":"0412ca150bbf79058d8c75a58c993f55" }, { "name:s":"PMAC-AES-128-32B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "tag:d16":"e97ac04e9e5e3399ce5355cd7407bc75" }, { "name:s":"PMAC-AES-128-34B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021", "tag:d16":"5cba7d5eb24f7c86ccc54604e53d5512" }, { "name:s":"PMAC-AES-128-1000B", "key:d16":"000102030405060708090a0b0c0d0e0f", "message:d16":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "tag:d16":"c2c9fa1d9985f6f0d2aff915a0e8d910" }, { "name:s":"PMAC-AES-256-0B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"", "tag:d16":"e620f52fe75bbe87ab758c0624943d8b" }, { "name:s":"PMAC-AES-256-3B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"000102", "tag:d16":"ffe124cc152cfb2bf1ef5409333c1c9a" }, { "name:s":"PMAC-AES-256-16B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"000102030405060708090a0b0c0d0e0f", "tag:d16":"853fdbf3f91dcd36380d698a64770bab" }, { "name:s":"PMAC-AES-256-20B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"000102030405060708090a0b0c0d0e0f10111213", "tag:d16":"7711395fbe9dec19861aeb96e052cd1b" }, { "name:s":"PMAC-AES-256-32B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "tag:d16":"08fa25c28678c84d383130653e77f4c0" }, { "name:s":"PMAC-AES-256-34B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021", "tag:d16":"edd8a05f4b66761f9eee4feb4ed0c3a1" }, { "name:s":"PMAC-AES-256-1000B", "key:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "message:d16":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "tag:d16":"69aa77f231eb0cdff960f5561d29a96e" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_pmac_siv.tjson000066400000000000000000000102701377166632500303210ustar00rootroot00000000000000{ "examples:A":[ { "name:s":"AES-PMAC-SIV-128-TV1: Deterministic Authenticated Encryption Example", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:A":[ "101112131415161718191a1b1c1d1e1f2021222324252627" ], "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"8c4b814216140fc9b34a41716aa61633ea66abe16b2f6e4bceeda6e9077f" }, { "name:s":"AES-PMAC-SIV-128-TV2: Nonce-Based Authenticated Encryption Example", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "ad:A":[ "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "102030405060708090a0", "09f911029d74e35bd84156c5635688c0" ], "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"acb9cbc95dbed8e766d25ad59deb65bcda7aff9214153273f88e89ebe580c77defc15d28448f420e0a17d42722e6d42776849aa3bec375c5a05e54f519e9fd" }, { "name:s":"AES-PMAC-SIV-128-TV3: Empty Authenticated Data And Plaintext Example", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:A":[], "plaintext:d16":"", "ciphertext:d16":"19f25e5ea8a96ef27067d4626fdd3677" }, { "name:s":"AES-PMAC-SIV-128-TV4: Nonce-Based Authenticated Encryption With Large Message Example", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:A":[ "101112131415161718191a1b1c1d1e1f2021222324252627" ], "plaintext:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f70", "ciphertext:d16":"34cbb315120924e6ad05240a1582018b3dc965941308e0535680344cf9cf40cb5aa00b449548f9a4d9718fd22057d19f5ea89450d2d3bf905e858aaec4fc594aa27948ea205ca90102fc463f5c1cbbfb171d296d727ec77f892fb192a4eb9897b7d48d50e474a1238f02a82b122a7b16aa5cc1c04b10b839e478662ff1cec7cabc" }, { "name:s":"AES-PMAC-SIV-256-TV1: 256-bit key with one associated data field", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "ad:A":[ "101112131415161718191a1b1c1d1e1f2021222324252627" ], "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"77097bb3e160988e8b262c1942f983885f826d0d7e047e975e2fc4ea6776" }, { "name:s":"AES-PMAC-SIV-256-TV2: 256-bit key with three associated data fields", "key:d16":"7f7e7d7c7b7a797877767574737271706f6e6d6c6b6a69686766656463626160404142434445464748494a4b4c4d4e4f505152535455565758595a5b5b5d5e5f", "ad:A":[ "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "102030405060708090a0", "09f911029d74e35bd84156c5635688c0" ], "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"cd07d56dca0fe1569b8ecb3cf2346604290726e12529fc5948546b6be39fed9cd8652256c594c8f56208c7496789de8dfb4f161627c91482f9ecf809652a9e" }, { "name:s":"AES-PMAC-SIV-256-TV3: Nonce-Based Authenticated Encryption With Large Message Example", "key:d16":"7f7e7d7c7b7a797877767574737271706f6e6d6c6b6a69686766656463626160404142434445464748494a4b4c4d4e4f505152535455565758595a5b5b5d5e5f", "ad:A":[ "101112131415161718191a1b1c1d1e1f2021222324252627" ], "plaintext:d16":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f70", "ciphertext:d16":"045ba64522c5c980835674d1c5a9264eca3e9f7aceafe9b5485b33f7d2c9114fe5c4b24f9c814d88e78b6150028d630289d023015b8569af338de0af8534827732b365ace1ac99d278431b22eafe31b94297b1c6a2de41383ed8b39f17e748aea128a8bd7d0ee80ec899f1b940c9c0463f22fc2b5a145cb6e90a32801dd1950f92" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_siv.tjson000066400000000000000000000060541377166632500273260ustar00rootroot00000000000000{ "examples:A":[ { "name:s":"Deterministic Authenticated Encryption Example", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:A":[ "101112131415161718191a1b1c1d1e1f2021222324252627" ], "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"85632d07c6e8f37f950acd320a2ecc9340c02b9690c4dc04daef7f6afe5c" }, { "name:s":"Nonce-Based Authenticated Encryption Example", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "ad:A":[ "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "102030405060708090a0", "09f911029d74e35bd84156c5635688c0" ], "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"7bdb6e3b432667eb06f4d14bff2fbd0fcb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d" }, { "name:s":"Empty Authenticated Data And Plaintext Example", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:A":[], "plaintext:d16":"", "ciphertext:d16":"f2007a5beb2b8900c588a7adf599f172" }, { "name:s":"NIST SIV test vectors (256-bit subkeys #1)", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "ad:A":[ "101112131415161718191a1b1c1d1e1f2021222324252627" ], "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"f125274c598065cfc26b0e71575029088b035217e380cac8919ee800c126" }, { "name:s":"NIST SIV test vectors (256-bit subkeys #2)", "key:d16":"7f7e7d7c7b7a797877767574737271706f6e6d6c6b6a69686766656463626160404142434445464748494a4b4c4d4e4f505152535455565758595a5b5b5d5e5f", "ad:A":[ "00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "102030405060708090a0", "09f911029d74e35bd84156c5635688c0" ], "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"85b8167310038db7dc4692c0281ca35868181b2762f3c24f2efa5fb80cb143516ce6c434b898a6fd8eb98a418842f51f66fc67de43ac185a66dd72475bbb08" }, { "name:s":"Empty Authenticated Data And Block-Size Plaintext Example", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:A":[], "plaintext:d16":"00112233445566778899aabbccddeeff", "ciphertext:d16":"f304f912863e303d5b540e5057c7010c942ffaf45b0e5ca5fb9a56a5263bb065" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_siv_aead.tjson000066400000000000000000000065611377166632500303030ustar00rootroot00000000000000{ "examples:A":[ { "name:s":"AES-SIV Nonce-based Authenticated Encryption Example #1", "alg:s":"AES-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:d16":"", "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"4b3d0f15ae9ffa9e65b949421582ef70e410910d6446c7759ebff9b5385a" }, { "name:s":"AES-SIV Nonce-based Authenticated Encryption Example #2", "alg:s":"AES-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "ad:d16":"", "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"e618d2d6a86b50a8d7df82ab34aa950ab319d7fc15f7cd1ea99b1a033f20" }, { "name:s":"AES-SIV Authenticted Encryption with Associated Data Example", "alg:s":"AES-SIV", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "nonce:d16":"09f911029d74e35bd84156c5635688c0", "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"85825e22e90cf2ddda2c548dc7c1b6310dcdaca0cebf9dc6cb90583f5bf1506e02cd48832b00e4e598b2b22a53e6199d4df0c1666a35a0433b250dc134d776" }, { "name:s":"AES-PMAC-SIV Nonce-based Authenticated Encryption Example #1", "alg:s":"AES-PMAC-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "ad:d16":"", "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"3e6acab1cc2f4a847f8fa605e7e1ce55d9200b444571f8b8956eb3df5498" }, { "name:s":"AES-PMAC-SIV Nonce-based Authenticated Encryption Example #2", "alg:s":"AES-PMAC-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "ad:d16":"", "nonce:d16":"101112131415161718191a1b1c1d1e1f2021222324252627", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"0623a7275afd5082035e43b0dcafe3a891c2b8eed2b1a07f0dd25180e072" }, { "name:s":"AES-PMAC-SIV Authenticted Encryption with Associated Data Example", "alg:s":"AES-PMAC-SIV", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "nonce:d16":"09f911029d74e35bd84156c5635688c0", "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"1463d1119b2a2797241bb1674633dff13b9de11e5e2f526048b36c40c7722667b2957018023bf0e52792b703a01e88aacd49898cecfce943d7f61a2337a097" } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/aes_siv_stream.tjson000066400000000000000000000204051377166632500306750ustar00rootroot00000000000000{ "examples:A":[ { "name:s":"AES-SIV STREAM 1-Block Example (256-bit key)", "alg:s":"AES-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "nonce:d16":"1011121314151617", "blocks:A":[ { "ad:d16":"", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"9df7f25c0f05311f598ab04930f3f07ee7209a2c7aeb4a0f9d191bd05854" } ] }, { "name:s":"AES-SIV STREAM 2-Block Example (512-bit key)", "alg:s":"AES-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "nonce:d16":"1011121314151617", "blocks:A":[ { "ad:d16":"", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"7690761b80e4984fc61f4edc7a57e81b50d976f58c5539c82a4277388a28" }, { "ad:d16":"", "plaintext:d16":"ff00", "ciphertext:d16":"a7d44953340d00344dcf8de3422eb0ad471d" } ] }, { "name:s":"AES-SIV STREAM 3-Block Example (512-bit key)", "alg:s":"AES-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "nonce:d16":"1011121314151617", "blocks:A":[ { "ad:d16":"", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"7690761b80e4984fc61f4edc7a57e81b50d976f58c5539c82a4277388a28" }, { "ad:d16":"", "plaintext:d16":"ff00112233445566778899aa", "ciphertext:d16":"09b7e610d0b92c37a6a0fac3dde23a773202798ffa82b2c8c1fa8065" }, { "ad:d16":"", "plaintext:d16":"bbccddeeff00", "ciphertext:d16":"d8b11e877fa11cd67315f26cc9ddebd7aa2fefc1a88d" } ] }, { "name:s":"AES-SIV STREAM 1-Block Example with Associated Data (256-bit key)", "alg:s":"AES-SIV", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "nonce:d16":"09f911029d74e35b", "blocks:A":[ { "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"4f31ed187786dfd0586bdce37c739eb054e7f84d901244cacea78a99afcec603bfc2e39f3cf0f66c50e7bec15b232b45ab5f81356a5ef309e3afe5abfaa6b4" } ] }, { "name:s":"AES-SIV STREAM 2-Block Example with Associated Data (256-bit key)", "alg:s":"AES-SIV", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "nonce:d16":"09f911029d74e35b", "blocks:A":[ { "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"87ea507ce654490d4db475b06de29ccf8f618a8cfa81af97cfe3a05e69b70373493cae08d9236d358dad18db097a610208712253140730fa3d6e538d00c9f7" }, { "ad:d16":"112233445566778899aabbccddeeff", "plaintext:d16":"d6520706c61696e7465787420746f20656e6372797", "ciphertext:d16":"acc5b50be1d9e231c2989b5d9e1dbc7d03a66d3c826d4a29c7b097463fa26706306381f937" } ] }, { "name:s":"AES-PMAC-SIV STREAM 1-Block Example (256-bit key)", "alg:s":"AES-PMAC-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "nonce:d16":"1011121314151617", "blocks:A":[ { "ad:d16":"", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"5cf16b750b037f484ec59355a9e769d9be6cfb06ed6aa9a02ff689e8f808" } ] }, { "name:s":"AES-PMAC-SIV STREAM 2-Block Example (512-bit key)", "alg:s":"AES-PMAC-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "nonce:d16":"1011121314151617", "blocks:A":[ { "ad:d16":"", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"b6201f96017e8d3653bf1c7c01a1478b377bba019f7389dfcd59c506fb04" }, { "ad:d16":"", "plaintext:d16":"ff00", "ciphertext:d16":"c8df1c36aeddc26bba9f7e83f8708aa8bf6c" } ] }, { "name:s":"AES-PMAC-SIV STREAM 3-Block Example (512-bit key)", "alg:s":"AES-PMAC-SIV", "key:d16":"fffefdfcfbfaf9f8f7f6f5f4f3f2f1f06f6e6d6c6b6a69686766656463626160f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f", "nonce:d16":"1011121314151617", "blocks:A":[ { "ad:d16":"", "plaintext:d16":"112233445566778899aabbccddee", "ciphertext:d16":"b6201f96017e8d3653bf1c7c01a1478b377bba019f7389dfcd59c506fb04" }, { "ad:d16":"", "plaintext:d16":"ff00112233445566778899aa", "ciphertext:d16":"819f2a2ba293ec5622a0938c3c0b913b0cf874247aa1c101882c3ecd" }, { "ad:d16":"", "plaintext:d16":"bbccddeeff00", "ciphertext:d16":"e797619830ddf7e42de8d2a8346d06523e8182b2dc92" } ] }, { "name:s":"AES-PMAC-SIV STREAM 1-Block Example with Associated Data (256-bit key)", "alg:s":"AES-PMAC-SIV", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "nonce:d16":"09f911029d74e35b", "blocks:A":[ { "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"e887f8f1c833b167cf8184428ba92ae68c42279bb9d9b83edf8f052c23c22725596db469df0f49f4c5919655f2cbeefa7559c9f0246285e6c6c0c37f74788f" } ] }, { "name:s":"AES-PMAC-SIV STREAM 2-Block Example with Associated Data (256-bit key)", "alg:s":"AES-PMAC-SIV", "key:d16":"7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f", "nonce:d16":"09f911029d74e35b", "blocks:A":[ { "ad:d16":"00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100", "plaintext:d16":"7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553", "ciphertext:d16":"f10245a692a22fa66bbaded9bd8dd691818c140d3215da02fb419832d40bb7e5bb97bb981a7bf1c53227051446f0054b4492c5fc0e013a3cbbc6ad3c38027c" }, { "ad:d16":"112233445566778899aabbccddeeff", "plaintext:d16":"d6520706c61696e7465787420746f20656e6372797", "ciphertext:d16":"ebb847fa2b5ffcae9ae906b9562d838ce9b171130075f0ff372f84c25017177617c1828595" } ] } ] } golang-github-miscreant-miscreant.go-0.0~git20200214.26d3763/vectors/dbl.tjson000066400000000000000000000015521377166632500264340ustar00rootroot00000000000000{ "examples:A":[ { "input:d16":"00000000000000000000000000000000", "output:d16":"00000000000000000000000000000000" }, { "input:d16":"00000000000000000000000000000001", "output:d16":"00000000000000000000000000000002" }, { "input:d16":"ffffffffffffffffffffffffffffffff", "output:d16":"ffffffffffffffffffffffffffffff79" }, { "input:d16":"52a2d82a687330bd45d4edb9f3b06527", "output:d16":"a545b054d0e6617a8ba9db73e760ca4e" }, { "input:d16":"6e56610687fe93be1ef69690067b4b7b", "output:d16":"dcacc20d0ffd277c3ded2d200cf696f6" }, { "input:d16":"d2535bfca5898b81124613fdf94e3d7b", "output:d16":"a4a6b7f94b131702248c27fbf29c7a71" }, { "input:d16":"e84b7dda057e100628860a3cdac155c0", "output:d16":"d096fbb40afc200c510c1479b582ab07" } ] }